Back in 2018, we made waves with a groundbreaking DDoS Mitigation SLA (service level agreement) for our DDoS Protection service that guaranteed to mitigate DDoS attacks in under 10 seconds. Now, we’ve upped the ante to ensure DDoS attack mitigation with a new, industry-best three seconds-or-less guarantee.

The Importance of Time to Mitigation (TTM)

This commitment sets a new standard for time to mitigation (TTM), which is a critical aspect of any DDoS mitigation service. TTM starts when the first DDoS attack packet hits your system, and goes until when your DDoS mitigation service begins scrubbing incoming traffic.

TTM varies widely among service providers. So it’s important to understand what kind of protection you can expect, especially when business operations rely heavily on uptime. This is particularly relevant for financial services and e-commerce enterprises. 

Drilling Down into Your Service Provider’s SLA

As much as TTM varies, so does the type of attack vectors that service providers protect against in their stated TTM. It’s easy to boast a fast SLA when it only protects against attacks with known traffic profiles. If your DDoS provider has a zero-second SLA, but it only provides automatic protection against simple attack vectors, that doesn’t do you much good.  

That’s why you need application security which relies on more than historic signature stores and is effective against zero-day exploits. In that regard, Imperva uses step-by-step escalation methods of control, including anomaly detection, visitor whitelisting, a rule engine which compares signatures and examines various attributes, and rate limiting which provides control by limiting requests per session or per minute. 

The Economy of Downtime

Even seconds of downtime have a huge impact, and extended time to mitigation can end up costing your business tens of thousands of dollars in lost sales and reputation damage — perhaps even hundreds of thousands of dollars if it takes hours to recover from an attack.

Sometimes an attack is short-lived, and the “duration of impact” lasts only until mitigation starts. Most of the time, the impact of an attack is felt far longer. It’s also important to note that it takes many DDoS protection services time to first identify an attack before they can even start mitigating. 

Our 3-second time to mitigation guarantee is end-to-end, from the start of the attack to full mitigation. It provides an unmatched level of protection against the inevitable threats in today’s attack landscape, covering DDoS attacks of any type, size or duration. No matter the threat, it’s mitigated in 3 seconds or less, without affecting the user experience for your legitimate traffic.

Always-On Mitigation is Automatic

Unlike on-demand protection, where you rely on your security staff to monitor traffic and report the detection of malicious requests, Imperva DDoS Protection for Websites, IPs and Networks are always-on services. Always-on mitigation is designed to mitigate attacks immediately and automatically, with no manual intervention required. This reduces the possibility of network saturation, removes the need for traffic diversion, and allows the system to speed through detection and sampling (the time it takes to analyze traffic flows and create directives for scrubbing) in just seconds.

(Imperva DDoS Protection is just one part of our Imperva Application Security portfolio, an integrated single stack of solutions that provide comprehensive protection against a wide range of cybersecurity threats and bring defense-in-depth to a new level. All of these capabilities are available through Imperva’s flexible and predictable FlexProtect licensing.)

How Our SLA is Made Possible

Several factors enable us to ensure such fast DDoS detection. The first is our robust processing capabilities. The second is our network’s ability to exchange real-time traffic data.

  • Robust Processing

Imperva mitigates network layer assaults via our Behemoth 2 scrubbers — fully automated mitigation appliances capable of keeping up with rising attack volumes, built with sub-second detection and mitigation and scale in mind. Enabled by the large amount of sample data from the traffic flow, the appliances create scrubbing directives in milliseconds. The aggregate processing power of our proxy network scales well up into millions of RPS (requests per second), allowing us to mitigate the largest attacks ever recorded.

  • Real-time Exchange of Traffic Data 

Our ability to rapidly mitigate attacks is supported by a network of real-time synchronization (RTSYNC) servers deployed across the Imperva network and broadcasting traffic data to their many nodes. The system creates a “fast lane” of sorts, prioritizing the exchange of traffic data from other, less urgent communication types (e.g., configuration change propagations). It takes less than one second from when the first attack packet reaches a node on our network for all proxies and scrubbing servers to instantly alert one another about the attack and to share scrubbing signatures. The other two seconds allowed by our SLA are only there to provide us with a safety margin in case of an atypical attack scenario.

We’re Ready. Are You?

It’s time to face the fact that DDoS attacks against your business are inevitable. It’s not a matter of if you will be hit with a DDoS attack, but when. How prepared are you to face it? Contact us today to see how the industry’s best DDoS mitigation SLA can give you the peace of mind that comes with knowing that even under the most intense attacks, it will still be business as usual.

Also watch this webinar hosted by AWS and Imperva to learn how Imperva helped this leading web company automate its DDoS and other application security.