WP With SLAs for DDoS Mitigation, the devil is in the details | Imperva

With SLAs for DDoS Mitigation, the devil is in the details

With SLAs for DDoS Mitigation, the devil is in the details

When it comes to choosing the right DDoS protection there are many factors to consider including Network Capacity, Reliability, Service, Price and Time to Mitigation (TTM). In a recent survey, we asked participants what factor they considered most critical when choosing a DDoS protection solution. They listed TTM, along with quality of mitigation, as the two most critical factors.

Time to mitigation (TTM) is the time it takes for the DDoS mitigation to kick in and start scrubbing the incoming traffic.

Why does Time to Mitigation (TTM) matter so much?

Most DDoS attacks can take down your network in a matter of minutes yet recovery from them can take hours, so it’s easy to see why TTM is considered one of the most critical aspects of any DDoS Protection service. TTM is measured from the point at which the first DDoS attack packet hits your system to the point when your DDoS mitigation service begins blocking incoming attack traffic. The longer the TTM, the more damage an attack can cause.

TTM commitments vary widely among service providers’ SLAs, so it’s important to understand what kind of protection you can expect. This is relevant to all organizations whose business operations and customers rely heavily on uptime and availability of applications, and it is particularly critical for financial services and eCommerce enterprises who need to ensure continuity of operations and access to websites as they approach the peak business period of the year. With so many DDoS providers claiming to offer the best TTM in the industry, how can you decide which is best?

First you need to look at their Service Level Agreement (SLA) to fully understand exactly what their SLA covers and if their DDoS protection solution meets your requirements.

A brief overview of DDoS protection SLAs

A DDoS solution provider’s SLA should define which layers, attack types, size, and duration it covers and should also spell out the provider’s response times for support issues. These are usually defined based on problem severity levels. Make sure to examine DDoS solution providers’ SLAs in detail before you choose one. Here are some examples of what to look for and what to look out for.

Beware of the zero-second SLA for DDoS protection

When something seems too good to be true, it usually is. If a DDoS solution provider is offering a zero-second SLA, read the fine print in their contract. Oftentimes this zero-second statement is true only for attacks on the provider’s proxy server or for known attack types with pre-configured signatures. It’s easy to claim zero-second service when a solution only protects against attacks with known traffic profiles. If a DDoS protection provider has a zero-second SLA, but only offers automatic protection against simple attack vectors, that doesn’t do you much good.

In the event of any type of DDoS attack, you need to ensure that the solution provider delivers mitigation speed guaranteed to keep your business online. Their SLA should back up their claim. You should perform sufficient due diligence to ensure you are protected when under attack.

Is the DDoS mitigation solution adaptable to new attack methods?

The 2021 DDoS Threat Landscape Report reveals that attacks on networks and infrastructure are becoming shorter and sharper. These attacks enable cybercriminals to circumvent traditional DDoS mitigation approaches and cause the maximum damage possible before mitigation even starts. In cases like this, where attackers can leave networks reeling and unable to recover, speed of mitigation is critical. A matter of minutes can lead to lost earnings and even lost customers. For layer 3 and 4 DDoS attacks, look for SLA language that guarantees that mitigation starts in 3 seconds-or-less.

Does your DDoS mitigation solution take on unknown attack vectors?

When choosing a DDoS mitigation solution, it’s also important to know if a vendor’s SLA mitigates against unknown attacks as well as attacks matching the vendor’s pre-configured signatures. Your DDoS protection should rely on more than historic signature stores, it should also be effective against unknown attack vectors and should mitigate against unknown attacks at scale.

Beware of hidden charges for your DDoS protection solution

Some providers claim they offer very fast TTM. However, when you read the fine print in their SLA they also require that you purchase additional managed services products to get their best available SLA. Your DDoS protection solution provider’s SLA should guarantee 3-second TTM with no additional hidden costs and without the need to sign up to a costly managed services plan.

Beware of a DDoS mitigation solution that offers no written SLA

Some DDoS providers offer no mitigation SLA at all. In that instance you never really know about the speed and quality of the mitigation services you would receive when an attack is executed. You should choose a vendor that writes an SLA into every contract and offers the resilience you need to protect your business.

How is the Imperva DDoS mitigation solution different?

Imperva provides that mitigation will start in 3 seconds or less once the first packet hits. And this TTM applies no matter the size or for how long you’re under attack. From the start of a DDoS attack to full mitigation, Imperva’s SLA commits to fast and automated DDoS action, delivering protection against all attack vectors – known and unknown – that constitute today’s attack landscape.

While some vendors offer a limited mitigation SLA against only known attacks Imperva protects at scale offering unrivalled processing power and fully automation scrubbing appliances capable of sub-second detection and mitigation. Imperva uses step-by-step escalation methods of control, including anomaly detection, visitor listing, a rule engine which compares signatures and examines various attributes, and rate limiting which provides control by limiting requests per session or per minute. Customers also benefit from the content caching and dynamic content acceleration in Imperva’s CDN for widespread, positive performance improvement.

DDoS mitigation starts nearly right out-of-the-box

Better still, Imperva’s industry- best DDoS mitigation is available out-of-the-box with the minimal intervention required to get you up and running quickly and give you the peace of mind that comes with knowing that even under the most intense attacks, it will still be business as usual.

Imperva’s DDoS mitigation solution is powered by a global scrubbing network of 49 PoPs (Points of Presence) that block the bad traffic as closely as possible to the source of the attack while continuing to let legitimate traffic through. Imperva’s 9 Tbps global network can mitigate 65 billion attack packets per second.

Imperva leverages Machine Learning to work like a SOC engineer that automatically creates security policies for each customer network range it protects. This considerably enhances continuous DDoS mitigation and eliminates the need for human intervention.

In addition, our software-defined network operations center (SD-NOC) automatically divides the attack traffic between different PoPs and/or ISP channels to optimize our resources and provide the best possible mitigation while also protecting and allowing legitimate traffic.

Reliability is where the rubber hits the road

When you are under attack, you should be confident that your DDoS protection will be available because that’s when you need it most. When it comes to service uptime guarantee, you should accept no fewer than “five nines” meaning the provider can commit to service uptime of 99.999%. Imperva has engineered our born in the cloud DDoS mitigation platform for reliability. Imperva, for example, operates with an SLA of 99.999% availability for CDN / Cloud WAF / DNS Protection.

The uptime SLA is particularly significant for enterprise organizations who are at a much greater financial risk if subjected to any downtime. Imperva adopts a ‘defense in depth’’ approach to security when it comes to protecting enterprise organizations offering a broad portfolio of security and protection tools in addition to DDoS Protection, including our Web Application Firewall, Run-Time Application Self-Protection (RASP), API Security and Advanced Bot Protection.

Learn more about Imperva DDoS Protection.