DDoS Protection: Always One Step Ahead of Attackers

DDoS protection (also known as anti-DDoS) refers to systems for defending against or mitigating cyberattacks by means of distributed denial of service. DDoS aims to cause delays and outages of websites and IT infrastructures via artificial requests. DDoS protection solutions are available either as a hardware appliance for implementation in your own data center or as a security-as-a-service solution via the cloud. Cloud-based DDoS protection can be used without additional hardware or software and therefore requires less effort to implement. The service provider takes care of the configuration and operation of the DDoS protection. DDoS protection as a hardware appliance, on the other hand, requires a high level of expertise to efficiently implement and configure the protection solution in your own data center. On-premises services, where the DDoS protection is installed and operated by the protection service provider itself in the customer's data center, are a middle ground.

The cost of DDoS protection varies depending on the desired deployment model (cloud, hardware or on-premises) and the required traffic bandwidth and number of domains to be protected. As a rule, security-as-a-service models as an anti-DDoS solution are cheaper for most companies than the in-house variant in their own data center. Full-service operators take on the initial implementation, continuous operation and configuration adjustments of security systems. Continuous monitoring of the secured systems is also included in order to ward off attacks as quickly as possible. The recruitment of cyber security experts in particular is a major obstacle and often significantly slows down the commissioning of hardware appliances. According to Bitkom, there are 137,000 vacancies for IT experts across all sectors in Germany (as of Nov. 2022). On average, it takes seven months to find suitable candidates for vacancies.

After the first step - recognizing DDoS - DDoS protection diverts harmful traffic flows in order to free up capacity on the web servers for regular user traffic. Modern protection systems automatically initiate DDoS mitigation within a few seconds as soon as an impact on the affected servers becomes apparent. By filtering incoming traffic at various levels and using intelligent load balancing, DDoS protection solutions ensure that sufficient bandwidth is available for the affected websites even in the event of an acute attack, until the attackers abort their attack without success.

DDoS protection for dedicated protection against attacks on the application layer (layer 7) relies on multi-layer granular filtering methods that include fingerprinting, blocklisting and request limiting. This enables DDoS protection to effectively identify and fend off harmful traffic in the shortest possible time. In contrast to attacks on layer 3/4, attacks on layer 7 are based on already established connections of services and protocols such as HTTP, HTTPS, FTP or SMTP. For this reason, such attacks are very difficult to distinguish from regular traffic using conventional anti-DDoS solutions, such as those supplied as standard by most hosters. Without dedicated DDoS protection to defend against layer 7 attacks, the targeted systems are at acute risk of failure.

Protection solutions for defending against distributed denial of service (DDoS) attacks also protect against denial of service (DoS) attacks, as the attacks use the same methods. In both cases, malicious traffic is directed to a web resource via an attack tool with the aim of overloading the affected web servers. However, while in a DoS attack the attack originates from a single system, cyber criminals use distributed botnets consisting of hundreds or thousands of systems for DDoS attacks. As such botnets are becoming increasingly easy for criminals to access via illegal marketplaces on the darknet, the more powerful DDoS attacks are increasingly replacing conventional DoS attacks. On the part of the affected organizations, this trend makes anti-DDoS defense immensely more difficult – dedicated protection solutions as DoS/DDoS protection are therefore a prerequisite for successful defense.

In principle, DDoS protection (also known as denial-of-service protection or anti-DDoS) is not able to prevent attacks. However, such DDoS protection ensures that the attacks do not have a negative impact on the affected web servers. So while attackers "waste" their resources on attacks, the target system remains protected - the website remains available for visitors and works as usual in terms of performance. In addition, by using a CDN-based DDoS protection service, companies can hide their web infrastructure from attackers – a direct attack on the organization's web servers is no longer possible.