DDoS Prevention Test Methodology v2.0

DDoS Prevention Test Methodology v2.0

Publish Date: December 17, 2014

NSS defines distributed denial-of-service (DDoS) prevention solutions as in-line devices (whether routing or transparent) or as out-of-band solutions capable of interacting with an existing routing and switching environment using industry-supported protocols (including routing protocols such as BGP). These solutions must detect volumetric, protocol, and application attacks. DDoS prevention devices should be able to scale quickly in order to continue processing and mitigating the large amount of traffic during a DDoS attack.

This methodology describes how NSS will evaluate DDoS prevention products to provide an objective and fair assessment of the technology.

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.