Authors: Thomas Skybakmoen, Jerry Daugherty, Devon James
Implementation of distributed denial-of-service (DDoS) prevention solutions can be complex, with multiple factors affecting the overall performance of the solution.
The following factors should be considered over the course of the useful life of the product:
Will it be deployed in combination with external prevention methods?
Can it provide effective mitigation of attacks without affecting legitimate traffic?
Will the device respond to attacks autonomously, or will it require tuning for each attack?
There is frequently a trade-off between security effectiveness and performance. Because of this trade-off, it is important to judge a product’s security effectiveness within the context of its performance, and vice versa. This ensures that new security protections do not adversely impact performance and that security shortcuts are not taken to maintain or improve performance.
Sizing considerations are critical, as vendor performance claims (where mitigation typically is not enabled) can vary significantly from actual performance (where mitigation is enabled).