Security Controls In The US Enterprise: Distributed Denial-of-Service (DDoS) Prevention

Security Controls In The US Enterprise: Distributed Denial-of-Service (DDoS) Prevention


Jason Pappalexis, John Whetstone, Will Fisher, Mike Spanbauer



Although distributed denial-of-service (DDoS) attacks are not new, they are more effective today than ever before. Motivated by factors such as hacktivism and financial gain, attackers launching DDoS campaigns aim to take down websites or block transactions to cause visible and potentially far-reaching business disruptions. In an effort to mitigate the impact of these attacks, enterprises turn to DDoS protection technology.

Enterprises can use this information to gain critical insights into the purpose and use of DDoS prevention technology. These insights include information on how this security control is being managed within organizations, where it is being deployed, who is responsible for purchasing decisions, and the extent to which API controls are being used for its management.



  • Product scope, alternatives, deployment, and purchase authority
  • Metrics on product use within the enterprise
  • Who manages DDoS prevention technologies? (breakdown by organization size)
  • Who uses API controls? (breakdown by organization size)
  • Enterprise challenges



Part of a series on security controls deployed by US enterprises, this brief includes current usage statistics for DDoS prevention technology within small and medium-sized enterprises (SMEs), large enterprises (LEs), and very large enterprises (VLEs).

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.