Why Free or Cheaper DDoS Protection Will Cost You Billions Later
Why Free or
Cheaper DDoS Protection Will Cost You Billions Later
The
promises are enticing and therefore the price is unbeatable; in any case – who
can beat the worth of ‘free’?
As
service accessibility becomes more and more of a customer concern, it's become
common for internet service providers (ISPs), content distribution networks and
public cloud providers to supply ‘DDoS
protection service’ for free of charge, as a part of their service bundle.
What
those service providers don’t tell their customers, however, is that this free
protection can find yourself being the foremost expensive, do you have to come
under fire.
DDoS
attacks most of the times end in loss of availability, loss of consumers,
abandoned shopping carts and loss of reputation, therefore the upfront savings
in protection can cause much larger costs down the road.
Free or less
expensive or cheaper DDoS protection service is usually offered by
connectivity and computing providers, who bundle it in conjunction with their
infrastructure services. This typically includes Internet Service Providers,
Content Delivery Network, and public cloud infrastructure-as-a-service (IaaS)
providers.
Inferior Protection
There
is no way around it: once you buy something for free of charge, you always get
what you buy.
The
main concern of infrastructure service providers is selling their core
computing services like internet connectivity, content distribution, or cloud
computing. From their point of view, DDoS protection may be a drawing card to
enable higher sales. Consequently, they often provide only the only, most
elementary protections which cost them the smallest amount.
Higher
levels of protection, on the opposite hand, require high costs.
As per
consequence, free or cheaper DDoS mitigation service tiers
usually don't provide protection against advanced DDoS attacks like burst
attacks, dynamic IP attacks, multi-vector attacks, IoT botnet attacks (such as
Mirai), DNS attacks, SSL attacks or other zero-day vulnerabilities
or DDoS attacks. This results in inferior protection, and leaves customers
exposed should they face a classy attacker.
Limited
Coverage
Another
key problem with ‘free’ DDoS protection services, aside from the extent of
security, is that the limited coverage they provide.
Frequently,
such services are limited to elementary network-layer (L3/4) DDoS
attacks. However, they typically don't protect against application-layer (L7)
DDoS attacks which target the applications themselves, like HTTP/S DDoS floods
attacks, low-and-slow attacks, and so on.
Application-layer
DDoS Mitigation Solution, to the extent they're offered within the least,
will frequently require separate add-on costs (or the acquisition of a WAF security service), and are usually
limited to simple rate-limiting of incoming HTTP/S connections.
Besides
the point, because the service providers’ main interest is to sell more of
their other services, their DDoS protections are getting to be limited to
coverage of their services only.
For
customers who use multiple providers (such as multiple CDNs, ISP, or public
clouds), this may cause varying levels of protection for various assets,
inconsistent security policies, and fragmented management & reporting.
No Service Commitments
Your
DDoS protection service is merely nearly as good because the service guarantees
your provider is willing to plan to. Such service commitments are usually
documented within the Service Level Agreement (SLA) related to the service.
This
is why most free or least expensive DDoS protection either provide no
SLA within the littlest amount, or provide ‘best effort’ Service level
agreement. Frequently such Service level agreements won't
include any commitment to attack detection times, mitigation times, or quality
of mitigation (I.e., measuring the ratio between good and bad traffic that's
being allowed through).
An
enterprise-grade
SLA
should include service commitments which aren't only specific, but measurable (i.e., that there's a transparent,
understandable manner to live to them),
and also explain what are the service remedies just in case
these SLAs are breached.
Exclusive of to
the point and measurable metrics for detection, mitigation, and response
within the SLA of a DDoS protection service should raise alarm on the actual
quality of security it provides.
Lack of Security Expertise
Finally,
as ‘free’ DDoS protection vendors are usually not dedicated security providers,
they often lack the expertise and know-how to effectively affect cyberattacks.
Even
though such service providers could be experts in them respective fields
(such as internet connectivity, content delivery or cloud computing), security
is usually a side-business for them. DDoS attacks, however, are a selected
category of cyberattack, with distinct characteristics, customer impact and
methods of mitigation.
In
consequence, such vendors are frequently not up-to-date with the foremost
recent attacks, trends or tools, and don’t have rich experience in handling an
honest quite DDoS attacks.