Threat mitigation and protection involves three elements: infrastructure, methodology and deployment. You need a provider who can supply all three protection layers.
Their network needs to be able to handle heavy traffic and have an elastic bandwidth, they need a selection of protection methods to customize to your site design, and quick, responsive deployment techniques to call upon when needed.
Infrastructure – The service provider’s infrastructure relates to its ability to detect and filter traffic, and ability to thwart an attack. The higher the capacity, the more effectively a service can lessen the impact of an attack. There are a couple different types of capacity: network capacity relates to the total network bandwidth; scrubbing capacity relates to the bandwidth focused on cleaning traffic.
Data centers are also crucial in relation to infrastructure capacity. They are located across the world, and use skilled training technicians to monitor and scrub infected traffic, along with hardware and software to do it autonomously. The more spread out the data centers globally, the better for optimization, monitoring, detection and mitigation. Location is also important for redundancy i.e. having a backup system in place if the primary one fails. Having a backup system is crucial to preventing down-time.
Methodology – A good DDoS service should also have multiple methods at its disposal to prevent DDoS attacks. Methodology should focus on different elements to a DDoS attack, for example some methods involve detection and inspection, such as bot detection or deep packet inspection. Other methods might involve behavioral identification to determine if traffic acts in an anomalous fashion, such as communicating via IP addresses rather than server names, as most legitimate traffic does. Other methods, such as web proxies, BGP and DNS, redirect traffic to a safe location or scrubbing center in which technicians can cleanse traffic and wait out the DDoS attack. The best methods involve as little disruption to the end user as possible, ideally resolving issues without their knowledge of the security verification methods used.
Deployment – Lastly, deployment must be customized according to your needs, letting you select from a variety of service levels, for example always on or on demand. Deployment also covers the way in which you want the services deployed, for example via the cloud or via a hybrid model: cloud and on-site hardware. Deployment and service plans are dependent on your level of risk, how much hardware you already possess, your current levels of IT support, and your budget. If your website needs to always be on as it would severely impact your business to have downtime, for instance if you are an eCommerce site, always on would be important.
Once you select a service provider, they will work with you to customize a service which best suits your needs.