Cloud-based scrubbing employs separate DDoS traffic-cleaning engines to ‘scrub’ clean traffic, filtering bad from good. It is essentially used as an additional layer of protection during a DDoS attack rather than a primary mitigation technique.
Scrubbing centers are typically hosted outside the Internet service provider’s network as a supplementary on-demand service, activated when a DDoS attack occurs. During a DDoS attack, the ISP or cloud provider forwards all traffic from the IP-under-attack to the cloud-based scrubbing center, which is essentially a centralized data cleaning station. By taking the potential malicious traffic out of network, legitimate traffic is more easily able to get through.
In the scrubbing center, traffic to the website under attack is analyzed and malevolent traffic (DDoS, SQL injection, XSS and other exploits) is removed. The traffic is typically analyzed using deep packet inspection, allowing the attack traffic to be filtered out while the clean traffic passes back to the network for continued delivery.
An “always-on” option is typically also available by which all traffic passes through a scrubbing center irrespective of whether or not an attack is detected.
Scrubbing centers can handle high volume floods of traffic at both the network and application layers, in addition to low and slow attacks, and other known vulnerabilities, including the most sophisticated kind of multi-vector attack. The ability to handle many different types of attack is often seen as one of the key benefits to using a scrubbing center over the traditional hardware appliance or a cloud firewall service.
Various security firms, such as Radware, have recently upgraded their ability to tackle different kinds of attack within their scrubbing centers. Radware, for instance, has integrated cloud-based SSL DDoS protection into all its scrubbing centers recently. As the security firm has seen increasing amounts of web traffic become encrypted, SSL-based DDoS attacks have accordingly become more frequent and more harmful. They demand significant amounts of computing resources from target servers, for instance, a single SSL request can demand up to 15x more resources from the target server than from the origin device.
Scale is also often considered to be an advantage with cloud-based scrubbing centers offering significant capacity to protect against volumetric floods, important in the new age of terabyte DDoS attacks.
ISPs and cloud security services tend to have scrubbing centers dispersed worldwide, which increases their capacity and allows them to reroute traffic to the scrubbing center nearest the attack, increasing the speed of response and its efficiency.