A distributed denial of service (DDoS) attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. A DDoS attack is launched from numerous compromised devices, often distributed globally in what is referred to as a botnet. It is distinct from other denial of service (DoS) attacks, in that it uses a single Internet-connected device (one network connection) to flood a target with malicious traffic.
What happens when an organization’s website or network infrastructure is under DDoS attack depends largely on how well the victim organization has prepared for the attacks and how effective its DDoS protection service vendor is at dispersing the flood of malicious traffic.
Some organizations rely solely on their ISPs for DDoS protection. We do not recommend this as a principal strategy because ISPs are not set up to stop DDoS attacks and are usually first and foremost focused on protecting their own infrastructure. There are a number of reasons why it is better to choose a dedicated DDoS mitigation solution over a basic service offered by an ISP. For example, if they are unable to effectively scrub large amounts of traffic going after a site or a network an ISP may block all traffic to the site completely, which basically helps attackers achieve their aim of shutting down the targeted site or service. Other organizations rely on cloud-based application security providers to immediately identify a DDoS attack on their website or infrastructure and automatically take steps to disperse the bad traffic in order to keep services operational and for business continuity purposes. Once bad traffic has been identified, the DDoS protection technology often routes it to DDoS-resistant data centers at specific points of presence where the attack can be absorbed. This can impact performance by adding latency and other service hiccups which can affect the user’s experience.
The role of PoPs in DDoS attack mitigation
The same cloud-based application security providers often go to great pains to tell anyone who’ll listen, about their extensive network of point of presence (PoP) DDoS-resistant data centers. To be sure, the number and strategic positioning of PoP sites worldwide can be critically important to the provider’s ability to successfully mitigate the negative effects of a DDoS attack, but not all PoP sites are created equal. In this post, we’ll explain what PoP sites are, what they offer, and what you should look for from a cloud-based application security provider’s PoP sites to ensure you can separate the hype from the reality when choosing a DDoS protection solution.
A point-of-presence is the physical location where two or more types of communication devices establish a connection. Point of Presence data centers in high internet usage areas enable websites and networks to speed up their responses to queries. The same functionality that enables PoPs to ensure optimal operational performance in high-traffic environments also makes them ideally suited to disperse DDoS attack traffic.
Why not all PoPs are created equal
You need, first and foremost, to look for single-stack solution PoPs from your solution provider. A PoP needs to cover WAF, CDN, ABP, and API Security as well as advanced DDoS protection together. Some solution providers have PoPs across the globe that are “single solutions.” This means some PoPs are for WAF, others for CDN, etc. So a provider may assert they have thousands of PoPs worldwide, but you need to know how many of them are dedicated to DDoS attack mitigation.
When you are under attack, your DDoS solution provider routes your traffic to one of these scrubbing center PoPs. This can be a problem because it takes valuable time during the attack to get your traffic routed to a PoP set up for DDoS mitigation. This extra time is likely to affect the performance of your services. So it really matters less how many PoPs a solution provider has. Of that number of PoPs you must know how many offer the technology needed to mitigate a DDoS attack.
Three DDoS protection essentials your solution provider must offer when it comes to PoPs:
- Single stack solution PoPs. Your provider should offer every technology, including DDoS mitigation, in every PoP across the world. These single stack solution PoPs must be sited in key, highly trafficked, highly developed and densely populated areas of the world.
- Proprietary technologies only in their PoPs. Many providers, even if their PoPs do offer a single stack solution, often buy other technologies to perform critical functions in their stack. Look for a solution provider that maintains its own infrastructure. A provider who owns their tech can enhance/develop it more easily and efficiently to meet their customer needs. If it is off-the-shelf tech, hackers can also buy it, reverse-engineer it and understand it better to attack it.
- A straightforward and clear SLA. As we have discussed before, Service Level Agreements (SLAs) with solution providers can be tricky. A true SLA will state, in plain language, that the provider’s dedicated PoPs will start mitigating DDoS attacks in x seconds – without qualification or caveats.
Find out how Imperva’s PoP network is designed to mitigate DDoS attacks and still enable top website performance. Contact an Imperva Solutions Representative.
Try Imperva for Free
Protect your business for 30 days on Imperva.