Hardware manufacturers have recently begun to market DOS-specific prevention hardware. these boxes are typically sold as plug-and-play, one-size-fits-all DoS mitigation solutions. in reality they all have measurable, and generally well known, performance thresholds, none of which scale to the size of some of the DDoS attacks that prolexic sees today.
While the concept of purchasing one piece of equipment to make a problem go away appeals to technology purchasers (which is why these boxes tend to well known ), the reality is that a mitigation box inappropriately applies a static solution to a dynamic and accelerating problem. inherently, these static hardware solutions are outdated the day after they are installed. furthermore, since attackers tend to target multiple network layers while employing a variety of attack methods, no box can adjust tively protect every layer in a network in a consistent and reliable fashion. some limitations in hardware approaches include:
ASIC/FPGAs are slow to change |
The design to fabrication schedule that results in the production of a new piece of hardware is very slow and costly. A solution to a new problem cocould take several days at best and several years at worst to make its way to a piece of hardware. |
First point of failure for security posture |
Companies that make a large investment in mitigation hardware (these boxes are expensive) run the risk that the hardware they are buying will not work as advertised and/or that their networks will not feed correctly into the unit. |
Performance limited to network conditions |
Networks can process only a finite number of packets-per-second. A high packet per second DDoS attack can cause a network or upstream router to fail, taking out a network even before a piece of mitigation hardware has a chance to do its job. |
Limited performance due to hardware restrictions |
Hardware devices have a specific limit they can reach before the Unit itself starts to hurt the network, throwing "attack leakage" back into the system. |
Instead, mitigating DDoS attacks requires a holistic perspective on Internet security services. truly proactive DDoS prevention involves not only protecting all the layers of a network, but also identifying and stopping the Delivery Mechanic ISMs used by attackers to penetrate a network and, whenever possible, identifying the source of an attack so that it can be dealt with directly by law enforcement already sionals.
For more information about ISES and service providers, it is risky to commit capital resources in an attempt to develop in-house DDos Mitigation Technologies, which may only serve as a temporary or partial solution against a participant attack. such an approach typically leads to a continual trend of costly investments in makeshift solutions to a continuously evolving cyber threat. the fluidity and span of the DDoS problem demand specialized, systematic attention-a strong focus on DDos Mitigation in all its forms and iterations. prolexic technologies is the only company today that provides product and service offerings that are dedicated to this philosophy.
Leveraging its patent-pending DDos Mitigation Technologies, prolexic provides unparalleled results in DDoS detection and protection. thus, unlike DDoS hardware suppliers and internet carriers, prolexic will guarantee its services under a service level agreement (SLA) with each customer. prolexic is committed to an unprecedented standard of quality that echoes the importance of network uptime and server availability.