Visit This Site

Is The DDOS Mitigation Industry Becoming Commoditized?

June 9, 2017 – Before we dive into why the industry seems commoditized, let’s paint the picture real quick…

The DDOS Mitigation Industry

The DDOS mitigation industry has seen rapid growth over the last decade. This is largely in part because hackers are making an “Anonymous” name for themselves and loving the fame.  These groups of hackers feel proud about making the news, but they are also making a lot of money from doing it.  Over time more and more machines and devices have been compromised, putting these massive zombie networks in the hands of just about anyone that wants a piece.  Free DDOS tools for download are available and if you want to hire someone, simply log onto any freelance website.  That’s how easy it’s become to launch an attack.

Take the Mirai Botnet for example.  This was discovered in the last 6 months or so and comprises hundreds of thousands of zombie machines, specifically IOT devices like cameras and wireless routers. Krebs is all over this and may have found one of the authors behind Mirai.

Krebs on Security found one of the authors of the Mirai Botnet

Author of Mirai Botnet

This is old news though and most of us know how prevalent DDOS attacks have become.  Let’s look at the other side of the equation.

DDOS Mitigation Providers

There are countless vendors in the market that offer services to protect against denial of service.  Prolexic may have been the first player in the industry early on, helping the online gaming world protect themselves.  The gamers were a huge target and still are.   Then over time, other companies started popping up to offer similar services.  Most of them were ankle biters that had enough bandwidth to help your small to medium websites, but soon enough, real players started coming into the picture. The likes of Akamai, Neustar, and Verisign to name a few.  Most of these larger players already had a global network built out as a CDN or DNS infrastructure, so it was a relatively seamless move to get into the DDOS protection space.  If we take a look at the last 3-5 years or so, there are probably over 100 vendors with about 10 leading the charge.

While the risk awareness took some time for most companies, there seemed to be a tipping point somewhere in the timeframe of 2010-2013.  Executives started mandating that their IT and security teams put measures in place for DDOS protection.  A lot of the awareness stemmed from breaking news all across the media when major sites were taken offline.  Take the August, 2009 attack on Twitter for example.  


Article discussing 2009 ddos attack on Twitter

Twitter DDOS Attack

Or the April, 2009 attack against UltraDNS, which at the time was the largest DNS provider out there.


Article on the 2009 UltraDNS DDOS Attack

UltraDNS DDOS Attack


So what are the differences between these DDOS mitigation providers?

That’s a great question.  The answer is “not much.”  Well, let’s actually rephrase that.  If we look at the providers as an entire company, there are definitely some significant differences.  However, if we are looking at just the DDOS mitigation service itself, then it’s hard to decipher any major differences.

So yes, if we look at the companies, there are definitely some big comparisons and it’s mainly in their product set.  Some of these companies offer DNS, CDN, WAF, DDOS mitigation and bot mitigation.  A one stop shop.  Others offer just 1 or 2 of these services, and others strictly offer the DDOS piece alone.  When you look at it this way, these companies vary a great deal.

However, sticking with the topic of this article, let’s look at the DDOS solution by itself.  There seem to be 4 main categories that buyers consider as it relates to DDOS mitigation (not including pricing because that’s obvious).


There are a handful of ways a DDOS mitigation service is offered.  There is the on-demand approach for when companies only want to use it when they are under attack.  They essentially pay an insurance policy each month to have access to this large network. When an attack is targeting them, they can route their traffic through this scrubbing network to absorb and fend off the attack.  The common ways to re-route are either through a DNS redirection or for a full stack protection you can swing an entire BGP block over to it.

Then there is the always-on approach.  Companies tend to use this approach when they are constantly targeted for attack or provide a service that cannot be interrupted in any way.  Instead of being reactive to the attack, they are setup in a way where the traffic will automatically get scrubbed without having to do anything.  This is either offered in a cloud based manner, a device on premise, or a combination of both.

Network Capacity

“What is the capacity of your network” always seems to be a question that comes up from buyers.  They want to know how much traffic a provider can withstand, should they be hit with a massive attack.  It’s a fair question, but if you’re talking to one of the top 10 providers, there’s really not much to worry about.  DDOS will always be an arms race to keep up with the botnet networks out there and be able to fend off ever growing attacks.  Attacks are getting bigger and bigger every year, so a better question to ask your provider is “how much capacity are you adding to the network each year?”

SOC & Support

This might actually be the most important decision making criteria.  You should grill each provider on the processes that take place on their end when a customer is under attack.  Buyers typically want to know the step by step procedure they need to follow when they are under an attack.  How much work is involved on my end?  Who do I reach out to on your support team?  What is the typical turnaround time for moving into mitigation, or even getting someone on the phone?  Are there SLA’s around this?  Who are your SOC people and how much experience do they have?  What exactly are your people doing day to day as it relates to monitoring traffic and attack patterns?  Are you guys alerting me or do I have to reach out?

Features & Functionality

Buyers have very specific needs and want to know what features come with the service.  The most important of these is usually the monitoring and detection piece.  As a customer, do I have a portal or dashboard where I can view my traffic in real-time and will I be alerted of any anomalies?  What type of reports can I generate and how long is the data stored for me?  These are just some of the little things that customers care about.

In summary

The point being made here is that all of the major players in this space provide all of the above.  There may be some minor nuances, as there will be in any competitive comparison, but nothing that will swing you one way or the other.  At the end of the day, the big decision tends to be weighed based on price and comfort level with the vendor.

What else sets these vendors apart?  Please leave your opinions and feedback as we would love to hear it!



Leave a review/comment

© Copyright 2008 by DDos Providers