The landscape of DDoS (Distributed Denial of Service) protection, particularly within the context...
1. Imperva
Imperva's DDoS Protection solution is designed to handle any type of asset and provides a lightning-fast 3-second time to mitigation for all types of attacks. With an easy and fast onboarding process, Imperva simplifies operations with pre-configured policies and self-adaptive tuning capabilities. Enhancing visibility and reporting, Imperva Attack Analytics offers a comprehensive view of attack types and layers, correlating them to accelerate investigations and minimize alert fatigue. Trusted by a wide range of industries including eCommerce, energy, financial services, gaming, healthcare, manufacturing, and technology, Imperva is the go-to choice for robust DDoS protection.
Key Differentiators
- Protects websites, networks, DNS and individual IPs
- Stops Layer 3, 4 and 7 attacks
- Capacity of 9 Tbps, 65 GPPs
- 24×7 Support and SOC with global coverage
- A single stack architecture reduces latency and results in fast remediation of DDoS attacks and other web application threats
- Each of the 50 points of presence (PoPs) within the Imperva global network runs all security services (DDoS, WAF, API security, bot management)
- Imperva provides a 3-second mitigation SLA for any DDoS attack, regardless of type, size or duration, without disrupting legitimate traffic
- Delivers real-time visibility into DDoS threats with reporting and attack correlation through Imperva Attack Analytics or a SIEM integration
- Self-adaptive security policies, self-service configuration and Terraform and API support
Pricing
As of this writing, Imperva does not make its DDoS protection pricing available on its website. However, interested buyers have access to a free trial.
2. Radware
Radware provides comprehensive DDoS protection for various infrastructure implementations, including the public cloud, enterprise networks, and service providers. Their solution is designed to secure critical assets such as data centers, private clouds, public clouds, and even cutting-edge 5G infrastructures, regardless of the environment. With a focus on large-scale networks, Radware's solution is agnostic and adaptable, making it an ideal choice for service providers looking to safeguard their infrastructure from DDoS attacks.
Key Differentiators
- Radware’s attack mitigation architecture is flexible and extensible
- Can be tailored to customers such as telecom and cloud operators
- Wide security coverage with automated zero-day DDoS attack protection
- Offers hybrid, always-on and on-demand cloud DDoS service deployment options
- Cloud SSL-attack protection that maintains user data confidentiality
- Single pane of glass with unified portal and fully managed service by Radware’s Emergency Response Team
- Also offers web application security for integrated application and network security
- Combines always-on detection and mitigation with cloud-based volumetric DDoS attack prevention, scrubbing, and 24×7 cyber attack and DDoS security
Pricing
As of this writing, Radware has not made its DDoS protection pricing available on its website.
3. Neustar
Neustar UltraDDoS Protect provides an impressive 12+ Tbps of DDoS mitigation power, coupled with a highly efficient global data scrubbing network. This comprehensive solution is designed to safeguard your online presence, reduce the risk of data theft, and protect your bottom line. Whether you need instant protection against smaller attacks using on-premises hardware or robust cloud-based defense for high-volume and complex attacks, Neustar has got you covered.
Key Differentiators
- Automation that moves attacks into mitigation quickly
- Always ready options for DNS, BGP, and hybrid configurations
- Carrier-class DDoS mitigation that includes a massive network of dedicated scrubbing capacity
- OSI Layer 3, Layer 4, Layer 7 and IPv6 capable
- Globally positioned scrubbing infrastructure
- Harnesses multiple DDoS mitigation vendor technologies including Arbor, Cisco, Citrix, Juniper, HP, Neustar
- Multiple Tier 1 internet network providers
- Offers on-premises hardware and cloud-based protection
- Neustar can secure VPN connections via VPN Protect
- Can connect to 61 global data centers for traffic control and increased security
Pricing
As of this writing, Neustar has not made its DDoS protection pricing publicly available on its website.
4. NetScout
NetScout offers a diverse range of DDoS attack protection solutions that empower organizations to customize their defense strategy, whether it's in the cloud or on-premises. With a combination of stateless, on-premises, and cloud protection, NetScout effectively thwarts today's high-volume attacks that can exceed 600GB/sec. Additionally, their innovative solutions provide robust protection against stealthy application-layer attacks targeted at stateful infrastructure devices like firewalls, IPSs, and ADCs.
Key Differentiators
- Located on premises, the NetScout Arbor Edge Defense (AED) is an in-line, always-on product that can automatically detect and stop all types of DDoS attacks – especially low and slow application-layer attacks
- Placed on the network edge between the router and network firewall to provide best-of-breed DDoS protection, AED screens incoming and outgoing traffic using stateless packet processing technology
- Can easily scale and block in bulk inbound DDoS attacks and indicators of compromise
- Its Cloud Signaling capability automatically routes traffic to one of 14 scrubbing centers for analysis and mitigation to stop the attack within minutes
- The ATLAS Security Engineering and Response Team (ASERT) provides real-time attack information that enables it to automatically block up to 90% of DDoS attack traffic before it starts inspecting the first attack packet
- Suite of automated countermeasures that identify and block more complex attacks at the network or application layers
- Stops threats such as scanning, brute force password attempts, and known Indicators of Compromise (IoCs)
- Blocks outbound traffic from compromised internal device communications with known bad sites (e.g. attacker command & control infrastructure)
Pricing
As of this writing, NetScout has not made its DDoS protection pricing available on its website.
5. Ribbon
Ribbon presents a comprehensive lineup of cutting-edge Session Border Controllers equipped with state-of-the-art capabilities for DDoS detection and mitigation. By implementing intelligent configuration and dynamic adaptation on a large scale, Ribbon ensures minimal to no disruption to traffic throughput or packet processing while effectively identifying and neutralizing DDoS attacks.
Key Differentiators
- ACL policing applies access level control to allow traffic from trusted pre-configured IP addresses
- IP address learning: When IP addresses used by valid peers/endpoints are not known prior or may change dynamically, peers are confirmed as trusted only after receipt of specific valid SIP requests
- Media packet policing accepts media packets only if they correspond to a session negotiated via SIP/SDP signaling
- Media address learning: If a peer media address advertised in SIP/SDP does not match the actual source address of the RTP packets, it is possible to learn the peer media address to perform policing of subsequent packets
- Priority aware packet policing: rate limit SIP signaling packets on a microflow basis and give higher priority to packets from authenticated sources than those from unknown sources to increase the likelihood that desired traffic gets let through while malicious traffic is stopped
- Application-level call admission control (CAC) to rate limit traffic on a peer/IP trunk/IP trunk group level and can also be provided to limit bandwidth usage
Pricing
As of this writing, Ribbon has not made its DDoS protection pricing available on its website.
