DDoS Mitigation

Firewalls – Whereas firewall management used to be a sufficient strategy to manage denial of service (DoS) attacks, botnets and reflectors have since reduced the effectiveness of blocking attacks at the network edge. Using a firewall for mitigation may cause the CPU to spike and deplete memory resources. In addition, firewalls do not have anomaly detection capabilities.

Intrusion detection system (IDS) – An IDS device typically sits behind the firewall and links to a router in front of the firewall. Like an IPS (discussed in the next bullet), an IDS is designed and fine-tuned to inspect for single malicious packets. Neither IDS nor IPS devices are designed to handle high-volume attacks. Using them for DDoS mitigation can impact performance in their intended role of intrusion mitigation. In addition, by the time an IDS detects an anomaly and issues an alert, attack traffic is already consuming Internet bandwidth, potentially saturating the network, causing the CPU to spike, and depleting memory resources.