DDoS (Distributed Denial of Service) attacks are one of the most prevalent disruptions that cost businesses millions of dollars each year. These attacks can take your websites or services completely offline, impacting your customers, and ultimately harming your business.
The good news? In this article, we’ll explore the best DDoS protection services you can use to keep your business safe online.
Here is our list of the 7 best DDoS protection tools and services:
- SolarWinds Security Event Manager (FREE TRIAL) Combines ease of use with flexible protection while still maintaining control of your DDoS traffic settings.
- AWS Shield DDoS protection for applications and services hosted in the AWS cloud.
- Link11 German-based DDoS protection service that uses AI to identify threats.
- Project Shield Splintered off of Google, Project Shield offers free protection to news agencies and nonprofits.
- Neustar Can use BGP or DNS routing to mitigate attack traffic.
- Stackpath WAF DDoS protection with additional WAF capabilities.
- AppTrana Offers a complete done-for-you DDoS protection service.
SolarWinds Security Event Manager (SEM) is an intuitive yet effective DDoS protection tool that allows organizations to manage their own security. SolarWinds SEM comes preconfigured with best practices in place that give you a firm foundation to work from.
SEM manages a comprehensive list of known bad actors and IP addresses and automatically prevents them from passing through to your site. This list is populated both by the SolarWinds security team and submissions from its users.
Automated responses ranging from custom alerts to blocking an IP, to terminating an account can be configured through a simple interface. SolarWinds SEM can also analyze data and alert you if there are any suspicious events that are deviating from the normally expected baseline of traffic. This helps raise the alarm and detect acts like malicious probing before the business is impacted.
SolarWinds event logging is extensive and comes with built-in forensic tools that give you the power to review how a DDoS was carried out. This not only helps you build a legal case against the attackers but allows your security team to identify holes in your defenses and patch them. Events can be sorted in a number of ways to identify IP addresses, user accounts, targeted services, and attack methods.
SolarWinds SEM starts at $4,655 (£3,819). You can try SolarWinds Security Event Manager completely free through a 30-day trial.
AWS Shield is hosted by Amazon Web Services and provides DDoS protection as a managed service. If you already have an application or service hosted by AWS, its DDoS protection is automatically available.
DDoS attacks can be mitigated on multiple different levels with AWS Shield. Active traffic monitoring constantly monitors all traffic to your services and can check for both network flow and application traffic monitoring.
Common attacks like SYN floods, UPD floods, ACK floods, and reflection attacks can all easily be stopped before they cause an outage. You can choose to set a threshold condition, where if reached will drop all traffic from a hostname or IP address. AWS Shield uses a flexible rules engine that makes it easier to configure your protection settings when compared to more traditional DDoS mitigation services.
All of your security settings can be reviewed through a built-in best practices and architecture review that ensures there are no glaring holes in your DDoS protection settings.
For AWS Shield Standard this comes in the form of a self-assessment, but for those who opt to use Shield Advanced these settings are reviewed by an AWS security expert. If you’re already using AWS WAF (Web Application Firewall) you can take advantage of additional security benefits such as instant rule updates and self-service Layer 7 mitigations.
AWS Shield comes in two versions, Standard and Advanced. AWS Shield Standard provides adequate protection for smaller businesses and stops basic DDoS attacks. AWS Shield Advanced includes advanced traffic mitigation with Elastic Load Balancing and gives you access to additionally attack layer visibility and reporting.
Pricing for AWS Shield Advanced starts at $3000 per month. Additional services like Elastic Load Balancing and AWS Global Accelerator will be billed separately depending on traffic usage. You can learn more about AWS Shield on the AWS homepage.
Link11 is a German cybersecurity company that offers a multitude of protection services including defense against DDoS attacks.
The Link11 platform utilizes advanced AI to identify DDoS attacks and stop them in their tracks. They boast a quick detection time and claim to be able to stop known attacks instantly, and new attacks in under 10 seconds.
This cloud-based protection detects attacks through Layers 3-7 in real-time by using a combination of signature and pattern recognition and is simple to set up. Traffic to your application or service is routed through Link11 first to filter and protect against attacks.
As the AI system protects more applications, it learns over time. Every time an attack is thwarted, the details of that attack are stored in a database. If a similar set of events happens again, the system can identify and predict how the attack will progress. This method essentially stops attacks before they even have the chance to gain moments. Currently, Link11 has stopped over 200,000 attacks to date.
Link11 displays your analytics through a simple yet informative dashboard and gives you both real-time and historical insights on attacks against your network. Metrics like the number of threats stopped and bandwidth saved put your ROI in a direct perspective while using the platform.
There are a number of preconfigured reports that you can generate for your records, or share with stakeholders. Dashboards insights can be shared and reports can be generated either manually or sent at regular intervals.
Pricing for Link11 is not publicly available; you can however contact Link11 support for a trial version.
Project Shield is operated by Jigsaw, a branch of the Alphabet company that aims to make DDoS protection accessible to the masses. Project Shield initially was started to protect small businesses, journalists, and activists from mass scale DDoS attacks.
Project Shield has been slowly expanding its services and is proving to be a worthy DDoS protection service. In 2016 Project Shield offered its reverse proxy protection to news organizations completely for free. By using machine learning AI, Project Shield is configured to be a ‘set it and forget it’ anti-DDoS tool.
While Project Shield is still in its early stages, the platform is quickly becoming known as a service that fights to protect businesses who otherwise couldn’t protect themselves. At this time Project Shield is available to a select group of companies including nonprofit organizations, news organizations, and political parties.
You can apply for Project Shield on their application page.
Nuestar offers many different forms of DDoS protection through a combination of cloud-based, on-premises, and hybrid setup DDoS protection services. The company currently provides DDoS protection services across the world by routing traffic to 14 data scrubbing centers around the globe.
For on-premises solutions, Neustar uses the Pravvail Protections Availability System designed by Arbor networks. This appliance sits between your firewall and ISP and can sort traffic ranging anywhere from 500 Mbs to 10 Gbps. This physical appliance can stop attacks operating on Layers 4 through 7, and can even act as a cloud failover.
If your current system is approaching the traffic mitigation threshold, you can opt to have this traffic directed to Neustar’s UltraDDoS Protect cloud. This failover utilizes BGP routing or DNS direction to shift your DDoS prevention from onsite to cloud-based during severe attacks.
There are multiple ways you can configure failover, but one of the most effective is through automated routing. This works by giving you the ability to set thresholds and configure rulesets that trigger automated actions. These actions can range from redirecting traffic to other WANs, initiating a cloud-based failover, or dropping specific packets altogether.
All of these settings as well as real-time data of your network traffic status can be viewed via the web console. If a DDoS attack does occur, a post-attack report is generated by Neustar that breaks down how the attack unfolded, and what measures were done to mitigate and stop traffic.
Pricing for Nuestar is not publicly available, and there is no free trial available at this time. You can reach out to the Nuestar sales team for more information.
Stackpath WAF is an application firewall specifically designed to defend against threats, as well as provide DDoS protection and mitigation. Stackpath uses artificial intelligence to protect against ‘Layer 7’ DDoS attacks.
AI inspects traffic and compares it against known malicious patterns and signatures. If malicious traffic is detected and a threshold is breached all suspected traffic can be challenged with a CAPTCHA to verify there’s a human behind that traffic.
Nowadays, most DDoS attacks come from botnets, which are essentially large numbers of compromised network devices. Attackers control these botnets to simultaneously bombard services with millions of requests.
Stackpath WAF implements botnet detection which tracks and fingerprints botnets as they evolve. Once botnets are labeled and their attack patterns are stored, DDoS traffic from those networks is instantaneously stopped.
Stackpath WAF DDoS protection service defends from UPD, SYN, and HTTP based floods, but is also continuously learning to identify new and creative ways attackers are disrupting services.
Pricing for Stackpath WAF services depends on the amount of the number of requests your application or website receives. The lowest tier available can process 10 million requests, comes with five custom rules, and covers both application and network layer DDoS attacks starting at $10.00 (£7.71) per month.
Apptrana operates as a web-based DDoS protection and mitigation service that utilizes a vast network of AWS servers across the globe. Since Apptrana works by filtering and inspecting all incoming traffic, it is always ‘on’ and protecting whatever web-based application you put behind it.
Much like Stackpath WAF, Apptrana has a botnet identification process where the filter is able to differentiate between bad bots and good traffic. This is done by both analyzing the trafficking on an individual basis, as well as using pattern recognition methods across all of Apptrana’s clients.
To ensure the least amount of false positives and the widest protection coverage, Apptrana utilizes its own Global Threat Intelligence platform. This system aggregates data from multiple feeds and combines it with accurate threat intelligence based on the results of prior successful scans.
In addition to this Global Threat Intelligence Platform, Apptrana also uses its AI to monitor customer baseline averages. This looks at and records how normal traffic operates on an application. If a deviation or anomaly is detected, certain actions or alerts can automatically be executed to help identify bad actors before an attack is carried out.
With Apptrana the entire DDoS protection service is taken care of for you, meaning there are no rules to configure, alerts to manage, or setup required. Apptrana is a done-for-you service, which for nearly all companies is a great solution. However, for those technically inclined who want to make their own changes and configurations, this leaves you at the mercy of the Apptrana team.
Apptrana pricing is currently not posted on their website, however, you can sign up for their DDoS protection service through their 14-day free trial.
Choosing a DDoS Protection Service
In this article we’ve narrowed down the best DDoS protection services to just seven products, but which one is right for you?
For most medium to large-sized MSPs and IT departments, SolarWinds Security Event Manager will give you the best balance of protection and control over your security and traffic.
SolarWinds SEM comes out of the box with best practices in place while still giving you granular control over exactly how that traffic is handled.
If you run a non-profit, news agency, or are involved with a political party, Project Shield is a great free DDoS protection service specifically designed for those industries.
Have you ever been on the receiving end of a DDoS attack? How did you handle it? Let us know in the comments below.