Hi Simon, On Mon, 29 Apr 2013, Simon Green wrote:
> We're looking at DDoS mitigation options at the moment, and one vendor > we've spoken to has recommended NSFOCUS and their ADS line. Has anybody > had any experience with these or similar, and also any ideas on > competitor costs? You need to consider what kind of DDoS attacks the appliance is good for and where you place it. Even if you give the product you mention the benefit of the doubt and assume it's good a handling 'high-brow' attacks (those that target L7 vulnerabilities, or OS-level resource starvation) it's not going to be much use sitting on your end of a 1Gbps connection to your carrier(s) when somebody throws something neanderthal like a 1/10/100Gbps (or Mpps) SYN flood or DNS reflection attack at you. Think about what kinds of attack you are trying to beat. An endpoint appliance might be a good option as one component in your defence - something to handle the subsets of attacks that can be sustained by your underlying network infrastructure. Once that infrastructure starts to get congested you need to look at solutions that stop the malicious traffic before it gets to you (disclaimer, I work for one of those solutions). -Ronan
