Outsourcing DDOS

Sun Oct 23 01:22:24 UTC 2011

On Wed, Oct 19, 2011 at 8:46 AM, Vlad Galu <galu at packetdam.com> wrote:
> They say that "When an attack is detected, our protection services are implemented within minutes.
> Upon activation, a Prolexic customer routes in-bound traffic to the nearest Prolexic scrubbing center
> where proprietary-filtering techniques, advanced routing, and patent-pending hardware devices
> remove bot traffic close to the source."

If that's true, that they have a technology that is so good they will
only describe it as proprietary magic, that will efficiently scrub all
bot traffic and not scrub legitimate traffic,  and it really works
every time, and they've persuaded you/made a convincing argument, i'd
be thrilled.  But probably there is no way to validate that it will
actually work to your satisfaction  against whatever sort of attack
you face,  before actually buying the service.

If they are confident it is so great, they ought to be happy to either
price your cost of the service based on its effectiveness or otherwise
 provide you a very good SLA, clearly stipulate what they can and
can't handle,  both in terms of type of attack, and volume of attack
(realistically,  there is some flood volume that will exceed _any_
service's capacity).   Make sure they will waive fees, early
termination fees at least, fees for "protection they failed to
provide" at least, and give you a cancel option/way out, should their
technology fail to be as effective as their marketing would have you
believe,    and make sure they have a burden of proof under the SLA to
show their  protection service worked properly after an incident,
rather than you having to prove it did not.

Clearly you would want to discuss the technical details with them and
costs, whether some sort of subscription or per-incident;  that
protection services are only implemented "when activated", indicates
there is cost or technical disadvantage  during any time you choose to
have "protection active"

-
-JH