Level 3 outage map from 2016 DYN DDoS Attack
Level 3 outage map from the Dyn DDoS attack

The summer before I joined Forrester, I volunteered briefly in the local prison library. The work was fulfilling, but it definitely had its prose and cons. Speaking of prose, you’re about to be treated to a lot of it, because we just published “The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021,” and there’s a whole bunch to unpack. In our report, we evaluated the top 11 distributed denial-of-service (DDoS) protection providers. In the course of our research, we uncovered some significant trends in this mature market. There’s some really interesting innovation around pricing, and we’ll be pushing out a special blog dedicated to that next week. For now, onward with the other insights!

Gasp! It’s The Debut Of The Cloud Providers

The last time Forrester published a Wave evaluation on DDoS protection was in late 2017. That 2017 report had no public cloud providers in it. In this latest Wave, there are no fewer than four cloud service providers: Alibaba Cloud, Amazon Web Services (AWS), Google, and Microsoft.

Many of the included vendors have competed in the DDoS space for years, yet the cloud providers did pretty well in the evaluation. This may be a signal for what the market is really looking for. Enterprise clients are telling Forrester that they’re choosing the cloud providers’ DDoS protection (paraphrasing only a little here) “because it’s there — because it would be stupid not to at least try it.”

So we created a criteria for “protecting cloud assets.” As one would expect, the cloud service providers excelled here, but the established vendors’ technical acumen in other criteria gave them an advantage.

Let me, David Holmes, lay it out here: If you are protecting a critical asset, in the public cloud or anywhere else, or a medium-value asset from determined and skillful adversaries, look to the established (or classic) DDoS players with deep technical expertise. But if you’re just protecting a low- or medium-value asset in a single public cloud and mostly looking to “check a box” or put in some basic and cheap protection, look to your cloud provider first.

Cloud Can Protect On-Premises, And Classic Can Protect Cloud

Now, technically, each of the cloud service providers can also protect noncloud assets. Their ability to do so is often rudimentary, rarely taking into account signals from the origin property or integrating protection with on-premises DDoS protection. But they can do it, and it’s cheap. The flip side is also true: The classic DDoS providers can, and do, protect assets in the public cloud.

It might seem architecturally gauche to have your cloud provider protecting your on-prem origin, but in the larger context, you’ll make that decision based on soft factors like your vendor relationship management and your staffing.

Bringing Humans Back To Support

Here’s something we were absolutely delighted to uncover: If you’re under DDoS attack, you can now get a tier 2 or 3 resource (an actual live human) on the phone within minutes from nearly any of these providers — in some cases, less than a minute. Even the cloud providers, who usually (and annoyingly) go out of their way to make sure you never disturb an actual human, make an exception for DDoS support.

This glorious new era of decent DDoS support is a welcome change from years past, when getting human assistance was not a guarantee. That said, there are still a couple of vendors who could do better; see the scores for the support criterion in the Wave for more information.

Congratulations To All

Let us congratulate all the vendors that participated in this Wave. We are confident that we have identified for you, the enterprise buyer, 11 vendors that can protect your digital assets no matter where they are. I haven’t been this excited about research since that paper last year that uncovered that the leading cause of dry skin is actually towels! [Editor’s note: Forrester has no research regarding aquatically challenged dermis.]

But all kidding aside, we’re expecting the market to gobble up this report because of the new class of vendors: the cloud service providers. All of them are new additions to the Wave but have entered the market with reasonable offerings at a reasonable tender. This is healthy competition, and it’s good for you, the buyer.

So go read the Wave, then feel free to reach out for an inquiry. Ask for me, and let’s talk DDoS protection.