A [distributed denial of service]() (DDoS) attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. A DDoS attack is [launched from numerous compromised devices](), often distributed globally in what is referred to as a [botnet](). It is distinct from other denial of service attacks (DoS), in that it uses a single Internet-connected device (one network connection) to flood a target with malicious traffic.

What happens when an organization?s website is under DDoS attack depends largely on how well the victim organization has prepared for the attacks and how effective its [DDoS protection]() service vendor is at dispersing the flood of malicious traffic.

Some organizations rely solely on their ISPs for DDoS protection. [We do not recommend this]() as a principal strategy because ISPs are not set up to stop DDoS attacks. If you do have DDoS protection as part of your service agreement with your ISP, we recommend [Contingency DDoS Protection]() as a defense-in-depth measure.

Other organizations rely on application security providers to immediately identify a DDoS attack on their website and automatically take steps to disperse the bad traffic in order to maintain website performance and business continuity. Once bad traffic has been identified, the DDoS protection technology often diverts it to DDoS-resistant data centers at specific points of presence where the attack can be absorbed without affecting website performance.

## The role of PoPs in DDoS attack mitigation

Application security providers often go to great pains to tell anyone who?ll listen about their extensive network of point of presence (PoP) DDoS-resistant data centers. To be sure, the number and strategic positioning of PoP sites worldwide can be critically important to the provider?s ability to successfully mitigate the negative effects of a DDoS attack, but not all PoP sites are created equal. In this post, we?ll explain what PoP sites are, what they offer, and what you should look for from an application security provider?s PoP sites to ensure you can separate the hype from the reality when choosing a DDoS protection solution.

A point-of-presence is the physical location where two or more types of communication devices establish a connection. Point of Presence data centers in high internet usage areas enable websites to speed up their responses to internet queries. The same functionality that enables PoPs to ensure optimal website performance in high-traffic environments also makes them ideally suited to disperse DDoS attack traffic.

## Why not all PoPs are created equal

You need, first and foremost to look for single-stack solution PoPs from your solution provider. A PoP needs to cover [WAF](), [CDN](), [ABP](), and [API Security]() as well as [advanced DDoS protection]() together. Some solution providers have PoPs across the globe that are ?single solutions.? This means some PoPs are for WAF, others for CDN, etc. So a provider may assert they have thousands of PoPs worldwide, you need to know how many of them are dedicated to DDoS attack mitigation.

When you are under attack, your DDoS solution provider routes your traffic to one of these scrubbing center PoPs. This can be a problem because it takes valuable time during the attack to get your traffic routed to a PoP set up for DDoS mitigation. This extra time is likely to affect the performance of your site. So it really matters less how many PoPs a solution provider has. Of that number of PoPs you must know how many offer the technology needed to mitigate a DDoS attack.

## Three PoP essentials your solution provider must offer

1. **Single stack solution PoPs.** Your provider should offer every technology, including DDoS mitigation, in every PoP across the world. These single stack solution PoPs must be sited in key highly trafficked, highly developed and densely populated areas of the world.
2. **Proprietary technologies only in their PoPs.** Many providers, even if their PoPs do offer a single stack solution, often buy other technologies to perform critical functions in their stack. Look for a solution provider that maintains its own infrastructure.
3. **A straightforward role for their PoPs in their SLA.** As [we have discussed before](), Service Level Agreements (SLAs) with solution providers can be tricky. A true SLA will state, in plain language, that the provider?s dedicated PoPs will start mitigating a DDoS attacks in x seconds – without any couching or caveats.

Find out how Imperva?s PoP network is designed to mitigate DDoS attacks and still enable top website performance. [Contact]() an Imperva Solutions Representative.

The post [In the Fight Against DDoS Attacks, not all PoPs are Created Equal]() appeared first on [Blog]().Read More