Is Proactive DDoS Defense Worth the Cost?

At NETSCOUT we continuously work with customers to gain information regarding how much impact our distributed denial-of-service (DDoS) offerings have on their ongoing security concerns and challenges. Because it is difficult to get customers to commit to providing the input for a long-term analysis of their DDoS protection efficiency, we decided to conduct a Forrester Total Economic Impact (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying NETSCOUT Omnis Arbor Edge Defense (AED). The purpose of this study was to provide readers with a framework for evaluating the potential financial impact of Omnis AED on their organizations. 

For the purposes of this study, Forrester combined the results of interviews with four organization decision-makers that had experience using Omnis AED into the results for a single composite organization. The objective of the framework was to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact Omnis AED can have.

For our purposes, NETSCOUT was very interested in how the decision-makers perceived the value of DDoS protection for some of the current threats in the DDoS landscape. 

One of the big areas we observed in our 2H 2021 Threat Intelligence Report was the increase in complexity of attacks and the adoption of adaptive attacks in which attackers change vectors when they recognize the protection being used. The preferred method for mitigating these adaptive or automated attacks is an automated defense. One participant put it this way:

Previously mitigation would take couple of hours; with AED, it takes five minutes. We saved a lot of time since [attacks are] mitigated by AED automatically.

Another topic that has become top of mind over the past year has been direct-path DDoS attacks executed with server-class botnet armies that engage high-powered servers, turning them into larger botnets to increase the effectiveness of TCP and SYN-ACK attacks. Direct-path DDoS vectors displaced reflection/amplification attacks in 2021. In fact, SYN floods joined ACK floods as the top two vectors for 2H 2021. Some of the participants experienced this, and one government security operations manager had this observation:

DDoS is very dynamic and complex, including the use of botnets, and in order to be in this dynamic situation, we needed a more intelligent solution.

The other value driver we wanted to understand relative to the participating organizations was their use of AED as a proactive defense focused on indicators of compromise (IoCs) to block nefarious communications to the bad guys’ command and control infrastructure, which can stop potential future attacks. As one participant reported:

AED provided a preventive approach with greater protection for both inbound and outbound traffic.

Beyond attaining an understanding of how our offerings were meeting customers’ expectations and helping them overcome their DDoS security challenges, we also wanted to see the cost savings and productivity gain implications. Some of the key findings that stemmed from this effort were extraordinary and were supported by risk-adjusted quantifiable benefits, as shown in the Forrester figures included here.

In total, the effort used to create this analysis met the initial objectives. The framework Forrester employed not only identified the costs and benefits that affect the investment decision to use AED but also made it clear that the ROI is positive for the purchaser. More importantly, the study demonstrated that customers who invest in best practices for on-premises DDoS protection can rely on that defense to alleviate their security challenges. As one participant commented:

Peace of mind is a very important part of what NETSCOUT AED delivers.

Download “The Total Economic Impact of NETSCOUT Omnis AED” to see how Forrester and NETSCOUT measured the ROI for one key software solution.