The implementation of distributed denial-of-service (DDoS) prevention devices can be a complex process, with multiple factors affecting the overall cost of deployment, maintenance, and upkeep. Enterprises should include the total cost of ownership (TCO) as part of their evaluations, focusing on the following at a minimum:

Acquisition costs for DDoS prevention devices and a central management system (CMS)
Fees paid to the vendor for annual maintenance, support, and signature updates
Labor costs for installation, maintenance, and upkeep
No two network security systems deliver the same security effectiveness or performance, making precise comparisons extremely difficult. In order to enable value-based comparisons of DDoS prevention products on the market, NSS Labs has developed a unique metric: TCO per Protected Mbps. See Figure 1 for details.

Within a given performance range (NSS-Tested Throughput), the TCO per Protected Mbps metric provides clear guidance as to whether a product’s price is higher or lower than the majority of its competitors. A high price could indicate a premium based on security effectiveness, brand recognition, or level of customer service. Conversely, a high price could also be a penalty for purchasing an underperforming product.