PUBLICATION & RESEARCH LIBRARY

Authors: NSS Labs

Publish Date: January 30, 2014

NSS defines distributed denial-of-service (DDoS) prevention solutions as in-line devices (whether routing or transparent) or as out-of-band solutions capable of interacting with an existing routing and switching environment using industry-supported protocols (including routing protocols such as BGP). These solutions must detect volumetric, protocol, and application attacks. DDos devices should be able to scale quickly in order to continue processing and mitigating the large amount of traffic during a DDoS attack.

This methodology describes how NSS will evaluate DDoS prevention products to provide an objective and fair assessment of the technology.