NSS defines distributed denial-of-service (DDoS) prevention solutions as in-line devices (whether routing or transparent) or as out-of-band solutions capable of interacting with an existing routing and switching environment using industry-supported protocols (including routing protocols such as BGP). These solutions must detect volumetric, protocol, and application attacks. DDoS prevention devices should be able to scale quickly in order to continue processing and mitigating the large amount of traffic during a DDoS attack.

This methodology describes how NSS will evaluate DDoS prevention products to provide an objective and fair assessment of the technology.