Although distributed denial-of-service (DDoS) attacks are not new, they are more effective today than ever before. Motivated by factors such as hacktivism and financial gain, attackers launching DDoS campaigns aim to take down websites or block transactions to cause visible and potentially far-reaching business disruptions. In an effort to mitigate the impact of these attacks, enterprises turn to DDoS protection technology. Enterprises can use the information in this brief to gain critical insights into the purpose and use of DDoS prevention technology. These insights include information on how this security control is being managed within organizations, where it is deployed, who is responsible for purchasing decisions, and the extent to which API controls are being used for its management.