The Peakflow appliances are designed to detect and mitigate traditional high-volume DDoS attacks, such as SYN floods, which service providers are well-positioned to deal with. However, more targeted, application-layer attacks go after the enterprise web server. Detection requires inline packet inspection, which would be prohibitive in terms of cost and possibly performance for massive volumes of network traffic at the carrier or ISP level.
"There's been an uptick in application-layer attacks; they have a similar objective to high- volume attacks, to inundate resources so they don't function," says Michael Suby, director at Stratecast, a division of Frost & Sullivan. "Attacks are going up in total, and neither type is going down."
Application-layer attacks can't be detected with network-based anti-DDoS technologies because they don't meet the bandwidth thresholds for anomalous traffic volume. They fly beneath the threshold of requests served by a web server, Suby says, and exploit certain types of requests that are consuming resources.
Enterprises have a number of anti-DDoS options, including buying excess bandwidth from their providers to meet surges in demand, as well as to absorb the impact of attacks. In addition to network-based protection from ISPs, enterprises can purchase focused anti-DDoS services from companies such as Verisign.