We've dealt with these guys too too. There are lots of providers; I've used ones through ISPs and they can work well. Our only issue is that the ISP we were talking with only had XYZ Gb of mitigation, and Prolexic has a ton more capacity (in the hundreds of gigabits when I last checked). Prolexic is the go-to company for handling large-scale DDoSes. We haven't yet tried the service, but they've been extremely professional. Every time we're on the phone it's with engineers that know their stuff. Ultimately you're going to want to have a mix of internal mitigation and one or several providers if you're a big target. I doubt anyone is going to be perfect -- it's simply impossible. Heck, lots of the attacking "bots" are just spyware on legitimate users' PCs, so obviously they will get blocked. My personal experience is that when you're dealing with a DoS at the scale that you need Prolexic, there is simply no one else that can handle that level of traffic. -Andreas On Sat, Oct 22, 2011 at 6:22 PM, Jimmy Hess <mysidia@gmail.com> wrote:
They say that "When an attack is detected, our protection services are implemented within minutes. Upon activation, a Prolexic customer routes in-bound traffic to the nearest Prolexic scrubbing center where proprietary-filtering techniques, advanced routing, and
On Wed, Oct 19, 2011 at 8:46 AM, Vlad Galu <galu@packetdam.com> wrote: patent-pending hardware devices
remove bot traffic close to the source."
If that's true, that they have a technology that is so good they will only describe it as proprietary magic, that will efficiently scrub all bot traffic and not scrub legitimate traffic, and it really works every time, and they've persuaded you/made a convincing argument, i'd be thrilled. But probably there is no way to validate that it will actually work to your satisfaction against whatever sort of attack you face, before actually buying the service.
If they are confident it is so great, they ought to be happy to either price your cost of the service based on its effectiveness or otherwise provide you a very good SLA, clearly stipulate what they can and can't handle, both in terms of type of attack, and volume of attack (realistically, there is some flood volume that will exceed _any_ service's capacity). Make sure they will waive fees, early termination fees at least, fees for "protection they failed to provide" at least, and give you a cancel option/way out, should their technology fail to be as effective as their marketing would have you believe, and make sure they have a burden of proof under the SLA to show their protection service worked properly after an incident, rather than you having to prove it did not.
Clearly you would want to discuss the technical details with them and costs, whether some sort of subscription or per-incident; that protection services are only implemented "when activated", indicates there is cost or technical disadvantage during any time you choose to have "protection active"
- -JH