US DDoS Attacks and Protection Report, April 2015

The Rise of Hybrid Prevention Strategies to Outperform Attackers


Neustar’s 2015 DDoS Attacks and Protection Report spotlights the risks you face, and shows how companies throughout North America are aggressively defending themselves. The major change this year is the significant increase in the use of hybrid solutions (on-premises hardware plus cloud-based mitigation).

Over 500 executives and senior professionals— IT managers and directors, CTO, CIOs and others— participated in the research. Nearly three-quarters of their companies earn over $1 billion in annual revenue.

Today, few businesses doubt that DDoS attacks are a problem.

Most everyone knows the risks of distributed denial of service (DDoS) attacks. Here are some fresh reminders from this year’s research:

  • 40% of businesses say DDoS attacks are a growing threat to their organization.
  • Nearly 1 in 3 companies would lose over $100K of revenue per hour.
  • Named by 33% of companies, customer support is the #1 area affected by DDoS attacks.
  • Most companies attacked are hit multiple times, with 30% attacked over 10 times annually.
  • 26% of companies attacked suffer loss of customer trust and brand damage.

The question now: what mix of protection strategies works best?

Companies in numerous industries are taking strong action, and many feel they should do more. But many also struggle with choosing the right course. They seek to invest in DDoS protection that aligns with potential losses, their budgetary constraints, and technical environments

  • 31% of businesses now use hybrid DDoS protection—a 55% YOY increase.
  • When a DDoS outage would mean peak-hour losses of over $100K, 94% of financial companies rely on hybrid protection.
  • Only 14% of businesses use CDNs to block DDoS.
  • More than half of businesses are investing more in DDoS protection than they were a year ago.

As the following section shows, companies rely on a number of DDoS protection options.

More businesses are using hybrid DDoS defense.

While the majority of companies still use firewalls to combat attacks, a significant number also use mitigation appliances, cloud-based third-party services, or hybrid solutions that combine both. Firewalls alone are not sufficient; during attacks, they often create bottlenecks and accelerate outages.

In fact, over 30% have adopted a hybrid defense. (In the EMEA version of this same report, that figure is 35%.) With always-on, on-premises hardware blocking attacks instantly, plus cloud-based traffic-scrubbing to handle larger strikes, hybrid solutions offer the best of both worlds.

Investment follows risk.

Among companies whose annual revenue exceeds $500M, 51% are investing more in DDoS protection. 14% of businesses with revenues at these levels and who were attacked in 2014 experienced malware or virus installation; of this subset, 65% are investing more than last year.


As one of the world’s top authorities on DDoS and cyber security, Neustar’s Rodney Joffe has advised the White House and federal agencies. He shared his thoughts about the future of DDoS mitigation:

“The use of website booter services, which lets anyone launch a DDoS attack for as little as six dollars an hour— has become a major source of DDoS attacks, with the sizes dramatically jumping during 2014. As such, it has become clear that that many companies are no longer able to “go it alone” when it comes to fighting off these attacks.”

“At Neustar, we are working with both public and private organizations to strengthen our cyber protection as a nation. This includes working with the online community to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information into ISPs, so they can squelch the attacks closer to the source. We also need to improve visibility and understanding of activities in the criminal underground, so their command and control structures can be disabled rapidly. Finally, it’s important to improve attribution and law enforcement actions to identify perpetrators and bring them to justice.”

“These improvements won’t happen overnight or solve everything, but they could make a significant, positive difference.”


  1. Acceptance of Threat: Most U.S. businesses are aware that the DDoS threat is real—nearly 1 in 3 would lose at least $100K due to a DDoS outage during peak business.
  2. Increasing Investment: over 50% are investing more in protection than a year ago.
  3. Hybrid Strategies: More companies are layering types of protection, with many (31%) adopting hybrid models. In key industries like technology and financial services, the adoption rate is higher (40% or more).
  4. Outperforming Attackers: Companies with advanced mitigation solutions, such as hybrid models, are detecting and responding to attacks at a faster-than-average rate.
  5. Business Impact: The impact of DDoS is felt throughout the enterprise—33% of companies say that customer support is the #1 problem.

To mitigate DDoS attacks, Neustar blends expertise, proven responses, and diverse technologies. Neustar SiteProtect, our DDoS mitigation service, offers options to meet your level of risk, budget, and technical environment: cloud-based protection; on-premise, always-on hardware; or a hybrid of both, fully managed by us. SiteProtect is backed by the Neustar Security Operations Center, whose experts bring years of experience to blocking every attack.

Download Report