One of the golden rules in business is to know thy customer, and the Internet Security game is no exception to this axiom. When protecting a customer website from attacks, it’s essential to know every customers website features and pattern, whether it be the layout of the site, platform it is developed on, and the traffic profiles it generates (eg. Visitors of a website are primarily from the east coast and tend to use Safari as the web browser, coz’ it’s a Mac reseller website in New York). Being able to capture and trend this information is important for the end customer, from an accountability and business continuity viewpoint. It’s also important for the Service Provider who is responsible for maintaining the uptime, and helping the customer grow their business.
That’s why I’m perplexed in seeing a rash of would be Internet Security services selling cheap or even free DDoS services. Taking a look at some of their offerings, you’ll see a checklist matrix of services interspersing Caching, & Content Delivery Services, Web Security & Firewall, Analytics, Support models, etc., all with a pricing model that’s reminiscent of a Netflix subscription. It begs the question; do they really know their customers? Does their Security Operations Center (SOC), know the traffic profiles of their customer website when they are not under attack? Would they be able to compare today’s traffic profile to yesterday’s? How about a week before? A month? And how does this fixed model pricing and product offering scale with the ever-evolving landscape of DDoS?
If I had to make a conjecture where this checklist strategy is derived from, I’d say it was for the following reasons:
- Recruitment of Guinea Pigs – A business who’s expanding away from their core competency and engaging in new types of services, needs test data at the production, administration and billing level for these new services. What better way to get these guinea pigs by giving away the service for free? Want a refund for failing to deliver? Sure, and thanks for providing all the valuable data while your site was being ‘protected’.
- Bait & Switch – Aggressive advertising that alludes to a full suite of services when you sign up, only to find out that various restrictions apply at each tier level. Signed up for DDoS protection at $8 a month? That means you only get spam filtering, and hopefully no more Nigerian gov’t officials promising you untold wealth opportunities. Not much comfort when you’re getting blitzed by 30 Gb/s of UDP, but hey, your mailbox is clean.
- Restrictions Apply – I’ve seen this in the hosting game, where the customer signs up for cheap hosting with no bandwidth caps, only to be kicked off if they actually use it. Similarly, you’ll get protected for up to 2 Gb/s of DDoS traffic at a base package, unless you actually incur a 2 Gb attack. Kind of like an insurance policy without a payout.
- Marketing Strategy – pricing tables are an oft-used technique to create an understanding of the various services a company has to offer, and makes the audience think exclusively towards that provider for options if they need to scale their requirements. A great breakdown of this strategy can be seen here: http://uxmovement.com/content/7-useful-design-strategies-for-a-successful-pricing-table/
Granted the same outfits offering these low end DDoS Protection services sometimes have higher end offerings, which presumably have higher capabilities and reporting. But you have to ask yourself, would you feel comfortable knowing your high end services are sharing the same resources as the multitude of freebies dragging their attacked websites onto your providers infrastructure? I’m sure these providers are able to kick off the lower end clientele at any time, and just null route their attacks to ensure stability for their higher end customers, but I have to ask the question, why bother in the first place?
At DOSarrest, our focus is only on helping those customers who need absolute 100% uptime for their web presence. By having a direct relationship with the customer and firsthand knowledge of their web resources and traffic patterns, we’re able to meet this need.
Chief Technical Officer, DOSarrest Internet Security