Technology tends to use a lot of words interchangeably, as if even subtle differences in meaning aren’t relevant. But in some cases, the difference between using one word or another is actually pretty profound. Like the difference between defending and protecting.
While essentially these two are synonyms, consider that defense is usually more reactive; it implies that you’re being attacked and defending yourself (or others). On the other hand, protecting invokes a more proactive system; one that’s “out there, somewhere.”
defense : the action of defending from or resisting attack
Defense implies that something is already happening. Our action is reactive rather than proactive. In too many instances this means the attacker is inside our perimeter.
protection : the state of being kept from harm, loss, etc. : the state of being protected
Protection implies a more proactive approach, that we’ve taken steps to provide for protection already. We aren’t actively being attacked, we’re just preparing for it.
Now perhaps I’m being pedantic (it wouldn’t be the first time) but such subtle differences are important when you start applying them to your applications (and thus the data they have access to). The reality is that because of the way attackers are ramping up multi-vector attacks, you need to both protect and defend applications. Volumetric attacks are designed to saturate resources. Your network, your routers, your firewalls. App specific attacks go after your app resources, overloading servers (because they only have so much memory and I/O and disk capacity) in order to bring the business to a screeching halt. Productivity suffers when corporate users are unable to access the increasingly cloudified business apps they need to do their jobs, and profits suffer when consumer customers can’t browse and buy and generally do business with you because of unresponsive or unavailable applications.
That’s why it’s called a denial of service attack. It denies service to internal and external users by saturating networks and overwhelming servers. Really, they should be called a denial of business attack because that’s ultimately what these increasingly large attacks are doing.
And you’ve got defenses in place; you’ve got an on-premise firewall along with several other security-related services. I know you do, our State of Application Delivery reports tell us security services dominate the 10 or more app services most organizations deploy to deliver apps. But those are defensive; the attack is already at the gates, as it were, where bandwidth is limited and the business’ digital resources are going to be quickly consumed. On-premise protections in the face of a massive, multi-vector attack is the equivalent of fixing bayonets when the attackers breach your lines.
Cloud-based protection, on the other hand, has far more bandwidth and resources in general available with which to fend off attackers. It keeps them out there, away from all the apps and data tucked neatly on-premise and unable to saturate your network connection faster than a rain storm in the Mohave desert.
There’s a reason we call it DDoS protection and not DDoS defense. Because cloud-based DDoS protection is about preventing business disruption by keeping the vandals off the lawn in the first place. It’s about intercepting the bad guys at the end of the street and holding them off, well away from the business’ crown jewels: its apps and data.
Given the state of the Internet and security these days, no one would seriously suggest abandoning defense in favor of protection. Neither should they suggest conversely. Given the serious consequences of a breach, or disruption of service, on the business (and the brand, by the way), it’s better to both protect and defend those assets and resources critical to modern business continuity. Because it’s not just disasters that interrupt business anymore.
About the Author
Related Blog Posts
SaaS-first strategies reshape cloud-native application delivery
F5 NGINXaaS empowers cloud and platform architects to unify operations, reduce complexity, and deliver exceptional digital experiences at scale.
F5 ADSP Partner Program streamlines adoption of F5 platform
The new F5 ADSP Partner Program creates a dynamic ecosystem that drives growth and success for our partners and customers.
Accelerate Kubernetes and AI workloads with F5 BIG-IP and AWS EKS
The F5 BIG-IP Next for Kubernetes software will soon be available in AWS Marketplace to accelerate managed Kubernetes performance on AWS EKS.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.