In the face of more sophisticated and frequent DDoS attacks and stricter regulatory requirements like DORA, banks will be under increasing pressure in 2025 to do more to improve their resiliency.
What does it mean for a large bank or financial services organization to be truly resilient against DDoS attacks? Not that long ago, this would have been an easy question to answer โ employ the services of a cloud DDoS mitigation provider with the global reach, capacity, and track record in handling even the largest DDoS attacks.
The persistence, frequency and ingenuity of DDoS attacks, however, has made this situation much more complicated. No matter how good, one provider is, a sole provider solution is no longer enough to ensure true resilience. Today, true resilience requires redundancy, which means having a second backup service for the primary mitigation. The principle is sound. After all, having two of something is always going to be more reliable than having one.
Alsoย Read:ย The Arbitrage Opportunity of Small Language Models: Unlocking AI Efficiency and Performance
But thereโs a catch hiding in this that deserves attention. Banks can use two DDoS mitigation providers – a primary cloud service with a secondary backup waiting in the wings – but they have absolutely no guarantee this setup will work smoothly should the rainy day arrive. Under real-world conditions, any number of things can go wrong. Either of the providers might have an outage but working out which is the cause could prove time-consuming.ย Even if the problem is quickly identified, switching traffic from the primary to the backup still requires bank IT departments to solve a range of technical and routing challenges.
Modeling these issues can be complex in ways that vary widely depending on the banks geographical locations and application mix. There is no manual to look up for answers. What this is telling us is that DDoS mitigation redundancy should never be seen as a simple tick-box exercise in which two providers automatically double the protection afforded by one.
This dual operation, however, should be made much easier for financial institutions to manage. What is not in doubt is that the DDoS mitigation sector has within its power the ability to overcome these challenges if it makes them a top priority. In the meantime, how should financial institutions approach resilience and redundancy?
Ensuring supplier diversity
Itโs tempting to read the words โcloud DDoS mitigationโ in the marketing spiel and assume that every service is the same or similar. This is not the case. The market is still young and is dominated by a clutch of companies with distinct histories. Some also do other things, for example act as CDNs, while others have always specialized in DDoS mitigation.
This means that the features vary from provider to provider with some offering better capabilities when countering specific types of DDoS attack or in specific geographies. Today, DDoS mitigation provision is rarely truly global. The key to DDoS risk management, therefore, is supplier diversity. For the best protection, customers should look for providers with complementary capabilities, where one provider can shore up any features gaps in the other.
Evaluating the use of inhouse equipment
Some providers use equipment of their own design while others buy this from third parties. The advantage of using inhouse equipment is a more rapid development path for new features and innovations, especially those at lower levels of the networking stack. In DDoS mitigation, good integration and feature development always matters at deeper levels of the stack.
Moving beyond carrier-specific, localized platforms
In the past, DDoS mitigation services were carrier specific and localized, which forced organizations to run different providers on different circuits into their network. In principle, cloud platforms solve this issue, but it is worth checking on the geographical coverage to ensure this is the case.
Alsoย Read:ย Ensuring High Availability in a Multi-Cloud Environment: Lessons from the CrowdStrike Outage
Determining how fault resolution and failover will work
If you run two DDoS mitigation providers at the same time, the obvious question is how a problem on one will be detected and how failover will happen from one to the other. In practice, this can be difficult to know in advance. DDoS attacks donโt announce themselves and tracking down the location of an outage or slowdown can be time consuming in a sector expected to keep services up and running 24×7.
Underlying this is the inherent difficulty of shifting traffic from one provider to another at a networking and routing level. Providers could collaborate on this to improve interoperability but that is unlikely to happen. DDoS cloud security platformsโ end customers will need to solve this problem for multi-provider DDoS mitigation to meet its promise.
Achieving true DDoS redundancy is about more than having a backup
In the future, maximum DDoS protection will be dependent on the ability to run complementary solutions simultaneously and equally (even during peacetime), taking full advantage of the benefits that each side offers. That way you can model how each provider responds in advance and be sure that the secondary mitigation service will work as advertised when required to.
This multi-cloud supplier, active-active state is not where most financial institutions are today but could soon be best practice and put networking strategies under more scrutiny.
The future of DDoS mitigation
Today, DDoS mitigation is still defined by the idea that organizations employ a second provider to cover for the first. This is a very narrow framing that ignores the complexity of getting this setup to work using todayโs technology. The goal should be to use two providers in an integrated fashion, running simultaneously to provide true redundancy without caveats or complexity.
Financial institutions should not need to rely on the features, capabilities, or reliability of any single provider. The industry could standardize some of this, of course, but it is more likely that innovations within individual mitigation providers will improve multi-provider DDoS interoperability.
