Akamai Prolexic compared to Radware for DDOS

I thought it might be useful to put some information together to compare Akamai and Radware.

Akamai is all about depth, breadth, and years of experience in the Internet landscape. This is the primary reason I selected ITogether to sell their service over Arbor (they came a close second and Arbor have very good heritage in the market)

Organisations need to ask themselves are they simply ticking a box in which case just go for the cheapest solution they can find. Or are they really after a “fit for purpose” and effective solution in today’s threat landscape of high volume first punch attacks, which can be part of a blended attack event using multiple tools ? When under the attack you need to be protected by the biggest player in the world. Anything smaller and there is a risk that they can’t cope with an attack directed at them and you or that the service they provide is ineffective. Akamai deal with around 20 worldwide incidents with customers per day. Many of the staff I’ve spoken to at Akamai told me about their concerns of Radware to be able to handle multiple customer attacks and whether they had enough bandwidth to handle the large volume attacks today (400-600Gbps throughput level)

As many tools can be used by the attackers, Akamai does NOT rely on a simple technology to defend it’s customers. They have 20 technologies in their worldwide scrubbing centres, all selected as best of breed at certain mitigation tasks (I spoke earlier about the other company I considered in the DDOS landscape and that Gartner pay attention to, and it is Arbor Networks). Akamai use Arbor in their scrubbing centres as one of the 20 technologies. I think this is particularly relevant to customers invariably wanting an ‘aways’ on solution and a ‘clean pipe’ solution. I think this is sensible and the way the market is thinking.

Organisations such as Radware and others (Arbor have their own cloud service and on-premise solution rather like Prolexic) just use a single appliance (DefencePro) to try and cover everything. The Radware appliances are good as mitigating SYN Floods, but with high packet volume attacks the CPU is exhausted and the appliances performance falls off a cliff. So that approach is simply not robust or capable enough in todays world and leaves gaps in an organisations defences. Much akin to a ‘single firewall’ solution would be frowned upon in the financial services space still.

Akamai and Prolexic have been doing this a long time, (Akamai bought Prolexic in 2014) they also invest a lot in continued enhancements. For example in mid 2015 a project to grow the capacity in various areas of the security infrastructure was initiated with a budget of $100,000,000 (100M USD) they have to do this to cope with increasing worldwide hunger for bandwidth in the broadband and 4G space.

Potential DDOS cloud customers need to ask the competition about their real world experience. For example what they were doing when Operation Ababil was going on in 2012. Akamai was defending multiple financial institutions simultaneously from the largest cyber attack event in history of online financial services. The Radware answer will be that they weren’t able to do anything as they had no cloud in the case of Radware and weren’t even in existence in the case of Zen Edge (From their website).

Radware say, “We completed our first round of funding in October 2014 and launched out of stealth in January 2015.” yet on another part of the website they claim 200 years experience, clearly this is a marketing lead positioning statement.

Akamai and Prolexic were already around a long time prior to 2014.

I noticed from a 2015 Gartner report I have read that Radware doesn’t figure on many customer’s shopping lists (for both WAF and DDOS) – and they are regarded as niche. Not a main player.

This entry was posted in Managed Service, Network Security, Opinion. Bookmark the permalink.

Leave a Reply