The skyrocketing frequency and intensity of DDoS attacks has enterprises flocking to cloud scrubbing providers. This is an understandable reaction given the hysteria-inducing media reports of colossal attacks capable of crippling the most important element of running a business: availability. However, when you take a closer look at attackers’ strategies, it becomes clear that cloud scrubbing alone is not enough. A hybrid of context-aware, surgically precise on-premise defense and cloud scrubbing for volumetric attacks is the most effective and cost-efficient solution to defeat modern, sophisticated DDoS attacks.

Why Cloud Scrubbing Alone is Not Enough

Cloud scrubbing and clean pipe services are critical for enterprises when attacks grow past their internet capacity. But these services only achieve partial DDoS resilience, because enterprises must also defend their value-generating applications and valid users’ availability. Distinguishing which accesses are valid and which are initiated as part of slower but equally deadly network or application resource exhaustion attack requires contextual awareness of the unique characteristics of on-premise network, application and normal user behavior. Upstream scrubbing services are largely black boxes to business subscriber and are limited in their ability to provide full spectrum attack protection.

DDoS Attacks Come in Many Flavors

Cloud scrubbing is most effective when attack volume grows beyond the capacity of an enterprise’s internet pipe. Enterprises need to complement their cloud solutions with the surgical precision and context-aware controls not available in cloud defense.

DDoS Attacks Are Not Always Volumatic

According to IT managers, 25% of attacks observed were volumetric in nature, while 75% of the attacks target specific network and application elements of their infrastructure.

DDoS Attacks Come in All Sizes

Cloud scrubbing traffic swings can be disruptive and costly. 77% of attacks peak at less than 10 Gbps and nearly half of all attack volumes are less than 1 Gbps. These attacks should be surgically deflected on-premise.

DDoS attacks are increasingly being used by malicious actors as a smoke screen to cover up data breaches and for extortion,” said Jeff Wilson, senior research director of cybersecurity technology for IHS Markit, a global business information provider. “Today’s enterprises need smart, scalable hybrid DDoS defenses that cost-effectively leverage the best of on-premises security for deep inspection and the power of the cloud for massive scalability.”


Our full spectrum enterprise hybrid protection defends against DDoS attacks that threaten your network, your revenue and your reputation. We combine powerful on-demand cloud DDoS scrubbing with the surgical precision of our on-premise A10 Thunder TPS to protect against large volumetric, network, application and slow-and-low attacks. The result: complete hybrid DDoS defense

1. Full Spectrum Protection

Shield your network against sophisticated attacks at the application and network layers on-premise with on-demand volumetric attack cloud scrubbing.

2. Surgical Precision to Protect Your Users

DDoS attacks are largely brute-force, but DDoS defenses must be precise, with the ability to intelligently distinguish legitimate users from attacking bots. We track over 27 traffic behavioral indicators and apply of our five-level automated mitigation escalation to minimize false positives and false negatives.

3. Actionable DDoS Threat Intelligence

The DDoS threat landscape continues to grow across the internet. A10 DDoS Threat Intelligence service provides accurate and timely intelligence that includes millions of known DDoS botnets (e.g. Mirai) and agents used for reflection attacks (e.g. DNS). Thunder TPS supports Class-list that scale up to 96 million entries to make the threat feed actionable to stop DDoS attacks in their tracks

4. Affordable Scaling

Thunder TPS delivers more performance in any form factor over legacy vendors with 2 Gbps to 152 Gbps in a one RU form factors that make economic sense for companies of any size.

5. Scale for Volumetric Attacks

Our cloud scrubbing service is backed by purpose built, globally distributed scrubbing centers scaled to handle the largest known DDoS volumetric attacks, all orchestrated by A10 DDoS Security Incident Response Team (DSIRT).


National Dong Hwa University deployed A10 Thunder TPS® to mitigate application layer and resource attacks to protect its campus and the other universities and schools it supports as part of the Taiwan Academic Network (TANet).


Available in a wide range of form factors, A10 delivers on-premises and cloud-based DDoS defense solutions for the most challenging environments.

DDoS detection and mitigation

Thunder TPS

Management and Reporting


Cloud DDoS Scrubbing

DDoS Protection Cloud

Additional assets

White Papers
2017 DDoS of Things Survival Guide
Solution Briefs
DDoS Destruction: Defending Online Gaming Networks
Solution Briefs
Ensure Enterprise DDoS Resilience