International Cyber Expo International Cyber Expo
  • About Us
Wednesday, 15 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Proactive vs. Reactive: Which is Better for DDoS Defence?

by The Gurus
January 29, 2018
in This Week's Gurus
Share on FacebookShare on Twitter

Distributed denial of service, or more commonly abbreviated as DDoS, is a classic form of cyber-attack in the world of enterprises. The last 18 months has ushered in the era of supercharged, colossal DDoS attacks capable of reaching 1Tbps and more. IT professionals across the world have taken notice and are ready to combat this. Whilst there are many ways to fight DDoS attacks, like scaling and bandwidth metric analysis, in my experience the best methods are proactive and reactive deployment modes.

The question now is, which is the better deployment mode? Both have pros and cons, so perhaps the best way to answer this question is to break it down and see what fits best for your business.

To figure out which of these methods is best for enterprises, we should first explain what ‘proactive’ and ‘reactive’ methods of deployment actually mean. Like the name implies, the proactive mode of DDoS defence is when your defences are constantly looking for potential attackers. A proactive mode uses an in-line tool that has 100 percent visibility through packet analysis. It checks the credentials of every piece of traffic received and uses pre-determined information and behavioural indicators to decide what could be a bot or an attack and blocks it, while allowing regular, human traffic through.

Reactive is the opposite or proactive. With a reactive mode, you leverage the flow data that is available from the edge routers and switches, and perform meta-data analysis to try to detect anomalies.  If this packet analysis gets a hit on something dangerous, like a DDoS attack, it then reacts by inserting the mitigation device. This means the mitigation of traffic only activates once a danger has been detected, rather than all the time.

Based on those definitions, which is the best for business?

Proactive often sounds better, as it is always on and active. Proactive also has the highest resolution detection capabilities available. Some examples of where proactive is used is with real-time applications like those found with voice, video and gaming software, or when protecting critical things like DNS infrastructure.

All good things have a downside, however, and for a proactive mode it is the price. As the system is always on and requires 1:1 capabilities, it can be expensive to set-up and maintain. This is especially true when you have a bigger network.

On the flip-side, a reactive mode uses flow that is already built into the network for its analysis and mitigation is only put in-line during times of attack. This makes it more cost-effective for smaller networks that don’t leverage real-time applications to build defences and oversubscribe your mitigation capabilities. Reactive mode, however, does have limited resolutions of flow, meaning it may take slightly longer to identify an attack. The time to react is also often slower.

Both modes have the same responsibility of surgically mitigating attack traffic and both need to be able to differentiate what is normal and what is a bot.

So now we answer the question of which is better? Like most decisions, it comes down to your business’ specific needs. Can you pay more to have always-on defence or will your business be ok with the more affordable solution? To decide this, factors such as the size of your network, company finances and the importance of what you are trying to defend all need to be considered.

There are plenty of good solutions out there from industry leading companies which can supply both proactive and reactive modes to protect enterprises from cyber-attacks. With solutions that can scale based on the attack and leverage virtualisation and the cloud to better defend from DDoS attacks. Many businesses will be secure regardless of which deployment mode you choose. Just make sure your business has at least one of these solutions, otherwise you won’t be prepared for that eventual attack.

Tags: CybersecurityTechnology
ShareTweet
Previous Post

Here we go again… UK Prime Minister urges nerds to come up with magic crypto backdoors

Next Post

Is the bright web more dangerous than the dark?

Recent News

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026
Lidl Confirms Data Breach After Third-Party IT Provider Hack

Lidl Confirms Data Breach After Third-Party IT Provider Hack

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol