Equipment for DDoS Protection
1. Cisco Guard: Great if you are CCIE kind - requires extensive network re-architecture. Suited for ISPs and not so much for web-hosts because of costs and complexity. Involves traffic diversion. Very expensive. Can handle up to 3 Gbps and you can combine multiple blades to increase the throughput.
2. Juniper Netscreen: It is a firewall. Even though it claims DDoS like all other firewalls - doesn’t have behavioral anomaly prevention required for DDoS mitigation. Great as a firewall. Expensive.
3. Riorey: DDoS solution. Appliance done in software - cannot handle large traffic. No third party validation - as far as I know.
4. Top Layer: Has a user base. Combines IPS with DDoS. IPS is not so much essential in data center. More suited for enterprise deployment. You can cluster multiple of these boxes to get throughput. Costs becomes higher as throughput grows - obviously. Tested by Tolly Group. Google Tolly+Top Layer.
5. IntruGuard: Very cost effective. Has large userbase in Europe and US. Done using ASICs (custom hardware). Can withstand 2 Gbps throughput during worst attacks. Great reviews by analysts and users. Must look at this. Custom solution for DDoS, easy to use GUI. Google for Planeetta and MetaNet and you will find out why webhosts like the appliance. It is very easy to use. Easy to plug-in - bump-in-the-wire. Self-learning and adaptive as your business grows. Tolly Group has great things to say in their performance test for this box. Google Tolly+IntruGuard.
6. Prolexic - requires you to reorganize your traffic.