Former Prolexic anti-DDoS founder Barrett Lyon has announced $9.5 million of initial funding for his latest security startup Defense.net. Intriguingly, the new firm will also sell DDoS mitigation.
Having been involved in one well-regarded DDoS venture, why is the youthful Lyon putting sweat into founding a second one?
Lyon's answer seems to be that the world of DDoS has changed hugely since Prolexic's invention a decade ago and addressing contemporary attacks requires a totally new approach.
"The modern Internet is different from what we were defending 10 years ago," said Lyon in Defense.net's opening PR release. "It's not just websites. It's critical financial transactions. It's video, it's mobile applications, it's APIs that integrate systems among institutions. We [Defense.net] had to design defenses to protect all those systems from DDoS attacks."
The firm has yet to announce the products and services that will embody this claimed new approach but the notion that the established anti-DDoS industry might be out of date could unsettle a market that is still coming to terms with the rise of DDoS as a mainstream business need.
"A decade ago, small scale DDoS attacks by today's standards shut down off-shore cyber casinos for extortion purposes, but now political hacktivists and foreign government backed 'cyber fighters' such as Izz ad-Din al-Qassam are attacking critical infrastructure of the US, including financial institutions, utilities, telcos, Internet hosting facilities, and state government," said Lyon.
Lyon's pitch is that while mitigation systems have deflected these attacks, they have done so at a sometimes unappreciated cost to these being defended.
"Even when they successfully stop an attack, existing mitigation solutions create significant side effects from blocked users and fraud alerts to slow page loads, broken links, and stalled or timed out video streams," Lyon said.
It was like a fire department putting out a fire by flooding a building with water. Which is worse?
The mitigation also generated a stream of false positives.
"Some companies have had to ignore their fraud alerts when DDoS mitigation was turned on because so many of the alerts were artifacts of the mitigation.
Defense.net would attempt to stop DDoS attacks without, as it were, leaving water marks everywhere, disrupting business applications. It's a big claim.
In Startup style, Defense.net has assembled what Lyon believes is an all-star cast of DDoS experts, including names from Verisign, BitGravity, Juniper, Box.net and Apple's, as well as his old play, Prolexic.