Mitigation timing
Under normal conditions, the filtering and mitigation process completes in under 5 seconds. Most attacks are neutralized before legitimate users notice any degradation.The 5-second window applies to typical attack volumes. Extremely large-scale attacks may take longer as the system builds a pattern profile.
Large-scale attacks
During exceptionally large DDoS attacks — those reaching several hundred thousand requests per second — the edge may temporarily become overloaded before mitigation fully engages.What happens during a very large attack
What happens during a very large attack
When attack volume is high enough to saturate the edge, the affected domain may experience brief downtime while the system analyzes traffic patterns. Once the system identifies enough malicious signatures, it begins blocking those IPs at Layer 4, which significantly reduces the load on Layer 7 filtering.
What happens with short, high-volume bursts
What happens with short, high-volume bursts
Short bursts at extreme volume may not be fully mitigated during their runtime. The edge can temporarily stop responding — this does not mean mitigation failed. It means the system is still analyzing the attack. Once sufficient patterns are identified, even those burst attacks are blocked going forward.
Adaptive learning
The mitigation engine improves over time as it observes more attack traffic.Attack duration
The longer an attack persists, the more effective mitigation becomes. The system continuously refines its blocking rules as patterns accumulate.
Attack frequency
Repeated attacks against the same domain help the system learn attacker behavior faster, resulting in quicker response times in future incidents.