The breadth of DDoS attacks range from the very high volumetric attacks that fill your Internet pipes to the most common attack seen today: the low & slow application-layer DDoS attack that shuts down services and critical applications. Cloud-based solutions only combat a small sample of DDoS attack vectors. IPS devices, firewalls and other security products solve security problems that are different from dedicated DDoS detection and mitigation products.
DDOS mitigation systems are placed within a data center to help prevent both volumetric and application-layer attacks like the low & slow application-layer attack. Significant amounts of Deep Packet Inspection (DPI) are required and Cloud-based and other DDoS services do not provide this feature. An on premise solution sees both client and server side traffic, providing the ability to detect malicious behavior combining full DDoS protection and DPI at the perimeter of the network.