I know a bit about Radware, and what they do is to learn a traffic pattern
from where traffic usually comes and when in case of exceeding a certain
threshold, they start dropping traffic from new sources never seen before
and then drop some seen before traffic. This works if you are a company
with a very localized visitor base (like banking site for certain national
or local bank, e-shop and so on) but it kind of doesn't scale that much
when it comes to we have people all over the place and we get DDoS-ed with
legitimate requests that only consume server resources.
What providers do in some regions is to blackhole your subnet if you reach
a certain number of packets per second. It sucks, but hey, they also have
infrastructure to protect.
Eugeniu