Industry best practice for DDoS defense is a multi-layer, or hybrid approach that takes into account the different types and targets of DDoS attacks. High volume flood attacks that target internet connectivity must be mitigated in the cloud, away from the intended target before they overwhelm local protection. Application-layer and state-exhaustion attacks need to be detected and mitigated on-premise close to where the applications or services reside.
Just as important, the solution must have an intelligent form of communication between these two layers backed by up-to-date threat intelligence to stop dynamic, multi-vector DDoS attacks.