DDOS protection does nothing if the attacker is familiar with your network. If they know all your application ports etc etc they can custom craft attack after attack making more sophisticated ddos protection methods a necessity. Large enterprises can not depend on auto mode, but there is some protection with netflow monitoring and having anything out of the norm filtered if it's causing a problem.