Page 49 - Cyber Defense eMagazine - November 2017
P. 49
DDoS – A Threat to Availability and Security
Today’s DDoS attacks are almost unrecognizable from the early days of attacks, when most
were simple, volumetric attacks intended to cause disruptions to online services, maybe even
publicly humiliate an organization. Today, the attack techniques are becoming ever-more
complex and the frequency of attacks is growing exponentially. The combination of the size,
frequency and duration of modern attacks represent a serious security and availability challenge
for any online organization. Minutes or even tens of minutes of downtime or latency significantly
impacts the delivery of essential services. As the DDoS attack landscape evolves toward more
sophisticated attack techniques, the objective is no longer focused solely on disruption.
The goal is not only to cripple a website, but rather to distract IT security staff with a low-
bandwidth, sub-saturating DDoS attack. Such attacks typically are short duration (under 5
minutes) and volume, which means that they can easily slip under the radar without being
detected or mitigated by some DDoS protection systems. These attacks are increasingly used
as a smokescreen to camouflage other cyberattacks, including data breached and data
exfiltration. The disruption caused by the DDoS attack can expose weaknesses in organizations’
cyber defenses or overwhelm other security tools, like firewalls or IPS/IDS, opening the door for
cyber criminals to plant malware or steal sensitive information.
Proactive Protection in the Face of DDoS Attacks
Distinguish DDoS attack activity – Have a clear understanding of your network traffic
patterns. Short duration, low volume attacks can be used as ‘stress tests’ profiling for security
vulnerabilities within your edge security perimeter. Visibility into DDoS activity on your network
is step one in defining your DDoS resiliency plan.
Document your DDoS defense plan – Proactive planning requires both technical and
operational considerations. A comprehensive plan also includes a communication strategy that
spans across all facets of the business, to ensure that key stakeholders are notified and
consulted accordingly.
Time-to-mitigation is a critical consideration – When faced with an attack, ransom driven or
otherwise, time-to-mitigation is critical. Minutes, tens of minutes or even seconds count.
Downtime, outages, latency and security implications become increasingly damaging when
mitigation techniques are not instantly engaged.
Organizations, regardless of industry, need to be proactive in their DDoS defense strategies.
Paying out a ransom to stop an attack is not a scenario that any organization should have to
deal with. As DDoS attacks continue to become more complex, more frequent and more
adaptive in nature, traditional IT security infrastructure doesn’t stand a chance when it comes to
proper protection for your business. Organizations must begin to look at DDoS as a threat
vector that requires a dedicated detection and mitigation solution as part of an overall layered
security strategy. Proper DDoS mitigation combines real-time, automatic detection and
mitigation, deployed at the internet edge to defeat the growing threat of DDoS before it can
impact the targeted environment.
49 Cyber Defense eMagazine – November 2017 Edition
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.