Over the last year, distributed denial-of-service DDoS attacks have gotten stronger and evolved in strategy and tactics as cyber-criminals get smarter. With increased reports of “smoke screening”, where attackers use DDoS attacks to distract IT staff while inserting malware to breach confidential data such as bank account credentials and client data. Over 50% of attacked companies reported theft of funds, data or intellectual property. These types of attacks are more powerful but short-lived and more precise than prolonged strikes whose goal is extended downtime.
DDoS attacks vary in both sophistication and intensity. Attackers typically make fake requests that look like random garbage on the network, or more troublesome; make the attack traffic look exactly like real web traffic. In these cases, attacks adopt more “intelligent” behavior as in the case of a Layer 7 attack; which “simulates” a real user trying to use a web application by searching for content on the site or clicking the “add to cart” button.
The challenge in the IT landscape is that most companies are still relying on traditional defenses like firewalls versus more specialized solutions such as mitigation hardware layouts or cloud services. Since DDoS attacks are becoming more frequent, it’s a good time to review the basics and how you and your business can fight back and build a more secure network.
Cloud Mitigation or Security-as-a-Service Provider
Cloud mitigation providers specialize in providing DDoS protection from the cloud and have invested heavily in mitigation for their clients. This means they have built out massive amounts of network bandwidth and DDoS mitigation capacity at multiple sites around the Internet that can take in any type of network traffic, whether you use your own data center or any number of cloud providers. In cases of an attack, they can not only filter out illegitimate traffic but also through fail-over, provide backup locations for your online services.
A cloud mitigation provider such as Fireblade, for instance, employs specialized security engineers and researchers whose business is solely about monitoring, in real-time, your networks and the industry for new attacks. In addition, they provide vastly greater bandwidth than some of the best locally managed enterprise setups could provision on its own to stop the largest volumetric attacks; along with a diverse mix of hardware and their own proprietary technology to help you defend against attacks.
Cloud mitigation providers are the logical choice for enterprises for their DDoS protection needs. They are the most cost effective and scalable solution to keep up with the rapid advances in DDoS attacker tools, intelligence and techniques. They do the work for you and are responsible when threats occur.
Less Recommended Mitigation Techniques
Doing it yourself is not recommended in the current landscape of attacks. However, there are alternate methods that could work for small attacks and the implementation process can help you and your teams learn more about the technologies and the ins and outs of your network. Let’s review some additional options for mitigation.
Doing it yourself
Typically, it’s possible to write Python scripts to filter out the bad traffic or an enterprise could try to use its existing firewalls to block the traffic. In the early 2000s, when attacks were pretty simple, this could work. Currently, attacks are far too large and complex for this type of protection. A firewall will fail quite quickly under the load of even a trivial attack.
Specialized On-Premises Equipment
In this instance, your company is still employing a DIY method in that you’re doing all the work to stop the attack; but instead of relying on scripts or an existing firewall, you could purchase and deploy dedicated DDoS mitigation appliances yourself. These are specialized hardware that sit in an enterprise’s data center in front of the normal servers and routers and are specifically built to detect and filter the malicious traffic.
Unfortunately, there are some challenges with this setup:
Expensive to acquire and operate — There’s no magical “stop DDoS” button. You’ll need highly skilled security engineers working on your team and the initial expense to acquire equipment is huge and the system won’t be in use until you actually get attacked.
Maintenance is a pain – They must be constantly updated to keep up to date with the latest threats or else having would be a waste of time. DDoS tactics change almost daily. Your team must be prepared to update these devices to the latest threats.
They can’t handle volumetric attacks – It’s unlikely that an enterprise would have enough bandwidth coming in to handle the very large DDoS attacks occurring today. These hardware appliances have no provisions for when the attack exceeds network capacity.
Relying on your Internet Service Provider (ISP)
ISP’s do have more bandwidth than an enterprise would, which can help with the large volumetric attack approach, but there are some problems with these services as well. Since ISP’s are in the business of selling bandwidth, their concern is not investing in threat mitigation, so they tend to lack the core security competencies to handle this kind of mitigation. In addition, many web applications are run and split between enterprise-owned data centers, and cloud services like Amazon AWS, Rackspace, etc. That’s beyond an ISP’s jurisdiction and they cannot protect traffic on these cloud services.
ISP’s are most suitable for regular consumer usage and traffic.
To conclude, the best bet for your business in terms of protection, response time and capital expenditure, is hiring a cloud mitigation provider to manage protection for you. The investment is affordable and their services are built to scale as your company grows.