Distributed Denial of Service (DDoS) attacks are increasing in size and sophistication. DDoS attacks adversely affect enterprises. Companies on average are hit by 15 DDoS attacks per year, according to a report conducted by A10 Networks with IDG Connect. The report found that one in five companies experience effective downtimes of over 36 hours. Recently, a few high-profile incidents have taken many enterprises offline via DNS and other bot attacks.
Attacks consume network bandwidth and significantly degrade performance, resulting in business disruption. DDoS attacks are designed to interfere with the availability of the network or application. Last week, Dyn was hit by a massive DDoS attack that disrupted major companies like Amazon, Twitter, Etsy and others.
This should be a BIG warning to enterprises and the entire internet community. Even if a website goes down for only a few minutes, eCommerce companies lose sales and, ultimately, customers; media and publishing companies lose subscriptions and ad revenue. The list goes on. There is no doubt that we need a strategy to combat these attacks.
It is important to note there are various types of DDoS attacks. Unfortunately, bad actors do not require a sophisticated skill set to launch an attack.
Types of DDoS Attacks
The following are some of the more common types of attacks:
Volumetric attacks: these Layer 3 attacks flood the network with more traffic than the network can process, causing saturation and unavailability of the service. Enterprises can avoid downtime by using a content delivery network (CDN) that can absorb such attacks.
Application layer attacks: these Layer 7 attacks focus on exhausting web server resources. This causes operational strain, and the application servers become unavailable. Simple CDNs are mostly helpless in such scenarios.
Multi-vector attacks: These sophisticated attacks use a wide variety of attacks targeting the network and servers — generally, a combination of Layer 3 to Layer 7 attacks. Layer 7 attacks are the most difficult to defend against, as they are designed to evade defensive solutions and mitigation services by looking and behaving like normal traffic. Mitigating multi-vector attacks requires sophisticated solutions.
DDoS Prevention & Mitigation Solutions
Thankfully, as the nature of DDoS attacks has evolved, so has the protection technology. But all solutions are not equal. As there is no way to prevent an attempted DDoS attack, the best strategy is to be PROACTIVE.
Below are a few recommendations that can help protect and mitigate against attacks:
Monitoring: get ahead of attacks by proactively monitoring. For organizations that don’t have a team or resources dedicated to monitoring for DDoS attacks around the clock, third-party solutions that specialize in monitoring can reduce the risk of DDoS outages.
Protect all assets: DNS is only one of the critical parts of the infrastructure. Monitoring and protecting all components of the business are important in fighting against multi-vector attacks. This includes VPN, email, origin, CDN and any other assets that sit in a third-party cloud. Build redundancies for critical resources like DNS, so that in the event of an attack, falling back to a redundant service is imperceptible to your users.
Emergency plan: prioritize an incident response plan and create a list of escalation paths with internal and external stakeholders. Test and run fire drills to ensure the right measures are in place and everyone is aware of their responsibilities.
Attack post-mortem: should there be an attack, evaluations afterwards are a must. Document lessons learned, measure the effectiveness of mitigation strategy, and, last but not least, review areas of improvement. Take the steps needed to ensure faster and stronger responses should there be future attacks.
While some organizations are at greater risk than others, DDoS attacks are increasing significantly across all sectors. Further details regarding DDoS protection and insights (updated quarterly) can be downloaded from Instart Logic’s website.
Luckily Help is On the Way
Legacy CDN solutions mainly inspect suspicious spikes in traffic. The truth is, attacks can be small in size and vary in nature. This allows for attackers to remain undetected as they perfect the type of attack before fully launching. This is where outdated simple CDN solutions fail. Instart Logic’s application delivery platform includes an intelligent CDN that improves performance and security. In addition to this, Instart Logic’s partnership with Verisign allows advanced DDoS monitoring and protection as a service for all assets. This integrated solution combines technology from both companies to protect against a variety of DDoS attacks.