Intensifying DDoS attacks: ​Choosing your defensive strategy

Get a copy of the upcoming book "Secure Operations Technology"

One of the biggest misconception regarding DDoS attacks is that they are a once-in-a-lifetime event for organizations, says Josh Shaul, VP of Web Security at Akamai.

ddos defensive strategy

“Our State of the Internet Report found that companies suffered 41 DDoS attacks on average over the last six months,” he points out.

The rise and rise of DDoS attacks

As Arbor Networks CTO Darren Anstee recently pointed out, DDoS attacks have become a much more significant business risk to a much broader range of organizations in the past few years. That’s partly due to their increase in size, complexity and frequency, but also due to the increased dependency on internet services in most businesses, as well as the greater cloud, SaaS and mobility adoption.

Some are designed to overwhelm systems and connections with too much data/traffic, others to exhaust compute resources by forcing a system to repeatedly perform and expensive task, but whatever their nature, businesses have much to lose if hit with an attack they can’t quickly counter.

And, with our ever increasing dependance on the connected world and the proliferation of DDoS services at the attackers’ disposal, DDoS will continue to be the easy choice for disrupting organizations’ operations – whatever the attackers’ ultimate goal is.

“The agility and resources brought to bear by the cybercriminals can cause a major headache for an organization – of the scale and speed at which these attacks take place. For example, the sheer scale of the Mirai botnet attack in late 2016 may have taken an entire country off the internet at one point,” Shaul notes.

“As businesses get smarter at identifying bots, bad actors get better at disguising them. Sometimes co-opting millions of smartphones into their botnets or using each bot so sporadically that their activity can slip under the radar. Fortunately for organisations, cyber security professionals and companies are also constantly adapting to stay one step ahead of the attacker.”

Choosing your defensive strategy

Shaul equates DDoS protection to a good chess strategy: the goal is to protect the king by taking out threats before they get close to him. If you wait until your opponent’s pieces are crowded round him, you’ve got no chance to defend against them in the long run.

“With DDoS attacks, you want to take out the threats at the edge of the internet, right at their source and long before they have a chance to get to your network core,” he explains.

“DDoS attacks can flood network pipes, routers, servers and other resources, so being able to identify, absorb and deflect malicious traffic, while authenticating valid traffic at the network edge in real-time, is the only viable approach for dealing with today’s threat landscape. Protections must always be on and aware of what is normal, so that only valid traffic for the destination (be that HTTP/S, DNS or otherwise) is allowed into the environment.”

If a company is attacked regularly (e.g., web hosting, online gaming, etc.) and already has a DDoS mitigation infrastructure of considerable defensive capacity set up, they can probably fight off most attacks themselves.

But for those that don’t have access to these capabilities on their own, outsourcing DDoS mitigation to a third party service that specializes in that can be the difference between mitigating an attack and significant revenue and reputation impact due to downtime.

Unfortunately, over the years, DDoS attacks have matured both in size and sophistication, and Shaul believes that it has come to the point when combating large DDoS attacks without scalable cloud-based infrastructure is nearly impossible.

“Attack volumes have gown well beyond 1Tbps in size, eclipsing the capacity of nearly any organisation’s data centre connections. Leveraging a defensive shield in the cloud, from a vendor with enormous capacity and geographic distribution, is key – but capacity and distribution is not the only consideration when evaluating a vendor’s ability to deliver security outcomes,” he says.

“The ability to deal with varying levels of attack sophistication is a critical consideration as well. Having a team of experts controlling a diverse set of detection and mitigation tools is essential for fighting the best funded and most advanced attackers.”