Corero
Blog & News

7 Top Tips for Defending Your Network Against DDoS Attacks

The nature of DDoS attacks is constantly evolving due in part to the technology used but also to the motivations of the attackers. Today’s distributed denial of service (DDoS) attacks are very different to the ones launched a few years ago. Originally, these cyber tsunamis were straightforward volumetric attacks targeting a single victim IP address with the intent of causing embarrassment and disruption. Today, however, the motives behind DDoS attacks are increasingly unclear, the techniques are becoming ever-more complex, and the frequency of attacks is growing exponentially. (See our latest threat intelligence report for the latest trends and analysis.) This is particularly true considering attacks are now automated, enabling attackers to switch vectors faster than any human or traditional DDoS security solution can respond.

The combination of size, frequency and duration of modern attacks represents a serious security and availability challenge for any online organization. Minutes or even tens of seconds of downtime, or increased latency, significantly impacts the delivery of today’s essential services. When you combine these factors, victims are faced with a significant security and service availability challenge. Below are our seven DDoS do’s and don’ts to ensure that your business is protected from these attacks.

1. Document your DDoS resiliency plan

These resiliency plans should include the technical competencies, as well as a comprehensive plan that outlines how to continue business operations under the stress of a successful denial of service attack. An incident response team should establish and document methods of communication with the business, including key decision makers across all branches of the organization to ensure key stakeholders are notified and consulted accordingly.

2. Recognize DDoS attack activity

Large, high-volume DDoS attacks are not the only form of DDoS activity. Short duration, low-volume attacks are commonly launched by cybercriminals to stress test your network and find vulnerabilities within your security perimeter. Understand your network traffic patterns and look to DDoS attack protection solutions that identify DDoS traffic in real-time, and immediately remove large and small attacks.

3. Don’t assume that only large-scale, volumetric attacks are the problem

Attackers are getting more sophisticated. Their objective is not only to disable a website, but possibly to distract IT security staff with a low-bandwidth, sub-saturating DDoS attack that is a smokescreen for a more nefarious attack, such as ransomware. Such attacks typically are short duration (under ten minutes) and low volume (under 1Gbps), which means that they can easily slip under the radar without being detected by legacy DDoS mitigation systems.

4. Don’t rely on traffic monitoring or thresholds

Yes, you may notice when network traffic spikes, but will you be able to distinguish between good traffic and bad traffic? And what would you do if you did see a spike? Could you block out only the bad traffic, or would your network resources be overwhelmed anyway? Monitoring your traffic and setting threshold limits is not a form of protection, especially if you consider that small, sub-saturating attacks often go unnoticed by threshold triggers.

5. Don’t rely on an IPS or firewall

Neither an intrusion prevention system (IPS) nor a firewall will protect you from a DDoS attack. Simply put, they were not designed for to block DDoS attacks. Even firewalls that claim to, have very limited abilities to block attacks, often relying on the usage of indiscriminate thresholds. When the threshold limit is reached, every application and every user using that port gets blocked, causing an outage. Attackers know this is an effective way to block the good users along with the attackers. Because network and application availability is affected, the end goal of denial of service is achieved.

6. Engage with a DDoS protection provider

Today, many ISPs and hosting providers offer DDoS protection as a service, either as an included value-add service or a premium subscription. Find out whether your ISP offers free or paid DDoS protection plans. But, be sure to contact your ISP long before you are attacked. If you do not have DDoS protection in place and are already under attack, your ISP may not be able to immediately sign you up and block the DDoS traffic to your site.

Alternatively, you could purchase an on-premises or DDoS protection solution. DDoS protection comes with diverse deployment possibilities via an on-premises anti-DDoS physical or virtual appliance. Be sure to look for rich, real-time DDoS security event analytics and reporting along with automatic protection.

7. Pair time-to-response with successful attack protection

As you develop your resiliency plan and choose a method of DDoS protection, time-to-response must be a critical factor in your decision-making process. Bear in mind that DDoS protection services can be a useful adjunct to an automated DDoS protection solution. However, there are some considerations to keep in mind when evaluating a cloud-based service:

  1. Before a service is engaged, someone or something must detect a DDoS attack in progress.
  2. It can take 10-20 minutes to redirect and mitigate the “bad” traffic.
  3. This shifts the discussion from protection to mitigation where it’s understood that bad traffic will get in for a period of time.

In the face of a DDoS attack, time is of the essence. Waiting a few minutes, tens of minutes, or even longer for a DDoS attack to be mitigated is not sufficient to ensure service availability or security.

We have been a leader in modern DDoS protection solutions for over a decade. To learn how you can protect your company, speak with one of experts today.