The 300 Gb/s of traffic hurled at Spamhaus earlier this week during an epic Distributed Denial of Service (DDoS) attack may just be start of an even larger trend: The expanded growth of the DDoS prevention industry.
The worldwide market for DDoS prevention solutions -- including products and services -- is expected to grow by a compound annual growth rate (CAGR) of 18.2% from 2012 through 2017 and reach $870 million, according to new research released this week from IDC.
IDC forecasts that volumetric attacks -- like the one leveled earlier this week at Spamhaus -- will remain the predominant type of DDoS attack throughout the forecast period, citing effectiveness and ease of execution. As these volumetric-based attacks continue proliferate however, more advanced hybrid attacks that include application layer and encrypted traffic will grow, generating growth in the on-premise equipment market throughout the forecast period, according to IDC's "Worldwide DDoS Prevention Products and Services 2013–2017 Forecast."
This forecast comes as hacktivists earlier this month announced the start of Phase Three of their well-publicized DDoS campaign against the global financial services industry, launching attacks as a form of social and political protest.
A statement issued yesterday by Digital Citizens Alliance Executive Director Tom Galvin, reinforces the concern that these growing DDoS incidents are a major threat to the global economy.
"Make no mistake – this is more than just an inconvenience slowing down your computer. [They] are showing just how much damage they can do to the Internet economy by slowing and, potentially, disabling businesses with these attacks on the web. Using sophisticated technology, this effort to threaten and intimidate creators and online businesses derives from the tactics the Mafia used to take control of neighborhoods in American cities. It's deplorable and as citizens we can't let them get away with it."
Christian Christiansen, Vice President, Security Products & Services research at IDC said in a press release that as these attacks grow in sophistication, organiziations need to arm themselves.
"Embedded capabilities were quickly overwhelmed and outages were readily apparent on the Web. This is driving the need for proactive solutions to protect customer's infrastructure from current and future attacks," he said.
Additional IDC findings include:
- Expansion of cloud services and mobile networks creates additional targets for DDoS attacks.
- Providers of anti-DDoS products and services continue to expand partnering relationships to address the evolving nature of attacks.
- Firewalls, intrusion protection, and other devices may mitigate very low-level attacks, but large volumetric attacks easily overwhelm their capabilities and the security devices can become the attackers' unwilling allies because they are unable to separate legitimate for illegitimate traffic.
- Customers increasingly embrace services and product-based solutions, but larger enterprises will adopt a hybrid solution that combines these solutions.
Rob Kraus, Director of Research at Solutionary’s Engineering Research Team (SERT), said in a statement issued to Security Bistro that these growing attacks should be seen as a wake up call.
“Enterprises must take responsibility in ensuring that the security solutions they have in place are the most up-to-date and effective in order to protect their customers, networks and brand and to mitigate such attacks. Managed security solutions provide enterprises with an option that is quickly deployable and deliver advanced IT security and compliance solutions," he said.