From my time spent in the military back in the 1980’s I remember many of the lessons learned. The title of this blog is one of them. Without a plan, all of the hope in the world solves little, if anything and hope simply cannot replace a good plan. Hope is not a strategy for success.
With the recent news pertaining to Lizard Squad and their DDoS for hire service, many journalists are jumping on the bandwagon creating quite a bit of hype. DDoS for hire services have been around for years and yes many of the services have used compromised home devices in the past. This is not something new. However, I must admit that Lizard Squad is pretty good at marketing their service. They remind me of a Silicon Valley startup having made lots of noise over the past few months.
What amazes me the most is how poorly prepared organization are to defend against the DDoS attack vector. For example, Corero and SANS surveyed hundreds of IT security folks in early 2014. The survey included the results from executives, middle management, and guys like me who operate in the trenches. Here are the results with regards to DDoS attacks:
- 40% - completely unprepared
- 23% - have no current plan
- 16% - have no future plan
- 26% -rely on operational infrastructure
- 50% - have never tested
These statistics completely blow my mind. Why are organizations not planning for the worst? Over 40% of the people surveyed are completely unprepared for a DDoS attack and 50% have never even tested if their defenses could deflect an attack. As a result these unprepared organizations allow the viability of Lizard Squad’s DDoS for hire service. If every organization was prepared for a DDoS attack and every organization had defenses in place, Lizard Squad would be completely unknown today. As we can see from the survey results, only a little more than half of the organizations are prepared.
Why do people launch DDoS attacks? Because they work!
So what is the solution? Simple…Deploy DDoS defenses where they make the most sense. For example ISPs have transported DDoS attack traffic across their infrastructures for years. Although DDoS attacks are easy to detect, few if any ISPs have real-time DDoS defenses in place. Most utilize scrubbing-lane approaches using antiquated technologies that still result in outages for their end customers. The recommendation is for ISPs to deploy real-time defenses on their peer points; blocking the attacks before they enter the ISP infrastructure.
Secondly, hosting providers and cloud providers need to deploy real-time detection and prevention technologies on their peer points as well; defeating the attacks before they enter the hosting/cloud environments. This approach defeats any attacks that leak through the ISP infrastructure and can block all attacks up to pipe saturation.
Finally enterprises that rely on the internet also need to deploy real-time defenses. These defenses can effectively defeat all DDoS attacks up to pipe saturation. Coupled with ISP or cloud-based defenses this hybrid-approach will insure that enterprises are not taken offline as a result of an attack.
This three pronged approach, whereby defenses are deployed in the IPSs, Hosting/Cloud environments, and at the edge of Enterprises network will result in completely eliminating this attack vector in the future. I think we can all agree; if these defenses are not deployed this problem will not be going away anytime soon.