There has been a flurry of DDoS reports from DDoS protection vendors as of late, and Corero has thrown its hat in the ring as well. The recently released Corero DDoS Trends and Analysis report offers a unique perspective of the growing DDoS threat; offering a stark contrast to the majority of the reports saturating the headlines this month.
The Corero findings are unique and differentiated from other vendor driven analysis of the DDoS landscape, due to the deployment and positioning of the Corero DDoS mitigation appliance in the customer network. The Corero SmartWall TDS is deployed at the very edge of the customer network or at the Internet peering points as a first line of defense, inspecting and mitigating all traffic arriving from the Internet in real time before the attacks impact the customer environment.
Cloud based anti-DDoS solutions, and trends and analysis reports authored by the manufacturers of those products and services only represent DDoS traffic that is re-routed to them for scrubbing, well after the attack has permeated the network. While those reports offer very interesting data points about large scale DDoS attacks, they represent only a fraction of DDoS traffic an organization faces on a daily basis.
For example, in Q4 2014 each of Corero’s protected customers experienced an average of 3.9 DDoS attack attempts per day. In fact, one customer in particular actually experiences an average of 12 attack attempts per day. Additionally, 87 percent of DDoS attack attempts were less than 1Gbps in peak bandwidth utilization, while another 10 percent were between 1-5Gbps in peak bandwidth utilization.
These sub-saturating attacks against Corero’s protected customers, if not mitigated at the network edge with real-time DDoS defense technology, may have gone completely undetected by traditional cloud-based DDoS solutions. Furthermore, utilizing cloud scrubbing services to defeat these attacks would be too little, too late. The attack would have made it’s way into the network, degraded service and opened the door for the potential of further exploits and data exfiltration activity long before the attack could have been redirected to a scrubbing center.
Cloud based anti-DDoS services combined with on-premises real-time defense offer the Internet connected business comprehensive protection against the total DDoS threat landscape. In the event that organizations are faced with high volume DDoS attacks that completely saturate the Internet link, switching to the cloud to scrub traffic and re-route to maintain service availability is required. For everyday protection against sub-saturating DDoS events that are increasing in frequency and sophistication requires real-time visibility into the network traffic, immediate detection, analysis and mitigation of DDoS attacks—before the threats penetrate the network.