Distributed denial of service (DDoS) attacks have evolved over the years and, thankfully, so has DDoS protection technology. However, not all DDoS solutions are created equal.
Small DDoS Attacks Matter
Most legacy DDoS mitigation tools are limited to inspecting only events that cross certain bandwidth thresholds, In the event of an unusually large, suspicious spike in traffic, a legacy DDoS solution will alert IT security staff, who can then redirect (“swing”) the suspected traffic to a scrubbing service to be cleaned.
Legacy solutions ignore the small attacks, yet size does matter for DDoS attacks. Hackers increasingly use small DDoS attacks to test a network for its vulnerabilities. Even a 2Gbps attack is enough to take down a firewall. Once that happens it’s party time for the hackers; they can map a network for future attacks, try out new hacking techniques or install malware or ransomware. Once attackers have perfected their new hacking methods under the radar, they can then wield enormous power by deploying those tactics at wide range. That puts IT security staff at a huge disadvantage, because they will have not seen the techniques before, and will have no DDoS defense rules in place.
Short Duration DDoS Attacks Can Be Dangerous
Furthermore, legacy solutions rely on coarse sampling; they investigate attacks only if they are more than five minutes long. The vast majority of DDoS attacks (over 90% among our customers) last less than five minutes, which is plenty of time for hackers. Even if a legacy DDoS solution does notice an attack, the process to start scrubbing traffic generally takes 20-30 minutes.
In summary, legacy solutions do not take into account short, low-saturating DDoS attacks. Those weaknesses enable hackers work “under the radar.” That’s a problem, because the vast majority of DDoS attacks are short-lived and low-bandwidth.
Protect Against DDoS Attacks
The first thing that organizations can do to better protect themselves is to analyze the lower-level attack activity in your network with a DDoS monitoring tool. Pay attention, and assume that any “white noise” in your network could be coming from a low-level DDoS attack. The second, and more effective step, is to have in-line, automatic DDoS protection installed at the edge of your network. This eliminates the need to manually analyze events and re-route traffic for cleaning, and ensures that the time from detection to mitigation of an attack shrinks to almost nothing. It also gives visualization into your network. If your organization cannot do this on its own, ask your Service Provider if they offer DDoS protection as a service; some of them now offer such protection.
For more information, contact us.