Now that distributed denial of service (DDoS) attacks are a common occurrence for many companies, more organizations are rightfully worried about protecting their servers and web applications. With that wave of concern comes a slew of advice—some good, some bad—from IT experts about the best anti-DDoS approaches. One example of bad advice is to suggest that organizations can rely exclusively on cloud-based mitigation.
Why is that a bad idea? Well, it’s a common myth that cloud-based mitigation techniques offer full protection against all types of DDoS attacks. The truth is, cloud-based DDoS mitigation is mostly useful against large, persistent, brute-force volumetric attacks—the kind that bring the infamous huge, crippling traffic spikes to a server. However, the cloud-based mitigation approach fails to adequately protect against low and slow application layer attacks. Such attacks are hard to detect and mitigate because they appear to be legitimate, and they consume little bandwidth.
One may think that the low and slow application layer attacks are not such a damaging because known to drag down network performance, rather than completely disrupt availability. However, they are usually much more nefarious and crippling, because they can mask a malware attack. Furthermore, our research has shown that the vast majority of DDoS attacks are not large, volumetric attacks. So, mostly what organizations should be concerned about are the short, sub-saturating DDoS attacks.
In terms of performance, cloud-based mitigation results in delays. Before engaging cloud-based mitigation, a human analyst must get involved in deciding what to do with suspicious traffic patterns and system alerts or anomalies in network traffic. Once a decision has been made to off-load that traffic, the security analyst must engage the cloud-based scrubbing service; by the time this process is engaged, 20-30 minutes may have passed. That’s plenty of time for hackers to infiltrate the network with malware or ransomware, or steal valuable data.
What about price, you may ask? The price of cloud-based mitigation as a monthly fee may seem affordable, but in the event of an actual attack the price can be staggering. Depending on the size and duration of the attack, the cost could range from thousands to millions of dollars. When shopping for DDoS attack protection, companies should consider best value for total cost of ownership.
Companies need to be concerned about all types of attacks, so to successfully mitigate attacks they need real-time DDoS technology that is automated, granular and scalable. They can no longer rely on legacy or patchwork approaches to defeating the DDoS threat.