Automated DDoS Mitigation Is Essential

Sean Newman
By | March 20, 2019

Posted in: Network Security Trends

Today, organizations of all types and sizes face distributed denial of service (DDoS) attacks; creating a top business continuity and security issue. The ongoing proliferation of DDoS-for-hire services, powered mainly by the continuing explosion of unsecure Internet of things (IoT) devices, has turned DDoS attacks into an everyday occurrence.

There is a lot of hype surrounding high-volume DDoS attacks, but they still represent a tiny fraction of the overall problem. In actuality, the prevailing trend is that the vast majority of DDoS attacks are short, do not saturate internet links, and often escape the attention of IT security staff. Corero’s research consistently shows that around 98% of attacks are under 10 Gbps, with the vast majority under 1 Gbps, and are often specially crafted, multi-vector, attacks that are designed to evade traditional DDoS protection. Such attacks can drag down server, application and network performance, or create smokescreens for attackers looking to access critical information.

Why Traditional/Legacy Mitigation Solutions Aren't Enough

Because most DDoS attacks don’t saturate Internet connections, traditional/legacy mitigation solutions can’t handle them effectively. Cloud-based solutions and on-premise scrubbing centers rely too heavily on overly high thresholds and human intervention, leaving organizations vulnerable to the major damage which can be caused in as little as a few seconds. Consider this: cloud and scrubbing center solutions can take as long as thirty minutes to go from detection to mitigation. Even the best-equipped organizations struggle to get that time below ten minutes, and those without big-company resources can take days to complete their recovery efforts. During that lag time, network performance and security can be significantly compromised.

Automated Attack Technology versus a Manual Approach

To further complicate matters DDoS attacks are increasingly automated, starting with one vector, such as a simple UDP flood and, if unsuccessful, automatically enabling a second technique such as a DNS flood. They can continue to leverage different attack techniques automatically until their target’s environment is compromised. In fact, Corero is now consistently defending against eight or more vectors used in the same attack, often deployed over the course of only a few minutes. The automated attack technology recognizes if it is successful and reacts in real-time. No human intervention can compete with such tools. Human security agents are seldom able to detect low-level DDoS attacks and, if they do, they can’t react quickly enough to mitigate them. A manual, reactive approach simply isn’t good enough; it adds latency and inaccuracies to the remediation process.

What Type of DDoS Mitigation Solution is Needed 

The answer to automated DDoS attacks is to “fight fire with fire.” Automated attacks require automated defense. The only way to successfully defend against low-level, sub-saturating, attacks is to use an always-on solution that automatically and immediately detects and blocks DDoS attacks of all types, and sizes, in real-time.

Fortunately, there is a new generation of DDoS protection solutions that require little to no intervention from onsite specialist staff, thus reducing the need for security analysts, and giving existing IT security staff more time to detect and mitigate other cyber threats. This highly automated, always-on, DDoS protection requires no manual intervention to detect and mitigate close to 100% of DDoS attacks before they enter a network. Organizations can virtually “set it and forget it.”

The most effective DDoS mitigation solution delivers the following benefits:

  • Simple deployment, compared to traditional DDoS protection solutions;
  • Automatically blocks DDoS attacks of all types and sizes, in real-time, all the time;
  • Comprehensive visibility into attacks, for forensic analysis;
  • Significantly reduced need for IT staff with DDoS expertise;
  • Can be fully managed, before, during and after an attack, by a remote service that combines state-of-the-art monitoring and reporting, with highly experienced security engineers.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. If you’d like to learn more, please contact us.


You May Also Be Interested In: