Automated DDoS Mitigation Is Essential

Today, organizations of all types and sizes face distributed denial of service (DDoS) attacks; creating a top business continuity and security issue. The ongoing proliferation of DDoS-for-hire services, powered mainly by the continuing explosion of unsecure Internet of things (IoT) devices, has turned DDoS attacks into an everyday occurrence.

There is a lot of hype surrounding high-volume DDoS attacks, but they still represent a tiny fraction of the overall problem. In actuality, the prevailing trend is that the vast majority of DDoS attacks are short, do not saturate internet links, and often escape the attention of IT security staff. Corero’s research consistently shows that around 98% of attacks are under 10 Gbps, with the vast majority under 1 Gbps, and are often specially crafted, multi-vector, attacks that are designed to evade traditional DDoS protection. Such attacks can drag down server, application and network performance, or create smokescreens for attackers looking to access critical information.

Why Traditional/Legacy Mitigation Solutions Aren't Enough

Because most DDoS attacks don’t saturate Internet connections, traditional/legacy mitigation solutions can’t handle them effectively. Cloud-based solutions and on-premise scrubbing centers rely too heavily on overly high thresholds and human intervention, leaving organizations vulnerable to the major damage which can be caused in as little as a few seconds. Consider this: cloud and scrubbing center solutions can take as long as thirty minutes to go from detection to mitigation. Even the best-equipped organizations struggle to get that time below ten minutes, and those without big-company resources can take days to complete their recovery efforts. During that lag time, network performance and security can be significantly compromised.

Automated Attack Technology versus a Manual Approach

To further complicate matters DDoS attacks are increasingly automated, starting with one vector, such as a simple UDP flood and, if unsuccessful, automatically enabling a second technique such as a DNS flood. They can continue to leverage different attack techniques automatically until their target’s environment is compromised. In fact, Corero is now consistently defending against eight or more vectors used in the same attack, often deployed over the course of only a few minutes. The automated attack technology recognizes if it is successful and reacts in real-time. No human intervention can compete with such tools. Human security agents are seldom able to detect low-level DDoS attacks and, if they do, they can’t react quickly enough to mitigate them. A manual, reactive approach simply isn’t good enough; it adds latency and inaccuracies to the remediation process.

What Type of DDoS Mitigation Solution is Needed

The answer to automated DDoS attacks is to “fight fire with fire.” Automated attacks require automated defense. The only way to successfully defend against low-level, sub-saturating, attacks is to use an always-on solution that automatically and immediately detects and blocks DDoS attacks of all types, and sizes, in real-time.

Fortunately, there is a new generation of DDoS protection solutions that require little to no intervention from onsite specialist staff, thus reducing the need for security analysts, and giving existing IT security staff more time to detect and mitigate other cyber threats. This highly automated, always-on, DDoS protection requires no manual intervention to detect and mitigate close to 100% of DDoS attacks before they enter a network. Organizations can virtually “set it and forget it.”

The most effective DDoS mitigation solution delivers the following benefits:

  • Simple deployment, compared to traditional DDoS protection solutions;
  • Automatically blocks DDoS attacks of all types and sizes, in real-time, all the time;
  • Comprehensive visibility into attacks, for forensic analysis;
  • Significantly reduced need for IT staff with DDoS expertise;
  • Can be fully managed, before, during and after an attack, by a remote service that combines state-of-the-art monitoring and reporting, with highly experienced security engineers.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. If you’d like to learn more, please contact us.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.