DDoS Protection Tips for Enterprises in National Cybersecurity Awareness Month
October is National Cyber Security Awareness month, sponsored by the US Department of Homeland Security. The agency has dedicated some pages to this topic, and has even come up with a National Cybersecurity Awareness Month Trivia Game that anyone can download – but, don’t get too excited, it’s only a PowerPoint presentation (But hey, something is better than nothing!) This is not a new initiative; in fact, it’s the 16th annual version of the event. The messages seem largely aimed at consumers, so the tips don’t offer any significant help to IT professionals who are on the front lines dealing with the latest cyber threats. For more technical expertise, IT pros generally seek guidance from the National Cybersecurity Center of Excellence (NCCoE) and the National Institute for Standards in Technology (NIST). In recognition of this annual event, we’re offering the following insights for enterprise IT pros to protect their networks from distributed denial of service (DDoS) attacks.
First of all, DDoS attacks are becoming more frequent and complex, so ignoring them is no longer an option. The Internet of Things (IoT), 5G and cheap DDoS services for hire are making it ever easier for cybercriminals to launch damaging attacks.
Secondly, enterprises should not depend on other services and security devices, such as a CDN, firewall, or IPS, to protect them from DDoS attacks. These, as well as stateful infrastructure devices, such as routers are DDoS targets – they can’t defend you against high packet-rate DDoS attacks specifically intended to exhaust their state-tracking capabilities which are critical to the smooth and high-performance running of modern networks.
A popular solution for enterprises is DDoS Protection as a Service (DDPaaS), which is increasingly offered by MSSPs, Hosting and Internet service providers (ISPs). This approach simplifies life for enterprise IT security teams, because it’s effectively outsourcing your DDoS protection; the provider guarantees that you get only clean traffic delivered to your network.
However, if your provider(s) don’t offer such a service, or you want to own and operate the DDoS protection as part of a broader security capability, look for one that has flexible deployment options, as well as comprehensive visibility and attack forensics. An on-premises, purpose-built, DDoS defense solution is best deployed in an always-on configuration, between the Internet and the enterprise network. This first-line-of-defense approach prevents outages by inspecting traffic at line-rate and blocking attacks in real time, while allowing legitimate traffic to flow. On-premises, real-time defense enables comprehensive visibility into DDoS security events when deployed at the network edge. Additionally, the archived security event data enables forensic analysis of past threats for compliance reporting.
For enterprises where saturation of their incoming Internet links, by the very largest DDoS attacks, is a concern, then on-premises protection can be augmented with a cloud scrubbing capability, to deliver hybrid DDoS protection. The cloud scrubbing is only activated in the typically rare cases where an attack is at risk of saturating an Internet connection. In these situations, this is a seamless and automatic process activated by the on-premises solution.
Hybrid protection is significantly more effective than a cloud-only approach, as the automatic, real-time, always-on, nature of the on-premises solution ensures no part of a DDoS attack reaches its intended target. The result is that applications and services relying on Internet connectivity remain operational at all times. A key benefit of the hybrid approach, is that the on-premises solution significantly reduces the number of times the cloud scrubbing is activated, which lowers service costs and provides a real-time, comprehensive and consistent defense.
Enterprises in all industries are increasingly dependent on Internet connectivity and are more vulnerable than ever before to cyberattacks. The federal government, via NIST and NCCoE, does collaborate with manufacturers, technology solution vendors and industry leaders to improve cybersecurity. One example is the NIST effort to help manufacturers, small businesses and homes to secure Internet of Things (IoT) devices, to prevent them from being harnessed into DDoS botnets. Ultimately, however, the burden rests with vendors to respond with creative solutions, and enterprises to do their due diligence by deploying appropriate security measures.
For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. If you’d like to learn more, please contact us.
Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.