Five Myths About DDoS Attack Protection
It’s a pity when myths get in the way of facts, especially in terms of cybersecurity, where there is little margin for error. When it comes to DDoS protection, several myths have been floating around for years, and it’s important to debunk them. Below are the top five DDoS myths, countered with the sobering facts:
DDoS attacks are large
Some IT security teams may assume that their organization does not experience DDoS, because they’ve never experienced a high-volume attack overwhelming their Internet connections. However, Corero research shows that over 80% of DDoS attacks are actually under 1Gbps in size, which can easily go unnoticed if an organization isn’t looking at the problem through the correct lens. These smaller DDoS attacks can be just as troublesome as the highest-volume ones, because; 1) they can overwhelm stateful infrastructure devices including routers and firewalls, or consume server resources, which impacts the overall experience for end-users; 2) they consume IT security staff time for troubleshooting; and 3) they can serve as a vector in more sophisticated cyber-crime activities.
DDoS is on the decline
On the contrary, although we haven’t seen a headline-grabbing attack (such as the Memcached exploits) for nearly a year, low-threshold, sub-saturating attacks are increasing in frequency. According to Corero’s research, the number of DDoS attacks actually increased by 40% in the first half of 2018, compared to 2017.
My organization is too insignificant to attract DDoS attacks
Actually, it’s no longer about whether an organization is famous or large; many types of organizations are targeted with DDoS by cybercriminals. DDoS attacks can be launched strategically by a competitor, randomly by a mischievous hacker halfway around the globe and even used as part of an extortion campaign. Worryingly, Corero’s latest research also shows an emerging trend for totally indiscriminate attacks, across the Internet.
A cloud protection service will be good enough
Cloud-based protection is inherently slow to react. Either through manual notification or remote monitoring, depending how much you are willing to pay, it still takes time to re-route your traffic through the cloud-service, once an attack has commenced. During this time, you are still getting hit with the DDoS attack traffic. Often, by the time protection is activated, much of the damage is already done. And, this assumes that, with today’s smaller surgically-crafted attacks, it has even been recognized that DDoS is the cause of the affects you experience.
Plus, if you regularly swing traffic to a cloud service to mitigate any suspected attack, you’ll likely pay a high price for it – on top of your monthly fee, there is often a per-incident charge, based on traffic volume and duration. Alternatively, having a hybrid solution (a combination of cloud-based and on-premises protection) dramatically reduces the number of times you need to switchover to the cloud-based mitigation. This not only lowers the costs and saves time associated with those switchovers, but also provides organizations with “always on” protection which stops all attacks, irrespective of their size, before that can have an impact.
We can build our own protection
Unfortunately, modern DDoS attacks are just too sophisticated to detect and accurately block with a home-grown solution. Criminals now use multi-vector attacks that are automated and change every few seconds or minutes. Corero regularly sees attacks using as many as eight different vectors, in the course of only ten or twenty minutes, to evade legacy, homegrown, or manual approaches to DDoS defense. Attacks are also more typically low-threshold, and sub-saturating, which homegrown and legacy DDoS mitigation tools struggle to distinguish from regular traffic. Organizations either end up with attacks still getting through, or taking their own services offline to keep them at bay. Furthermore, the process of fighting DDoS attacks in this way ties up a lot of valuable security analyst resources.
Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.