Meet Your Customer Demands for Uptime; Block DDoS Attacks
In today’s “always-on” world of Internet connectivity, customers and employees expect that the business applications and websites they use will be available, constantly and consistently. Downtime is seldom tolerated, so don’t deny your customers the uptime they demand. Among the many types of cybercrime that organizations face, Distributed Denial of Service (DDoS) attacks represent a major threat to uptime, and they continue to grow in frequency, intensity, and sophistication.
Should You Build Your Own Solution or Buy One?
CSOs constantly weigh the cost of investing in cyber defenses, versus the risk of being victimized by cyberattacks. For any business that depends upon its Internet-facing service or applications, the bottom line is that they are increasingly likely to be targeted by DDoS attacks, so it can quickly become a false-economy not to budget for DDoS mitigation. To minimize costs, some organizations may be inclined to build their own DDoS defenses. However, in the long run, they typically end up consuming a lot of costly staff resources to build a home-grown solution which then relies heavily on observation and intervention by security analysts. It is impossible to manually analyze every flow to distinguish between good/legitimate and bad traffic. And, in today’s threat landscape, that just isn’t good enough to effectively detect and mitigate DDoS attacks.
The unseen attacks
Corero’s recent research found that 86% of DDoS attacks last less than 10 minutes, and 99% of them did not saturate links. These short, sub-saturating, attacks are often intended to escape human observation, but they are still cause for concern, because they result in poor network performance and inability to access applications and services, which can lead to lost revenue, and reputation damage. Small attacks can still take down a company’s firewall in a matter of seconds, either blocking the flow of legitimate traffic or, possibly worse, leaving the network wide-open to infiltration, mapping, malware, or stealing of sensitive data. Clearly, this has the potential to be much more damaging than taking a website or service offline.
Research has also shown that new attack vectors are regularly discovered; once they are already known to the cybercriminal community, where booter-stresser services for-hire spread them like wildfire. Therefore, it’s vitally important to use a DDoS mitigation solution that can protect against the ever-growing field of vectors, and the threat of zero-day attacks.
Automated, multi-vector attacks
Another reason to not rely solely on human intervention is that cybercriminals increasingly use automation to change attack vectors frequently, which makes them more difficult to detect and mitigate, because human security analysts simply cannot react quickly enough to update the countermeasures.
So this means organizations where DDoS does present a significant risk to their operations need to invest in appropriate defenses. However, not all DDoS solutions offer the same levels of protection, with many relying solely on out-of-band, on-demand, scrubbing, whereby traffic is remotely monitored for suspicious/attack activity and then re-routing it for scrubbing, which then attempts to remove the bad packets and return the good/legitimate traffic to its intended destination. This approach typically results in lengthy delays between detection of the attack and when the actual remediation efforts begin. Such solutions require minutes, or tens-of-minutes, to mitigate DDoS attacks, which results in downtime that can be devastating to a business.
Furthermore, the scrubbing approach is typically resource-intensive and expensive because it requires highly-trained personnel to monitor traffic 24/7.
Given that 99% of DDoS attacks now don’t saturate links, it is often easier to detect and block them in real-time, at the network edge, without requiring expensive and time-consuming traffic redirection to cloud solutions. An automated, real-time DDoS mitigation solution on-premises can mitigate attacks without the disruption, risk or cost of re-routing customer traffic across the Internet to third party scrubbing centers.
DDoS attacks are a major threat to business continuity. To better understand the DDoS threat landscape, download the Corero 2020 DDoS Threat Intelligence Report.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s flexible deployment models, click here. If you’d like to learn more, please contact us.
Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.