Corero
Blog & News

Meet Your Customer Demands for Uptime; Block DDoS Attacks

In today’s “always-on” world of Internet connectivity, customers and employees expect that the business applications and websites they use will be available, constantly and consistently. Downtime is seldom tolerated, so don’t deny your customers the uptime they demand. Among the many types of cybercrime that organizations face, Distributed Denial of Service (DDoS) attacks represent a major threat to uptime, and they continue to grow in frequency, intensity, and sophistication.

Should You Build Your Own Solution or Buy One?

CSOs constantly weigh the cost of investing in cyber defenses, versus the risk of being victimized by cyberattacks. For any business that depends upon its Internet-facing service or applications, the bottom line is that they are increasingly likely to be targeted by DDoS attacks, so it can quickly become a false-economy not to budget for DDoS mitigation. To minimize costs, some organizations may be inclined to build their own DDoS defenses. However, in the long run, they typically end up consuming a lot of costly staff resources to build a home-grown solution which then relies heavily on observation and intervention by security analysts. It is impossible to manually analyze every flow to distinguish between good/legitimate and bad traffic. And, in today’s threat landscape, that just isn’t good enough to effectively detect and mitigate DDoS attacks.

The unseen attacks

Corero’s recent research found that 86% of DDoS attacks last less than 10 minutes, and 99% of them did not saturate links. These short, sub-saturating, attacks are often intended to escape human observation, but they are still cause for concern, because they result in poor network performance and inability to access applications and services, which can lead to lost revenue, and reputation damage.  Small attacks can still take down a company’s ­firewall in a matter of seconds, either blocking the flow of legitimate traf­fic or, possibly worse, leaving the network wide-open to infiltration, mapping, malware, or stealing of sensitive data. Clearly, this has the potential to be much more damaging than taking a website or service offline.

Zero-day attacks

Research has also shown that new attack vectors are regularly discovered; once they are already known to the cybercriminal community, where booter-stresser services for-hire spread them like wildfire. Therefore, it’s vitally important to use a DDoS mitigation solution that can protect against the ever-growing field of vectors, and the threat of zero-day attacks.

Automated, multi-vector attacks

Another reason to not rely solely on human intervention is that cybercriminals increasingly use automation to change attack vectors frequently, which makes them more difficult to detect and mitigate, because human security analysts simply cannot react quickly enough to update the countermeasures.

So this means organizations where DDoS does present a significant risk to their operations need to invest in appropriate defenses. However, not all DDoS solutions offer the same levels of protection, with many relying solely on out-of-band, on-demand, scrubbing, whereby traffic is remotely monitored for suspicious/attack activity and then re-routing it for scrubbing, which then attempts to remove the bad packets and return the good/legitimate traffic to its intended destination. This approach typically results in lengthy delays between detection of the attack and when the actual remediation efforts begin. Such solutions require minutes, or tens-of-minutes, to mitigate DDoS attacks, which results in downtime that can be devastating to a business.

Furthermore, the scrubbing approach is typically resource-intensive and expensive because it requires highly-trained personnel to monitor traffic 24/7.

Given that 99% of DDoS attacks now don’t saturate links, it is often easier to detect and block them in real-time, at the network edge, without requiring expensive and time-consuming traffic redirection to cloud solutions. An automated, real-time DDoS mitigation solution on-premises can mitigate attacks without the disruption, risk or cost of re-routing customer traffic across the Internet to third party scrubbing centers.

DDoS attacks are a major threat to business continuity. To better understand the DDoS threat landscape, download the Corero 2020 DDoS Threat Intelligence Report.