Mitigation Time Matters: The Difference between Seconds and Minutes

Response time in the event of an IT security incident is crucial. Part one of a response is detection; part two is mitigation. Organizations cannot afford to be slow in mitigating distributed denial of service (DDoS) attacks, no matter how large or small the attack. Obviously, in a world where most businesses rely on 24/7 uptime, any network downtime is unacceptable, so IT security teams tend to worry most often about volumetric, crippling attacks. Every minute of downtime resulting from a DDoS attack can cost tens of thousands of dollars—and that’s just the immediate financial loss. As a result of such attacks many service providers, hosting providers and online enterprises lose millions, and their reputation can be significantly harmed.

However, organizations must also guard against and respond immediately to the less visible, surgically-crafted, sub-saturating attacks, because it can take less than a minute for hackers to use a DDoS attack as a smokescreen. A low-threshold DDoS attack can take down traditional edge security solutions so hackers can then map and infiltrate a network to steal data or install malware or ransomware.

Although DDoS attacks have been around for over a decade, according to our recent DDoS Trends Report of these attacks are even outpacing the capacity that most providers have for mitigation. The attack landscape is changing every day, and attackers are employing new techniques to increase the magnitude and sophistication of attacks and make them more difficult to mitigate using conventional approaches. Hackers now often deploy automated, multi-vector DDoS attacks, automatically throwing all kinds of packet traffic at the system, and changing their techniques on the fly. These techniques make it impossible for DDoS scrubbing centers or humans to respond quickly enough. Shorter, smaller attacks typically evade detection by most legacy and homegrown DDoS mitigation tools, which are generally configured with detection thresholds that ignore low-level activity. Furthermore, if a low-threshold attack is detected, legacy solutions that rely on “swinging out” traffic to be cleansed require too much time; up to twenty minutes, which is plenty of time for hackers to launch a damaging, long-lasting security breach.

Logically, an automated attack requires an automated defense. Without an automated anti-DDoS solution in place, a victim organization would have to constantly monitor and implement countermeasures via human intervention, or with a combination of tools. The Corero SmartWall® Threat Defense System not only uses advanced intelligent filters to ensure multi-vector attacks are stopped in real- time, but also leverages advanced security forensics to provide detailed visibility to determine the nature of the threat. This achieves an optimal level of intelligence and real-time mitigation.

When it comes to protecting your network, seconds matter. Automatic, surgical attack mitigation capabilities are essential to eliminating the DDoS threat.

For more information, contact us.