SANS Announces Results of Its 2014 Survey on Distributed Denial of Service (DDoS)

Enterprises Not Prepared to Mitigate DDoS Attacks; Deficiencies Center on Reliance on Production Infrastructure and Failure to Test Processes and Controls

Bethesda, MD – March 17, 2014 – SANS announces results of its 2014 Survey on Distributed Denial of Service (DDoS), sponsored by Corero Network Security, in which 378 IT professionals answered questions about their experience with DDoS attacks and their ability to protect their assets.

"DDoS attacks are affecting every sector," says Deb Radcliff, executive editor of the SANS Analyst Program. "They are no longer solely based on volume, they are also targeting applications and managing to deny service on those applications."

In fact, the weighted averages of survey responses indicate that enterprises experience 4.5 DDoS events per year that span a bandwidth of 1.7 GB, last 8.7 hours, and cause costly outages lasting 2.3 hours for enterprises.

According to John Pescatore, SANS director of emerging security trends and the author of this survey, "Too many enterprises are not prepared to deal with DDoS attacks."

In the survey, 39% of respondents either didn't have a DDoS mitigation plan or were unaware of one existing for their organization. Of those who do have a plan, only 50% have ever tested that plan.

The survey uncovered several deficiencies. Pescatore continues, "Common deficiencies we found were relying on the production infrastructure to protect itself and failing to regularly test dedicated DDoS mitigation processes and controls when they were in place."

Other results determine the most valued factor in a DDoS mitigation solution to be preventing damage to specific applications, followed by preserving bandwidth and handling high-volume attacks. These choices reflect the concern to protect against accidentally interrupting legitimate business sessions. Fully automated solutions that require little to no human intervention were not in demand.

Results and insights surrounding DDoS and mitigation techniques will be released during a webcast on Thursday, March 20, at 1 PM EST. To register for the complimentary webcast please visit:

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by John Pescatore.

The SANS Analyst Program,, is part of the SANS Institute.

Tweet this:
DDoS Taking Their Toll on Enterprises–SANS survey results released 3/20! Register here:

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (

About Corero Network Security
Corero Network Security, an organization's First Line of Defense(R) against DDoS attacks and cyber threats, is a pioneer in global network security. Corero products and services provide Online Enterprises, Service Providers, Hosting Providers and Managed Security Service Providers with an additional layer of security capable of inspecting Internet traffic and enforcing real-time access and monitoring policies designed to match the needs of the protected business. Corero technology enhances any defense-in-depth security architecture with a scalable, flexible and responsive defense against DDoS attacks and cyber threats before they reach the targeted IT infrastructure allowing online services to perform as intended. For more information, visit

# # #

Deb Radcliff 
(707) 732-3317