DDoS Attacks Advancing and Enduring: A SANS Analyst Survey
Distributed denial of service (DDoS) attacks continue to grow in frequency.
DDoS tactics are increasingly targeting vulnerabilities in specific applications, such DNS servers or even Network Time Protocols (NTP) used for syncing date and time between machines on a network. Krebs on Security reports that these attacks are also increasing in volume, with a DDoS targeting NTP against his site sustaining 200 Gbps at its peak.2 DDoS components are also becoming part of larger malware packages, such as DDoS bot installers on compromised servers.3
These trends are supported by a new SANS survey on the state of DDoS readiness. In the survey, 378 security and network managers reveal that they are experiencing more frequent and sophisticated DDoS attacks. The survey also reveals that many enterprises are indeed not prepared to deal with the problem. These and other trends are discussed in the rest of this report.
Almost 40% of enterprises are completely or mostly unprepared for DDoS attacks.
Organizations are not upgrading their systems and tools to detect/mitigate DDoS attacks.
Average attack duration and frequency.
The most valued factor in a DDoS mitigation solution.
DDoS mitigation solutions integrating on-premise equipment and ISP and/or mitigation architectures are nearly four times more prevalent than on-premise or services-only solutions.
DDoS mitigation is a shared responsibility between IT security and operations.