Corero EVP of Engineering, Julian Palmer, takes a look at how DDoS attacks have changed over the last decade and how this means professional protection is the only practical answer to today’s threats.
The Impacts of DDoS Attacks
Cybersecurity threats of all types continue to grow and pose a significant challenge for businesses everywhere. One particular threat that shows no signs of going away is volumetric DDoS attacks.
DDoS Happens to Others – Right?
If you think that DDoS attacks are something that will not affect your service and are only about massive multi-terabit attack rates that go on for hours, then think again…. The truth is that 98% of attacks are still less than 10 Gbps, and 75% last less than ten minutes. These smaller, frequent attacks cause havoc because they can slip under the radar of many protection solutions or are even over before any countermeasure can take effect. Repeat attacks are common with a 24% chance of a repeat attack within a week.
You can become a victim of DDoS attacks suddenly and unexpectedly. They may even be used by organized crime extortion, where the attackers demand payment to stop attacking you. When these DDoS attacks happen, they cause major disruptions to businesses as they can render a service almost powerless to respond. Many businesses approach us after they’ve been attacked; when they have already experienced site and network downtime which has led to lost revenue, slow service delivery and damage to their reputation.
DDoS Has Changed
Some may think that DDoS has not changed. Think again on that one too…
While the basic vectors of these attacks have remained largely the same over the last ten years, their delivery has significantly changed as attackers grow more sophisticated than ever.
In the past, attackers may have sent a single attack vector (e.g., SYN flood or similar) at once. This was enough to paralyze the service by exhausting state or capacity. But as defenses improved, the attackers were frustrated and the attacks less effective. In response, today’s attacks now present multiple vectors at the same time to try to confuse or exploit any weakness in the defense.
Another change caused by improving defenses is that attackers now target multiple victims simultaneously, or even an entire subnet. This attack type, known as a “carpet bomb” or “spread spectrum” attack, makes it difficult for DDoS protections historically built around protecting a single IP at once. No single IP gets enough of the attack to engage traditional protections, but the totality of the attack still saturates the network preventing access to service.
Home Grown Solutions Are Not Enough
This shift in attack style changes how businesses need to approach DDoS protection. Homegrown mitigation solutions are no longer sufficient. They are too simple, too manual, too slow to engage, and too inaccurate meaning they cause further damage.
Defending against today’s DDoS attacks needs a professional solution. Only a dedicated DDoS specialist has the expertise, years of experience, and depth of solution to compete against these new attack dynamics.
Professional DDoS Protection Can Help Solve The Money, People, Priority Conundrum
Sure, professional DDoS protection costs money. Some may think it a “nice to have.” Budgets are squeezed more than ever. There are multiple needs competing for each dollar you have to spend. And then there is the struggle to find enough highly skilled staff.
But best of breed DDoS protection helps in ways you may not have thought of.
Fully automatic, highly accurate solutions such as ours keep your services running, saving you money and customer reputation. So, you will not lose those hard-won customers. The automatic protection without false positives that Corero delivers frees your valuable and overstretched staff to focus on what really matters – making money – rather than having to becoming DDoS experts and operators. And our solutions can enable you to sell DDoS protection as a value-added service with our DDoS protection-as-a-service turnkey solutions.
One customer, Stephen Clark, Director of IP Networks at BCI Commercial Telecom, specifically values these values of the Corero solution, saying, “Our team monitors traffic but we don’t have to worry about it. We set it and forget it.”
But Isn’t It Going to be Complicated and High Impact?
We know DDoS protection isn’t a one size fits all solution – every customer and network we see is unique and has different priorities and pressures on their budget.
This is why we developed our flexible, modular DDoS platform that can be tailored according to your needs, budget, and technical requirements. It allows you decide just how far you want to go in your DDoS protection journey, growing and evolving with your needs, and protecting any investment you have already made as you move to the next level.
If you have nothing today, you may not know if you are under attack. We can help you with cost effective DDoS visibility solutions.
If you need basic mitigation, we can help there too, with solutions for every budget that can automate manual mitigation technical like upstream RTBH or FlowSpec.
Corero can deliver advanced automatic protection from 10Gbps to multiple Tbps. This includes inline, scrubbing center deployments, and sophisticated edge blocking via FlowSpec and our proprietary Juniper MX / PTX integration.
Our solutions fit easily into your existing network without the need for a forklift upgrade. We have the broadest on-premises protection solutions that can be easily added into your environment regardless of router used, or network architecture.
As Tim Cook, CEO of Apple, so eloquently said, “Our customers trust us to deliver solutions that enhance their lives. It’s our responsibility as engineers to never betray that trust.”
When it comes to safeguarding against DDoS attacks, the stakes are high for our customers. Therefore, we go above and beyond to provide them with the peace of mind that their networks and customers’ networks are always protected.
Have a chat with one of our DDoS experts to find out how we can help protect your organization. Simply schedule a convenient time here.