DDoS is one of the most difficult cyber security challenges to manage. While many security analysts focus on finding and stopping the ‘bad traffic’ the goal is in fact to maintain service and ensure availability. Many other misconceptions about DDoS attacks and how to protect against them apply and here are the top five we come across:
1. My ISP provides DDoS protection
The reality is that most cyber defense services offered by ISP’s/MSSP’s today lack true granularity. They often provide only minimal cyber protection.
2. Nobody will want to DDoS me
This is a common view of many smaller providers and enterprises, who assume that if they keep their head low then they won’t be a target. This unfortunately is not true. With the ease at which attacks can be launched, and the proliferation of DDoS-for-hire services for only a few dollars, even the smallest organizations can become a target.
They may not even be the intended target but become the unintended victim when the targeted addresses include them.
3. We already have DDoS protection
The real questions here should be “Is it fit for purpose?” Many DDoS solutions today are part of a broad portfolio of products and while they may provide some level of protection, it is often not sufficient for a completely robust DDoS attack prevention. After all the attackers only have to exhaust one resource and they win. This is tied into the fact that DDoS attack technology is one of the most dynamic security threats today and is constantly evolving.
4. We’ve never been attacked
Many organizations blame outages on various external factors when in fact the cause of is a DDoS attack. This may or may not be malicious and could simply be failings due to poor capacity planning. Alternatively, this could be due to collateral damage from an attack targeted at another organization. Without visibility and just following normal troubleshooting methods the root cause of the outage is often not discovered before the problem appears to resolve itself. By this stage the attack has actually ended.
5. More bandwidth will fix the problem
There are two challenges with this approach. The first one is that the simple size and amount of data that modern attack methods can produce will overwhelm even the largest service providers. The second is that many successful attacks today do not require large amounts of bandwidth as they are targeted at specific services, servers, or points in the network such as firewalls, which are particularly susceptible to DDoS traffic. Combine this with the fact that modern DDoS attacks increasingly look like legitimate traffic, and their detection becomes exponentially more difficult.