Corero
Blog & News

Why Is 2021 the Year to Invest in Hybrid DDoS Protection?

There is no question that the threat landscape for distributed denial of service (DDoS) attacks is continuing to evolve, and that attacks are increasing in frequency, intensity and sophistication. Organizations are at risk of facing either high volume or sub-saturating attacks, or both. As a result, more organizations across many industries whether they realize it or not, need sophisticated DDoS defense systems, especially if they are averse to risk and have stringent business continuity requirements.

DDoS Attacks Increased Significantly during 2020

Earlier this week, a report from Neustar, a Corero partner, reported a 154 percent increase in attacks on their customers in 2020, compared to 2019. They also noted an increase in attacks on Domain Name System (DNS) providers, which is very troubling considering that DNS serves as the “backbone” of the Internet.

Furthermore, the report observed the same notable increase, as Corero has seen, in Ransom DDoS (RDoS) attacks, in which cybercriminals extort money from their victims by either threatening to launch, or actually launching, a DDoS attack. Sadly, Ransomware and RDOS are nothing new, but the report suggests it may be more common in recent months because it can be easier for criminals to launch a DDoS attack, rather than trying to infect their victims with malware, given the prevalence of DDoS for hire services.

According to the report, “The largest attack size observed during this time was also the largest that Neustar has ever mitigated and, at 1.17 Terabits per second (Tbps), among the largest ever seen on the Internet. The longest duration for a single attack was also the longest Neustar has mitigated, at 5 days and 18 hours.” These findings are not surprising, given that botnets have become more powerful in recent years, and are increasingly capable of terabit-sized DDoS attacks.

At the same time, however, it’s worth noting that the report also indicated that attacks ranging in size from 5 – 25 Gbps showed the greatest increase, compared to the previous year. This finding is in line with what Corero DDoS trend research has consistently shown; i.e., the vast majority of attacks are sub-saturating, with the ability to escape the detection of legacy DDoS systems or human security analysts.

Choosing the Right Defense for Your Organization

The fact is, any organization could be hit by a massive headline-grabbing DDoS attack but that is not very likely, because those are much less common than the smaller every-day attacks. This may present a conundrum for many organizations who are struggling to determine which is the right type of DDoS mitigation system for them, since they will need to defend against both high volume and sub-saturating attacks. Some DDoS solutions are better at handling high volume attacks, and some are better at effectively dealing with sub-saturating attacks.

What to avoid: high costs, manual intervention

Traditional on-demand cloud DDoS scrubbing services, can be adequate at handling the small proportion of attacks that last long enough for them to be able to engage their mitigation. However, they typically fall short when it comes to mitigating the vast majority of attacks which are less than 10 minutes in duration and use increasingly sophisticated multi-vector techniques. Another major shortcoming of a traditional DDoS defense system is that there is often significant lag between the time an attack is detected, to when an operator can initiate the appropriate mitigation actions, resulting in additional minutes of downtime. Organizations cannot afford such service disruption. In addition, traditional DDoS defense systems tend to be resource-intensive, complex, costly, and time-consuming for the network operators.

Any solution that depends heavily on human security analyst intervention should be avoided. Attacks are increasingly automated, and use multi-vectors that change rapidly, faster than human analysts can respond to. Even the most experienced security analysts cannot possibly observe, catch, or keep up with the multiple dynamic DDoS vectors used in many of today’s attacks.

The best of both worlds: hybrid cloud protection

Organizations certainly have a variety of mitigation solutions to choose from; but the choices can be confusing, and the “right” solution depends on an organization’s profile and risk tolerance, business model, staffing, and budget. A small organization may be best served by DDoS protection as a service, which many ISPs and hosting providers offer as a value-added benefit or paid-for service, with optional upgrades. In contrast, most large enterprises and telecom companies may require a more comprehensive, robust DDoS solution, which means they would be best served by a cloud hybrid DDoS protection solution. The hybrid solution offers the best of both worlds: an on-premises component that delivers fast, accurate, protection from small, sub-saturating attacks, and automatically redirects any attacks that could cause link saturation to a cloud scrubbing service, before any impact to business continuity.

Across the board, one thing is certain: every organization needs automated, always-on real-time DDoS protection, preferably one that is able to mitigate both small-scale and high volume attacks. Stay tuned for Corero’s 2020 Threat Intelligence Report, that is coming soon, to benefit from our latest insights into the DDoS threat landscape.