/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsStarting out as simple denial of service assaults launched from a single computer, DDoS (distributed denial-of-service) attacks have evolved-with the proliferation of botnets-into one of the biggest threats on the security landscape. Verizon in its 2012 Data Breach Investigations Report called these attacks ‘more frightening than other threats, whether real or imagined'.
Research firm Stratecast in a recent study also found that DDoS attacks are increasing by 20-45% annually, with application based DDoS attacks in particular growing by triple digits. Stratecast added that attacking via DDoS is one of the most prominent tools used by the hacker community, oftentimes as part of a mulch-technique attack strategy.
Most recently, researchers have found that DDoS attacks are growing not just in terms of frequency, but in terms of bandwidth and duration as well. A decade ago, for instance, 50 Gbps attacks were seen a couple of times a year. Now, such attacks can happen nearly every week.
Besides, attacks get smarter because they are now more controlled. Rather than launching a scripted flood of data, attackers start an operation and then can adapt the type of attack or the target depending on the result.
DDos attacks will continue to proliferate. As more enterprises allow mobile devices onto their network, Fortinet's own threat research group FortiGuard Labs has also found that mobile botnets like Zitmo have many of the same features and functionality of traditional PC botnets.
And they come at tremendous cost. In addition to lost revenue due to downtime, firms have to endure costs related to IT analysis and recovery, loss of worker output, financial penalties from broken service level agreements, and reputation damage to the brand.
To that end, businesses can start by assessing the network environment and devising a response plan. Among other things, the plan should include backup and recovery efforts, additional surveillance, and ways to restore service as quickly and efficiently as possible.
For proactive protection, the 3 key steps to follow are the implementation of a multi-layer defense strategy, protection of DNS servers and other critical infrastructure, and maintenance of visibility and control of the IT infrastructure.
Multi-layer Strategy
A multi-layer strategy is crucial in DDoS protection and this would involve dedicated on-premise solutions designed to defend and mitigate threats from all angles of the network. These tools should provide anti-spoofing, host authentication techniques, packet level and application-specific thresholds, state and protocol verification, baseline enforcement, idle discovery, blacklists/white lists and geo location-based access control lists.
For greater operational efficiency, firms should also look at DDos solutions that offer advanced virtualization and geo-location features.
With virtualization, policy administrators can establish and oversee multiple independent policy domains within a single appliance, preventing attacks delivered in one network segment from impacting other network segments. This mechanism is also effective in defense escalation-rather than relying on a single set of policies, IT administrators can define multiple sets in advance, which create the ability to apply a more stringent set of policies if the previous ones are inadequate.
Geo-location technologies, on the other hand, let firms block malicious traffic coming from unknown or suspicious foreign sources. This reduces load and energy consumption on the back end servers by eliminating traffic from regions outside the organization's geographic footprint and market.
Safeguarding DNS Servers
As part of an overall defensive strategy, organizations must protect their critical assets and infrastructure. Many firms maintain their own DNS servers for Web availability, which are often the first systems to be targeted during a DDoS attack. Once DNS servers are hit, attackers can easily take down an organization's Web operations, creating a denial of service situation. DNS protection solutions available on the market today can protect against transaction ID, UDP source port and case randomization mechanism intrusions.
Maintaining Infrastructure Visibility and Control
Organizations need a way to maintain vigilance and monitor their systems before, during and after an attack. It's no secret that having a holistic picture into the IT environment allows administrators to detect aberrations in network traffic and detect attacks quickly, while giving them the intelligence and analytical capabilities to implement appropriate mitigation and prevention techniques. The best defenses will incorporate continuous and automated monitoring, with alert systems that sound alarm bells and trigger the response plan should DDoS traffic be detected.
It's important to have granular visibility and control across the network. This visibility into network behavior helps administrators get to the root of the attack's cause and block flood traffic while allowing legitimate traffic to pass freely.
Turning Attention Back to the Business
DDoS attacks-like other security threats-will only continue to grow and become more rampant in future. The evolving nature of DDoS technologies will require firms to make a paradigm shift that entails greater foresight and more proactive defenses.
Therefore, organizations need to beef up their response plans and assess their network infrastructure vis-Ã -vis DDoS threats today.
Only with those measures will firms be able to stop worrying about crippling DDoS attacks and refocus on their business.