A DDoS attack does not need to be large and long-lasting to negatively impact the network. In fact, the overwhelming majority of these attacks last less than an hour and nearly a quarter of them no longer than 5 minutes.
Long before the pandemic, distributed denial of service (DDoS) attacks, their types and velocity were on the rise, and the changes brought about by the health crisis, such as the reliance on VPNs induced by telecommuting, put organizations at greater risk of disruption. In fact, DDoS attacks increased by 15 percent globally in 2020 compared to the previous year and by 25 percent in the containment core, bringing the number of attacks this year to more than 9.5 million – and could reach 10 million by the end of the year.
As organizations understand the steps they need to take to mitigate the risks of DDoS attacks and maintain availability, they need to keep in mind some key points: attacks are becoming increasingly sophisticated and complex, which is driving defense solutions to be just as sophisticated and complex. If it is possible to guard against these threats, it is above all through the preparation and adaptability of the means of protection.
Increasingly prepared attacks and assailants
Volumetric attacks are the first that come to mind when DDoS is mentioned. However, malicious acts that disrupt critical infrastructures and devices, such as firewalls, load balancers and VPN hubs, preventing them from serving customers’ inbound connections can also negatively impact applications, services and data. This problem is particularly acute when employees are dependent on their remote connection through VPN hubs.
To guard against these attacks, it is important to upgrade the network infrastructure, including the provision of services and applications, to minimize the overall risks as much as possible. Thus, thinking that firewalls are sufficient to protect against DDoS attacks is a common mistake. This is not necessarily the case, since they are vulnerable to the sophisticated attacks mentioned above, such as state exhaustion attacks. Therefore, it is recommended to deploy appropriate security tools upstream of firewalls to fight against DDoS risks.
Moreover, hackers are constantly reinventing themselves to cause more and more damage, and to counter high-level cyber security solutions. As a result, they regularly change tactics, for example, using performance management tools to monitor the effectiveness of their attacks in real time. These tools help them determine which defenses are deployed when attack vectors are altered and how. This can lead them to multi-vector attacks, which are much more complex and therefore difficult to mitigate without an adequate solution in place.
Finally, they use the same techniques as cyber security experts, but to serve their own malicious interests. As IT teams and cybercriminals are increasingly fighting on equal terms, organizations must always stay one step ahead.
Also, the size of the threat is not always correlated to its consequences, so it is important to be wary of even the smallest of attacks. Indeed, the vast majority of DDoS attacks today are not launched on a large scale, but are smaller and shorter.
A DDoS attack does not need to be large and long lasting to have a negative impact on the network. In fact, the overwhelming majority of these attacks last less than an hour and nearly a quarter of no more than 5 minutes. As a result, the attack acts quickly against corporate networks, which therefore require protection that can detect and counter the attack instantly or even upstream.
Flexibility, the secret of an optimal defense
Basic perimeter protection hosted in the cloud is not enough to adequately protect against DDoS attacks. Even if it protects against major attacks, it is only one step in a comprehensive security strategy. For attacks to the infrastructure itself or to applications, the market best practice is to use an on-premise, stateless solution that can automatically detect and stop such threats.
In the end, organizations need to consider a hybrid approach to protect themselves against all types of attacks, whether they target infrastructures or applications, especially in a landscape where the threat is constantly changing. The cloud-based model, which relies on a third-party vendor to provide DDoS resolution services, can be very effective against large-scale attacks. However, to protect the dynamic nature of many organizations from smaller application-based attacks, the addition of an on-premise solution is recommended. This allows organizations to quickly deploy appropriate protection as new applications or services are implemented.
Finally, DDoS attacks can be mitigated or stopped, if one is prepared, through regular re-evaluation of the security strategy in the first place. After all, DDoS is constantly changing, and traditional methods of protection may no longer be effective enough. Companies need to be aware of DDoS trends, know the current best practices for their defenses and test them regularly. If cybercriminals are able to renew themselves for their attacks, the defense must be at least as innovative and adaptable.