With Denial of Service, or DoS, attacks on the rise, many companies are on the lookout for ways to protect their online business presence.
Types of DoS Attacks
Before planning an attack mitigation strategy, it’s important that companies first understand what types of attacks would most likely occur. DoS attacks have historically lived in one of four attack-type quadrants:
- Simple, Non-Volumetric Attacks. An example of this would be attacks caused by common malware, such as Zeus. Zeus is known to steal credentials from individuals.
- Simple, Volumetric Attacks. An example would be a Smurf attack or SYN floods. Smurf attacks send types of packets (ICMP) that devices respond to by default. By sending these packets from a lot of compromised systems (volumetric), an attacker can slow or prevent network communication to the device from legitimate traffic.
- Complex, Non-Volumetric Attacks. These worms with a goal do things like attack industrial systems. Industrial systems would include controllers for power plants or other public service organizations.
- Complex, Volumetric. Complex multi-vector/multi-vulnerability attacks include those that would flood a customer’s infrastructure with attack traffic. This traffic may also attempt to overwhelm infrastructure like web servers so that they can be further exploited to steal personal information.
The last type, complex, volumetric attacks, tend to define the world in which we live now.
Evolving Attack Tactics
In the last few years, we have witnessed an increase in attacks in all types, but there has been a shift in DDoS attacks from primarily large volumetric attacks to smaller, harder to detect attacks that target the very infrastructure of small and mid-sized companies. In 2014, the volume of these attacks has increased dramatically. Companies are finding, in the most painful way possible, that existing security infrastructure is unable to protect their data center assets from these small, harder-to-identify application-layer DDoS attacks. That has led to some very impactful outages for customers who have been attacked. Thus, a layered security strategy is essential to maximizing availability.
Non-Volumetric DoS Protection
Today, attacks on organizations (especially organizations engaged in controversial subject matter) are unrelenting. It’s no longer a question of if attacks will occur, but what level of intensity they will bring—some of which can be quite devastating. The following graph shows one example of the increase in the attack metrics: In 2014, we have witnessed sustained DDoS attack sizes exceeding 10 Gbps. To put that in perspective, that is about the effective capacity of most internet backbone pipes today. To deal with DDoS attacks of this magnitude, internet service providers are offering “clean pipes” as a mitigation tool, thus ensuring customers are able to focus on other operational security issues, like data integrity, confidentiality and compliance.
Layered Security Models
Intrusion Protection System (IPS) devices, firewalls, antivirus, anti-malware, route filtering, web application firewalls and other security products are essential elements of a layered-defense strategy, and each is designed to solve security problems that are fundamentally different from dedicated DDoS detection and mitigation products. IPS devices and firewalls effectively address network integrity and confidentiality, but they fail to address a fundamental focal point of DDoS attacks—network availability. Adding to the security threat, IPS devices and firewalls maintain state status information for every session established between a client on the internet and the corresponding server in the data center. That means they are vulnerable to DDoS attacks and often become the targets themselves, serving as chokepoints. Many customers believe they have secured their key services against attacks by deploying IPS devices or firewalls in front of their servers. In reality, such deployments can actually expose these organizations to service outages, having a direct impact on customer access, satisfaction and, in some cases, revenue.
A Purpose-Built Solution for Availability
In order to provide sufficient protection against the impacts caused by application-layer DDoS attacks, it is important to deploy a dedicated DDoS mitigation solution that provides comprehensive protection against new and evolving threats, secures the availability of services, provides excellent visibility across the whole infrastructure and detects emerging threats by looking beyond the network edge. In order to mitigate the threat, companies must have excellent visibility across the entire network to ensure that threats are identified and stopped quickly. There are solutions available to address these threats, and with these solutions, companies can preserve their availability—and revenue. Want to learn more about DDoS mitigation services? Contact us, or stay tuned to our blog.