In September 1996, only about 45 million people1 around the world were using the internet. Yet the pioneering ISP Panix was hit by a SYN flood attack that took down its services for several days. It is generally considered to be the first malicious DDoS attack2.
In the quarter of a century since, we have seen wave3 after wave of new threats emerge as targets, users, attackers, and the internet itself have all evolved – from email threats and Windows vulnerabilities to the advent of phishing attacks and website vulnerabilities to the rise of botnets and ransomware attacks.
Through it all, DDoS attacks have never stopped. Their numbers may rise and fall, and attackers may shift their focus to different industries at different times, but the threat has never gone away.
The good news: Thanks to the ceaseless persistence of DDoS attacks, the IT security community has gained 25 years of experience countering them.
These blog posts draw on that accumulated experience to give you the information you need to create an effective DDoS defense for your company. We’ll discuss:
The five core technologies you can tap to mitigate the avalanche of traffic a DDoS attack generates, and how to evaluate them for your enterprise. We’ll also discuss a sixth option that should be reserved for a last-ditch desperation response, but is used far too often.
The critical components of an effective, coordinated strategy for employing mitigation technologies so your enterprise can respond immediately in the event of attack and deploy the appropriate technologies to keep your digital assets accessible and available.
Once you’ve identified the mitigation technology -- or more likely technologies – that are appropriate for your needs and established a plan to guide their use, you can be confident that your enterprise is prepared to withstand an attack.
Is this effort really necessary? Even experienced security professionals can underestimate the seriousness of the threat DDoS attacks present – in part because they have been so persistent across the years, they’re almost part of the landscape.
However, if uninterrupted access to your website and other online assets by customers and partners is important to your organization’s revenue and business relationships, it is well worth the effort to create or renew a strong DDoS defense, for three fundamental reasons.
1.Attacks have become more challenging to mitigate.
To start, there are more of them. ZDNet reported4 that an average of almost 30,000 attacks were launched every single day over a recent 6-month period. At the same time, more attacks are larger – more than 250 Gpbs (gigabits per second) – as the number of large attacks has increased far more rapidly than the number of attacks overall.
In addition, attackers have adopted new techniques to make both detection and effective defense more difficult. To complicate analysis and mitigation, for example, a “carpet bombing” attack shifts from one target to another in quick succession, hitting multiple individual addresses or subnets within a single organization to change the attack faster than the defenders can analyze and respond.
As to thwarting defenses, attackers are turning to actively monitored attacks, often utilizing multiple vectors in the same attack. They look for vulnerabilities they can exploit while the attack is unfolding and modify vectors in mid-stream to gain an advantage and land a more successful attack.
2.The consequences and costs of an attack are significant.
For most connected businesses, having your website and online assets inaccessible for more than a few minutes is a problem. More than a few hours verges on catastrophic.
That’s not an impossible outcome. In 2020, a stock exchange had to suspend trading for parts of four days5 as a result of a sustained series of DDoS attacks that targeted the exchange itself, then its listed companies.
Imagine the effect a four-day interruption would have on your bottom line – and it’s not even the longest recent attack. That distinction belongs to a siege that lasted 329 hours6 – almost two solid weeks.
The increasing number of DDoS ransom attacks are an even more direct financial threat. Attackers typically notify a company that they will choke access to their website with a massive attack unless they receive a significant extortion payment in cryptocurrency, often worth six figures.
3.A fast, focused response to any attack is essential to produce the best outcome.
Minutes matter when a DDoS attack arrives out of the blue. But unless your IT team has recently and successfully mitigated a serious attack – or otherwise tested your mitigation capabilities and strategy – they are probably not adequately prepared to handle one.
Your security team can’t afford to lose those first critical minutes trying to figure out what actions to take. They have to take action immediately to mitigate the attack effectively. That means knowing what to do to counter the specific attack they’re facing, and how to accomplish each step in the process.