In late 2016, the DDoS landscape changed. The Mirai botnet was responsible for the first DDoS attack on record to exceed 1 Tbps. Before that, the largest was around 600 Gbps. At that same time, the overall size and frequency of DDoS attacks continued to climb. A recent IDG Connect report found attacks of greater than 50 Gbps have more than quadrupled and the number of companies experiencing between six and 25 attacks per year has ballooned more than four-fold since 2015.
This growth has sparked a renewed sense of urgency. It has altered the economics of DDoS protection, as most legacy DDoS defence solutions can’t scale to mitigate large and frequent attacks. It has prompted security pros to re-evaluate their DDoS protection and seek solutions that not only scale, but can also help alleviate the stress of being in the attack crosshairs.
To help with this, here are three keys to DDoS defence that will help security pros sleep better at night, and ensure your networks and applications are protected against modern DDoS attacks.
The first is to monitor and detect. You cannot fight what you don’t know is there. Monitoring your network traffic and flow data with DDoS detection alerts security pros to anomalies before they become full-blown catastrophes. One way to get a better understanding of what’s happening on your network is baselining, so that you know what your traffic looks like during peacetime. This means that when an attack happens you can take the appropriate wartime countermeasures. But it’s not just about processing the data; it’s about the ability to quickly make intelligent decisions with that data.
Next you must mitigate and protect. Modern DDoS solutions empower you to automate defences. You can automate anything from reports to packet captures to mitigation. This can help security pros reduce stress and thwart attacks quickly.
Lastly there is communication. As with all security procedures, effective DDoS defence involves a human element as well. Having a communication plan in place in the event of an attack is imperative. Who you notify during and after an attack is critical. For example, who do you notify if the site goes down due to a DDoS attack? Is that the same person you’d notify if a DDoS attack takes out a gaming service? Who else is notified if an attack happens? Having communications ironed out ahead of time can reduce time to remediation and lower stress levels.
Overall, these three keys are about detecting, mitigating and communicating attacks with speed and stopping them before they wreak havoc. If you have them all under control then you should be well prepared for when that eventual attack happens.
Written by Mike Hemes, Regional Director, Western Europe, A10 Networks