Since Mirai and its subsequent variants let the genie out of the bottle, DDoS attacks powered by the Internet of Things have become ubiquitous. As more and more IoT devices join the world’s networks – predicted by Gartner to be 24 billion by 2020 – so the potential for cybercriminals to recruit unsecured devices to botnets and wreak havoc through DDoS increases, and we see advanced multi-vector attacks that evolve in sophistication almost as fast as we can register them. Figures show that there were 7.5million DDoS attacks in 2017, with the frequency of those passing 500GBPS increasing four-fold and some notable incidents reaching as high as 1.7 TBPS. A10’s own research found that 38% of organisations said they had been affected by a DDoS attack in the last 12 months.
When the numbers are this big, the argument is over and it’s time for a reality check: DDoS attacks will be a fact of life for the foreseeable future and this has changed the economics of protection. The way for organisations to take back control is by proactively changing the conversation away from a siege mentality and toward adopting a strategic approach. Once we accept that detecting and mitigating against DDoS attacks is now part of the cost of doing business, the way is cleared to selecting the best solution.
Of course, in an ideal world, we’d all be furnished with the financial resources necessary to protect against all kinds of attacks – but I did say that this was a reality check. While A10 research found that 63% of IT professionals believe that budgets will increase in response to the evolving DDoS threat environment, there will never be enough money to go around – this is where security professionals earn their stripes. The challenge is getting the balance right between performance and budgetary limitations to identify the most appropriate and cost-effective protection for the business. There are a few signposts on the road to success that will help in the quest to establish the right solution.
Scoping tailored protection for your organisation
Bear in mind that, despite that intimidating statistics, most organisations don’t face 1TBPS DDoS attacks every day of the week – if you do, then we really should talk!
The first step to identifying the right solution is to scope out the level and types of threat that you typically face and establish the level of impact that the business is willing to support. It’s not a case of one size fits all but varies depending on your organisation. For example, the lifeblood of the gaming industry is zero latency; any slowdown in the network constitutes an unacceptable customer service failure. For this kind of business – which is also a primary target for DDoS – the highest priority is performance and the price for safeguarding that is well worth paying. Such organisations should opt for the gold standard of a proactive asymmetric deployment that delivers always-on protection, detecting and mitigating attacks in less than a second.
In other sectors, where latency is less of a mission-critical issue and volumetric attacks are less frequent, it might be advisable to trade a slight slowdown for a lower cost solution. After all, you don’t need a sledgehammer to crack a nut.
The best of both worlds – hybrid cloud DDoS protection
Of course, just because an organisation doesn’t typically face volumetric attacks, that doesn’t mean that it never will. Cloud hybrid DDoS protection allows full visibility and precision to manage more sophisticated attacks or those that come into the “slow and low” category with on-premise appliances, but when a volumetric attack exceeds the organisation’s internet bandwidth capacity traffic is redirected to the cloud to be scrubbed and legitimate traffic allowed through. This mitigates the effect of the attack for as long as it persists and keeps systems available. It’s the equivalent of having that sledgehammer in your back pocket, just in case you need it.
One thing to note when selecting a hybrid solution is that you want to find a provider that charges based on the legitimate traffic that the cloud scrubbing lets through – maintaining your business systems availability – rather than on the volume of attack traffic that is stopped, otherwise you could find yourself signing a blank cheque at the mercy of the botnet.
In order to guarantee enterprises seamless hybrid DDoS protection, here at A10 Networks we have partnered with VeriSign to create A10 DDoS Protection Cloud. This means that customers are protected by the surgical precision of the A10 Thunder® 1040 TPS appliance to combat network-based, application layer and slow and low attacks, combined with cloud scrubbing capabilities powered by VeriSign’s cloud-based DDoS Protection Service when it’s needed to combat volumetric attacks.
Physical footprint
Coming down from the cloud, a more prosaic consideration is the space and support requirements for on-premise DDoS systems. How much space, power, cooling, monitoring and management will your appliances require? You’re effectively looking for as much performance as possible with the smallest possible footprint so that TCO is kept low – small yet powerful is the key here.
Bring intelligence to bear against DDoS attackers
Perhaps one of the most positive ways to be proactive about handling DDoS is to make use of threat intelligence services that are available to keep you and your systems up to speed on the evolving threat environment. They use intelligence gained from previous attacks on other targets to make changes aimed at preventing the same strategy succeeding in future. Threat intelligence services can include tailored malicious IP catalogues, protection against known botnets, custom traffic allocation via black and white lists and mitigation against inside bots communicating with outside command and control servers. Specific responses can be appropriate to specific industries, e.g. banking and healthcare industries would find it prudent to blacklist millions of IP-enabled cameras from accessing their applications.
Seizing back the initiative and viewing DDoS protection as a necessary and strategic element of business operations is a critical step in gaining an advantage over cyber-adversaries. In a world where DDoS attacks are inevitable, it’s time for organisations to get proactive and deploy solutions tailored to meet the threat environment that they are likely to face for the foreseeable future. Security professionals who want to learn more about how to gain an advantage over DDoS threats are invited to join us at The Shard, London on the 29th of May 2018 where we’ll be looking at how organisations can balance protection, performance and budgets.