IDC, a global provider of IT market intelligence, recently released findings from a U.S. DDoS Prevention Survey of C-level and senior-level IT personnel in organizations of more than 500 employees. The survey found that 53% of organizations surveyed were the target of a DDoS attack within the past 12 months.
A shift to more sophisticated attacks
Denial-of-service attacks have been around for decades and are not particularly sophisticated—at least considering the most modern cyberattack standards—but DDoS attacks continue to be a common go-to method for revengers, hacktivists and script kiddies, alike.
DDoS attacks have been traditionally volumetric—the attack involves diminishing a target’s service by overwhelmingly flooding the service with a botnet-driven influx of requests. Since the requests originate from multiple source locations (the “botnet”), a single source denial-of-access can’t defend it. Hence, the “distributed” in DDoS. Volumetric attacks comprise over 50% of the DDoS attacks happening today.
In the last few years, there is has been a shift to slightly more sophisticated DDoS attack strategies. Research shows that there has been a sharp increase in multi-vector DDoS attacks, which basically shift the type of DDoS from one vector to another. For example, an attack may start with a flood of SYN packet requests from multiple sources—botnet—that each leave a partially open socket and rapidly decrease bandwidth, then quickly shift to an application-layer DDoS attack that exhausts network resources. Effectively a misdirection play, multi-vector DDoS attacks require a specific defense strategy that has not always been in place and may not be at the forefront of every cyber defense team’s playbook. Additionally, modern DDoS attacks can be TCP State Exhaustion attacks, which target a specific server or group of servers and attempt to occupy and overwhelm the total number of connections that a server can maintain, and the application-level DDoS attacks that exploit weaknesses in an application to consume CPU cycles and processing power.
How organizations are tackling the DDoS problem
Typically, most organizations of significant size or with sensitive vulnerabilities have handled this type of security using in-house and point security methods. However, the IDC survey found that a significant number of organizations are turning to other methods specifically to address DDoS concerns. After all, in the cybersecurity landscape there are many areas that should keep you up at night, but if your revenue depends on your services, having them denied basically nullifies any reason to have them in the first place. As part of this progressive anti-DDoS movement, there are several directions organizations can take to move from point product-based concepts and to shift the work and management effort to a third party.
The latest information shows that organizations are turning to cloud providers, Managed Security Service Providers (MSSP), and various security vendors for support in combatting DDoS attacks. Further, there seems to be a trend toward a hybrid solution to solve for the multi-vector DDoS attack problem.
One of the best defenses to mitigate DDoS attacks is infrastructure-related. Proper defense requires a scalable network with robust features that provide enough bandwidth for the redirection and “scrubbing” needed to mitigate the attack while it is happening, while simultaneously maintaining enough bandwidth to continue business operations uninterrupted. Cloud service providers usually provide skillfully-designed DDoS mitigation plans. After all, a cloud provider’s job is to scale and manage traffic as necessary. That is the service they provide, unlike most businesses who provide other services and see IT and security services as a necessary expense of doing business.
MSSPs are typically cyber and IT security consultants that can be utilized as a third-party entity to manage perimeter security, perform penetration testing and provide security monitoring services. As it pertains to DDoS, MSSPs provide expertise in highly sophisticated security architecture development that protect against the latest DDoS methods. MSSPs can also develop incident response plans (IRPs) and assess an organization’s strategy and overall readiness against a DDoS attack, and monitor and mitigate as necessary.
There are security vendors that provide DDoS protection services, too. These services usually offer large, scalable networks and high capacity for scrubbing. DDoS protection services employ an extremely specialized, high-tech plan for mitigation and deployment of remediation. If an organization’s risk analysis results in a high priority of protecting their business services from denial, they will usually pay a premium for this type of service.
Survey: A majority of respondents were attacked up to 10 times in past year
The IDC survey had several other interesting findings. The number of polled top-level leaders was 140, and in that sample, 53% stated they had been a target of a DDoS attack in the past 12 months. Within the responders that affirmed an attack, 56% said they had experienced a volumetric attack, 55% said state exhaustion, 41% said layer 7 attack, and 44% said multi-vector.
Of those polled, 64 people gave specific details about their attack experience in the past 12 months. A majority was hit up to 10 times, and those attacks lasted up to 10 hours on average. Incredibly, 13% revealed that they had been hit up to 100 times.
Of those polled, 99% said they purchased some level of DDoS protection services from a provider or vendor, with 80% of those utilizing a minimum of a cloud-based provider. However, the concept of not relying on a single DDoS protection mechanism is growing rapidly in today’s market. Forty-seven percent of respondents said they are using a hybrid deployment of the available providers to mitigate against the largest set of DDOs vulnerabilities. Cross-referenced against organizational size, it was the mid- to large-sized companies that were most heavily utilizing the hybrid solutions, typically an integrated on-premise appliance that signals a cloud-based scrubbing service.
Choosing a DDoS mitigation service requires careful consideration of factors that affect your desired outcomes. Vendor expertise, specific performance guarantees and SLAs, support services, and, of course, cost weigh heavily in the decisions that organizations must make. IDC determined that cost and pricing was only a marginal decision factor in organizations of all sizes. Expertise and performance guarantees were reported to be the most important characteristic to be factored. Among the DDoS prevention features, real-time monitoring and threat intelligence and advanced analytics headed the list. Additionally, uptime and service availability were at the top of the desired criteria for SLAs.
The IDC survey also revealed a majority of organizations are planning to spend between 6-20% of their IT budget on DDoS solutions. This type of research indicates that the threat of DDoS attacks is not waning. Real-time monitoring and proper threat intelligence are appealing to organizations wishing to protect their service availability, and DDoS expertise is essential for the growing number of organizations who want to deploy a hybrid, integrated DDoS solution.
How can you reduce the impacts of DDoS attacks? A highly trained staff.
It’s virtually impossible to prevent a DDoS attack but as with many cyber threats, knowledge is power. One of the best ways to lessen the impact of a DDoS attack is to arm your enterprise and your staff with the tools and knowledge to identify, defend and respond to DDoS attacks. Global Knowledge offers a robust suite of cybersecurity courses designed to educate IT personnel on cyber threat prevention and mitigation. The courses listed below can specifically help you understand DDoS attacks and how to prepare yourself and your organization for these threats.
• CND - Certified Network Defender
• CHFI - Computer Hacking Forensic Investigator v9
• CCSP Certification Prep Course
Never miss another article. Sign up for our newsletter.