Take a moment and try to recall the last time anyone told you that distributed denial of service (DDoS) attack is a diminishing issue. Just like death and taxes, the DDoS threat has reached the level of “unavoidable fact” for the day-to-day of digital businesses and operators. There is every reason to believe that DDoS attacks will do nothing other than grow in frequency and size for the foreseeable future.
In fact, these threats are becoming so common that the DDoS attack community is industrializing. You can now buy a DDoS attack online for as little as five bucks and bring it to bear on your business or gaming competitors. While most of those types of attacks are not of the massive variety, the frequency at which they are showing up is alarming, and they can still have clear and direct impacts on customer experience, service quality and digital business availability.
While the smaller attacks are numerous and annoying, the bigger ones are of much more significant concern. In September, journalist Brian Krebs’ website was hit with a massive Internet of Things (IoT) botnet attack that saw rates exceeding 600 Gbps, because he “outed” some bad actors who were running a DDoS-for-hire operation. The Dyn cyberattack last month, that brought down much of the internet, was likely the biggest of its kind in history. This scale of threat vastly exceeds most enterprise internet connections, leaving the only practical mitigation choices exclusively in the realm of service providers.
As an industry, the tech sector needs to take this challenge very seriously. The techniques and technologies for countering an expanding DDoS attack landscape are pretty well known, but there are some real technical challenges at hand. This presentation at the September 2016 Strange Loop conference demonstrates that there’s no disputing we are in an arms race. As attackers’ capacities and sophistication continue to advance, so must our means for detection and mitigation.
New strategies must be embraced and technologies employed at multiple levels. Detection needs to be fast and accurate with minimal false positives and false negatives. Local mitigation appliances need to be powerful and cost effective for handling smaller attacks, coupled with more serious cloud-based solutions to handle the larger ones. Most important of all, complete DDoS protection requires flexibility to rapidly identify and adapt to changing attack patterns and new exploits as they arise.
Enterprise technology players must consider visibility solutions that accurately recognize DDoS attacks as part of their broader network of security operations intelligence solutions. This approach must deliver a platform for network traffic and performance monitoring and analytics. Capabilities must be broad, spanning NetOps, SecOps and NetEng use cases, and include highly accurate DDoS detection. This unique big data-based SaaS solution keeps all raw flow data for 90 days, so you have a complete forensic data set on hand at all times.
The takeaway here is that you need real firepower to deal with the real and growing threat of DDoS. You need scalable and flexible mitigation options, coupled with accurate and adaptable detection.
About the Author
Jim Frey, vice president of strategic alliances at Kentik, has more than 20 years’ experience in the network management tools and technology sector, in roles ranging from product manager and marketing executive to industry analyst. Most recently, he was VP of research with Enterprise Management Associates, and before that he was VP of marketing at NetScout Systems.