Here are the first things that come to mind when many people think of a DDoS attack: Unsophisticated, the oldest trick in the book, not harmful, “I am not at risk”, and on and on. I am here to tell you it is all false. Our current DDoS threat landscape proves it. Although we see many attacks in the news that are related to political debates and extremists’ hacktivism, other targets, including high schools, e-commerce, and others, don’t necessarily make the news but are attacked as regularly. What we know now is that everybody is a target, and many attacks are getting so sophisticated that they cannot be stopped by conventional DDoS mitigation methods.
So, as promised, here is a list of 5 things every organization should seriously consider to ensure its full and ongoing protection against DDoS threats out there.
1. End-to-End Protection
DDoS protection doesn’t stop at installing a DDoS mitigation solution, whether it is on-prem, in the cloud or a hybrid of both. There is so much more that needs to be thought of ahead of time to make sure a network is safe from a DDoS attack. First, third parties, such as DNS services, that have access to the network must be considered. They have the potential of going down and making your services unavailable. Second, threat intelligence is needed to properly prepare preemptive protections. Knowing ahead of time about known attacks and attackers is critical in the mitigation of major DDoS threats. Third, the service is critical. Having a great protection solution is great, but not having experts by your side when you need them spells trouble. Make sure you have the best SLA (service level agreement) commitment to ensure you have access to everything you need when under attack. Fourth, and last, is scalability. DDoS attacks increase in volume every year and protections need to evolve accordingly. Having the option to scale up or down based on the attack can make the difference between good protection and the right protection.
2. Peacetime Learning
DDoS protection is a lot like car insurance. You invest in it but hope to never use it. Unfortunately, if you are not ready with the right insurance when you are in a massive accident, that is when the “ I wish I would have known better” thinking starts. Let’s not wait for that. In the cyber security world, there is what we call peacetime. It defines the periods of time when no attacks occur. What is highly underestimated is the importance of peacetime. Most people see it as a time when they’ve wasted a lot of money protecting against attacks that never came. Due to budget cuts, some cancel protection after a long period of peacetime. What these people don’t understand is that peacetime learning is worth gold when it comes to adapting the protections and perfecting them for doomsday. In peacetime, a network can be constantly evaluated and patterns identified to profile the behavior of legitimate network traffic. These learning capabilities make it a lot easier to provide accurate protection from advanced attacks when they come.
3. Behavioral-Based Protection
The term behavioral-based protection is getting a lot of traction in the DDoS protection scene. More and more vendors claim to have it, or even excel in it. But what is it and why do you need it? Well, as much as people complicate the term, I’ll make it simple. At the end of the day, the main thing this should mean is What happens to your legitimate users when under attack? Behavioral-based protection should be there to make sure you have a minimum number of false positives and that legitimate users trying to access your services can do so, even while you are under attack. But let’s face it, just making sure they have access is not enough. You have to ensure you preserve the entire user experience for them. They absolutely should not care about the fact that you are under attack. They just want to be serviced properly. They pay a substantial amount of money for business continuity; if you cannot provide that, they will move on to the next person, or company, that can.
4. Application Protection
One of the biggest misconceptions about DDoS attacks is that they occur only at the network level. Today, we see record-breaking DDoS attacks in the application layer, as well. To think that the protections required are reserved for the network layer is like bringing a knife to a gunfight. Attackers are well aware of this misconception among network managers. That’s why, in many cases, it becomes their weapon of choice. The real challenge in application or L7 (layer 7) DDoS attacks is that the traffic at first seems like legitimate traffic. Only when the website is overwhelmed with traffic and cannot service clients properly is there an understanding that an attack has begun. And by that time, it is far too late. While these attacks are highly dangerous, there is still not enough awareness of the threat and not enough protections available that will protect an application when under a DDoS attack.
5. Consistency Across All Environments
Network topologies are rarely only on-prem or just in the cloud. In most cases, today’s architectures are comprised of several different components that all need to be protected from DDoS attacks. Finding one protection that can be deployed across all environments is crucial for the network to stay protected at all times. However, that isn’t the only concern. After achieving that, the next step is to make sure consistency of mitigation can be maintained across each and every one of the deployments, whether it is on-prem, in a private cloud or in any of the public cloud platforms available. Nobody wants to deal with several vendors to get full protection. Or, even worse, to have to settle on protection that doesn’t provide the needed full coverage because that is all they could find. Let’s not forget that each solution and vendor come with their own infrastructures, management systems and maintenance. Having the option to gain full visibility in one place and into all aspects of the network, no matter what the deployment is and where it has been deployed, delivers great advantages.
DDoS Protection — Not a Set-It-and-Forget-It Proposition
DDoS attacks continue to evolve, which is why it is critical to deploy a DDoS protection solution that advances and grows, as well. It’s definitely not a set-it-and-forget-it proposition. You need to deploy solutions that provide ongoing protection, whether in peacetime or during an attack. What you need is the best; what you need is Radware. Go here for more information about Radware’s industry-leading DDoS protection solutions. And please feel free to reach out to one of our cybersecurity professionals here. They’ve been protecting organizations from DDoS attacks for years. They would love to hear from you.
If you’re going to attend the RSA Conference in San Francisco on April 24-27, make sure and stop by the Radware booth (#2139). Meet with our team of experts and take your cybersecurity to the next level. Better yet, you can set up an appointment with them here.