VP Sales, SAARC & Middle East
NETSCOUT
Today, enterprises heavily rely on the internet and web-based applications and services, making their continuous availability critical for business growth and long-term sustainability. A public-facing website plays a crucial role in the organization’s delivery service to customers and connecting audiences online. Information is accessed by users, and transactions are conducted between the audience and the organization through these websites. Moreover, the organization’s website supports brand building and establishing credibility to a large audience across geographies. When websites and applications become unavailable, it has devastating consequences for organizations. Frustrated customers eventually lose patience and possibly switch to other brands. Business operations come to a halt, resulting in low productivity, revenue losses, and brand damage. Partners who rely on the organization’s internal website witness supply chain and production disruption. All these challenges arise because of Distributed Denial of Service or DDoS attacks by cybercriminals.
DDoS attacks are a serious threat to all industries
A DDoS attack is a malicious attempt to overwhelm the resources of a network, application, or service, rendering it inaccessible to legitimate users. DDoS attacks are a threat to all industries, whether they are retailers, financial services, or gaming companies, where the need for availability is key. Manufacturing, pharma, and healthcare organizations with internal web properties that supply chain and other business partners depend on for daily business operations are targets for sophisticated cyberattacks. DDoS attacks also target the mission-critical business applications that organizations rely on for daily business operations, such as email, CRM, among others.
Understanding the misconceptions surrounding DDoS attacks
The myths surrounding DDoS attacks can tone down their severity leading to ineffective security measures. DDoS myths can make organizations vulnerable to other types of attacks, create misdirected strategies for mitigation, or even cause the security teams to fail to detect attacks. Some of the myths pertaining to DDoS attacks are debunked here.
Myth 1
DDoS attacks are rare, only targeting large enterprises and launched by sophisticated cybercriminals
This is not true. As a matter of fact, DDoS attacks are not rare but very frequent and prevalent, targeting businesses of all sizes and sectors. ASERT Research team from NETSCOUT has estimated more than 15 million attacks worldwide last year, compelling organizations to implement robust defensive strategies. Besides targeting large corporate networks, DDoS attacks are also aimed at infrastructure and key services, such as the power grid, impacting society at large. Not all DDoS attacks are sophisticated, such as the ones carried out by nation-states. Several of them leverage low-cost or even free DDoS-for-hire services. More often, the ones requesting DDoS-for-hire attacks are not sophisticated threat actors but are acting on behalf of geopolitical events, attacking organizations, individuals, or infrastructures that go against their interests.
Myth 2
DDoS attacks flood networks with huge traffic only
DDoS attacks have evolved rapidly from the time they were first launched, which involved large floods of traffic. Today, they have become smaller, targeted, precise, complex, aiming at DNS and HTTP applications, and are equally dangerous as large attacks. They are rising in number, but are often ignored by DDoS protection services and cloud protection solutions. Other smaller and common types of attacks are TCP-state-exhaustion attacks that target on-prem devices, overwhelming their state tables with fake connections, preventing legitimate users from accessing parts of the network.
Myth 3
Next-Gen Firewalls are sufficient to prevent DDoS attacks
Next Generation Firewalls (NGFWs), a significant advancement in cybersecurity, are stateful security devices designed to protect against a broad range of modern-day cyberattacks. However, the device’s stateful design makes it vulnerable to state-exhaustion attacks. This challenge can be addressed by pairing NGFWs with a stateless DDoS mitigation solution and placing it in front of the firewalls.
Myth 4
Cloud-based DDoS protection is sufficient on its own
Cloud-based DDoS protection is useful for stopping a DDoS attack that exceeds the internet bandwidth. However, additional security measures are necessary to prevent the smaller attacks from slipping past these protections. Today’s DDoS attacks utilize multiple vectors to bypass defenses, such as pairing a volumetric attack or state-exhaustion attack with an application-layer attack to target several areas of the network, where detecting and mitigating them becomes a challenge. By pairing cloud-based and on-premise inline DDoS protection solutions in a hybrid approach to DDoS defense, organizations can protect themselves against agile, multi-vector DDoS attacks while increasing availability and uptime.
Myth 5
The use of AI and ML is not essential for DDoS protection
At a time when threat actors are leveraging AI and ML in their attacks to multiply further, become more sophisticated, and avoid detection, the defense measures also should be able to match them. A cybersecurity strategy should include AI and ML technologies for its anomaly detection capabilities. These technologies can be leveraged in curated threat intelligence feeds to automatically block known active DDoS threats in real time and should be continuously updated. By doing so and by automating real-time countermeasure adjustment, emerging threats can be easily detected, and that includes multi-vector threats too.
Organizations should get the facts about DDoS attacks and not fall victim to these myths. They should deploy an AI and ML-powered DDoS protection solution that adapts to any changes in the attacker’s strategy and ensures the continued availability of critical business services and applications.
– -Authored by Gaurav Mohan, VP Sales, SAARC & Middle East, NETSCOUT
