Our 2015 Bot Traffic Report confirms that distributed denial of service (DDoS) attacks continue to trouble network operations teams. A quick Internet survey of related security news reveals that it’s not “if” you get attacked, but rather “when.” Having a well-researched mitigation plan in place before you need one can be an important starting point for your overall defense strategy.
We’ve put together The Network Ops DDoS Response Playbook, a guide focused on how to prepare yourself against a DDoS attack on your business and what to do if you are under attack. You’ll find practical tips, best practices and an overview of the cyber security technologies available to protect your business.
Who’s behind a DDoS attack and why?
The profile of DDoS attackers range between solo operators, businesses and nation states, each driven by different motivations:
- Business competition
- Cyber vandalism
- Personal rivalry
- Extortion
- Hacktivism
How frequent are DDoS attacks?
Our latest Global DDoS Threat Landscape Report shows that there was a 25.3 percent increase in the frequency of network layer attacks in Q4 of 2015—and a significant 108.5 percent increase in the prior quarter.
“These were predominantly short high-volume bursts, best exemplified by the largest network layer assault we dealt with in Q4—a 40 minute-long SYN flood that peaked at 325 Gbps and 115 Mpps. This was one of the largest DDoS attacks mitigated by any DDoS protection provider to date.”
Our statistics indicate that even single-vector attacks associated with botnets-for-hire accounted for more than 40 percent of all network layer attacks.
Application layer assaults are also on the rise, and tend to be repeated. Here 44.7 percent of targets were hit more than once in Q4 of 2015, and 20 percent were bombarded five times or more.
[Such] incidents…continued to shorten in duration while losing nothing in tenacity. The largest…mitigated in Q4 was a …very intense burst that targeted a Chinese-based online trading platform…DDoS is a communal problem affecting the entire Internet ecosystem.
As an exception to this, as of mid-January one application layer attack has been pounding undefended servers for 101 days, with no sign of it being abated at the time the report was written.
“[It] represents just how easy it is to sustain a sizable application layer attack; only a few compromised devices are needed to generate enough traffic to take down a mid-sized website and keep it paralyzed for a very long duration.”
How serious is the financial implication of an attack?
Our 2014 DDoS Impact Survey found that $40,000 is the average cost per hour of an unmitigated DDoS attack. If the attack is not immediately blocked it may run over the course of many days and the total loss can run in the hundreds of thousands of dollars. There are also possible subsequent losses due to reputational damage.
What needs protection?
You’ll need to protect your network infrastructure. Infrastructure protection secures critical components of your network such as web, email, FTP across entire subnet ranges. In the event of an attack, traffic is rerouted through your provider using BGP announcements.
If you run web applications, you’ll need website protection. Cloud-based WAFs protect your website or application against any type of application layer hacking attempt, including cross-site scripting, illegal resource access, and remote file inclusion.
There is a third component to this equation that is often overlooked, however, and it’s one that can endanger even the most hardened network infrastructures. These are your DNS servers—whether they’re in-house or you contract with an outside entity for this service you’ll need to protect them from attacks such as DNS amplification and DNS floods.
On demand or always-on?
Especially in dealing with a commercial website or online application (e.g., SaaS applications, online banking, e-commerce), 24×7 always-on protection can provide peace of mind. Since per-attack activation isn’t required, there is virtually no delay in thwarting DDoS assaults.
Incapsula Website Protection is one such always-on service, supported by our global content delivery network (CDN) and web application firewall (WAF).
Our infrastructure protection service, using GRE tunneling technology, is available as a highly-reliable, on demand service—ideal for those networks where any form of latency may be a concern. It is also available as an always-on service for networks that have experienced repeated attacks or cannot afford any down time. It continually monitors and mitigates them—stopping any attack before it has an opportunity to bring down the network. This service is available for entire subnets or individual IP addresses.
A handy resource
You can find robust solutions to protect against both network and application layer attacks. As you explore your options, ask about the underlying technology of your DDoS mitigation services, such as challenge, behavioral, caching, geo-protection, IP reputation, signatures, rate limit, and more.
The Network Ops DDoS Response Playbook can help you determine which type of mitigation service(s) best fits your business needs. If you have questions for us, we invite you to speak with a member of our team to determine which set of services best answer your particular requirements.
Try Imperva for Free
Protect your business for 30 days on Imperva.