Australia
Story image

DDOS threats – is your business really protected?

29 Jun 2018
Sara Barker
Share:
LinkedIn
Twitter
Facebook

Targeted cyber-attacks are now, more than ever, a critical concern for all businesses. Threats from ransomware to DDoS attacks, have been regularly making headlines. There is, without a doubt, a growing awareness of the sheer volume of these attacks and they are hitting businesses of all sizes.

Distributed Denial of Service (DDoS)

DDoS attacks aims to render a server, service or an infrastructure unavailable by overloading the server's bandwidth or monopolising its resources until the point of depletion.

During a DDoS attack, a multitude of requests are sent simultaneously from multiple points across the internet. The intensity of this "crossfire" renders the service unstable, or even worse, unavailable.

An unavoidable phenomenon

It is now easier than ever to launch a DDoS attack. You no longer need advanced technical skills to disrupt a service or make it unavailable. Attacks are increasingly frequent and intense but they are also increasingly sophisticated (and constantly evolving). They are designed to create major disruption that does not only impact the bottom-line, but affects reputation too.

A race against time

The race against time has no finishing line. As the internet’s size and capacity expands, the intensity of the attacks will continue to grow. And their sophistication will grow too.

On the one hand, it is important to consider the mechanisms behind the attacks to continuously improve mitigation tactics. On the other, be aware that attackers are trying to understand how protective mechanisms work to get around them or find a vulnerability to exploit it.

An evolving landscape

Greater reactivity will become standard for an increasing number of users. In the field of the Internet of Things (IoT), for example, detection should lead to an immediate reaction.

Indeed, IoT is quickly going to pose another challenge: how to correctly distinguish a DDoS attack from a massive influx of data from connected sensors, which are multiplying exponentially.

From the ground up

Today’s security teams need to think about implementing solutions before building a robust infrastructure. It is imperative to check protection solutions for automated detections and mitigation of the abnormal increase of inbound traffic (i.e. repetition of the same packets in order to destroy the service).

Specifically:

  • Hardware i.e. own appliance inside the entry of the network: it can be a feature included in a firewall or a dedicated device system such as Arbor equipment. The physical layer will provide better protection for inbound packets.
  • Content Delivery Network (CDN): ensure that your CDN is properly configured in order to protect infrastructure from the request (attack) reaching the service (website, game, telephony etc.)
  • Cloud Service Provider (CSP): does your CSP have an in-house solution which defines approved sources of content to maintain your own protection system for more affordable and stronger solutions

Risk mitigation

To ensure systems are adequately equipped to resist attacks it is imperative to understand DDoS mitigation technologies. Ask questions and do not rest until you have the answers.

What mechanisms do you have in place to protect your infrastructure, is your cloud provider doing their job? Do you have adequate protective measures in place to mitigate the impact of attacks? Is your DDoS protection capable of resisting not only the attacks of today but the attacks of tomorrow?

It is not a question of whether you need anti-DDoS protection, but when you will suffer your first DDoS attack.

Article by OVH lead network engineer APAC, Florian Valette.

Related stories:
DNS amplification attacks increase 1000% since last year - Nexusguard
Second Akamai scrubbing centre opens in Melbourne
DDoS attacks on the rise despite taking a summer break 
Only 20% of organisations use cloud DLP – Bitglass
ThetaRay offering uses AI against financial cybercrime
RSA responds to increasing A/NZ regulations with new updates
Dig deeper:
Story image
27 Sep
NetEvents announces Innovation Award finalists for 2019
Darktrace, Mellanox, and NetFoundry are amongst the finalists for this year’s NetEvents Innovation Awards 2019, in the fields of Cloud/Datacenter, internet of things (IoT), and cybersecurity.More
Story image
30 Sep
Most organisations exhibiting malicious RDP behaviour - report
Remote Desktop Protocol is a vital tool for managed service providers (MSPs) in their management of hundreds of client networks and systems.More
Story image
10 Oct
Password habits still key obstacle to business’ security - LogMeIn
The report found that while more businesses are investing in security measures like multi-factor authentication (MFA), employees still have poor password habits.More
Download image
E-book: Ten steps to automate network security
The modern cybersecurity landscape is continually evolving with new, sophisticated malware and attack techniques that threaten enterprises on a massive scale.More
Download image
ESG puts Juniper Networks security solutions to the test
With a multitude of solutions on the market, ESG decided to use malware attacks to evaluate market solutions like Juniper Networks’ automated threat detection and remediation.More
Story image
10 Oct
Nuance announces updates to biometric fraud detection offering
A recent Nuance survey found 1 in 4 people have fallen victim to fraud in the last twelve months, each person losing an average of $2,000 due to inefficient passwords.More
Story image
NetEvents announces Innovation Award finalists for 2019
Darktrace, Mellanox, and NetFoundry are amongst the finalists for this year’s NetEvents Innovation Awards 2019, in the fields of Cloud/Datacenter, internet of things (IoT), and cybersecurity.More
Story image
Most organisations exhibiting malicious RDP behaviour - report
Remote Desktop Protocol is a vital tool for managed service providers (MSPs) in their management of hundreds of client networks and systems.More
Story image
Password habits still key obstacle to business’ security - LogMeIn
The report found that while more businesses are investing in security measures like multi-factor authentication (MFA), employees still have poor password habits.More
Download image
E-book: Ten steps to automate network security
The modern cybersecurity landscape is continually evolving with new, sophisticated malware and attack techniques that threaten enterprises on a massive scale.More
Download image
ESG puts Juniper Networks security solutions to the test
With a multitude of solutions on the market, ESG decided to use malware attacks to evaluate market solutions like Juniper Networks’ automated threat detection and remediation.More
Story image
Nuance announces updates to biometric fraud detection offering
A recent Nuance survey found 1 in 4 people have fallen victim to fraud in the last twelve months, each person losing an average of $2,000 due to inefficient passwords.More
Download image
How businesses walk the line between information sharing and cyber risk exposure
Research has uncovered tension between what organisations seek to achieve through their digital transformation efforts and their concerns about the risks created by their ambitions.More
Story image
Public dataset to help researchers predict malicious activity unveiled
The dataset comprises 51.6 malicious activity reports involving 662,000 unique IP addresses across the globe. More
Story image
Lack of IT security input in DevOps creates unnecessary risk 
The lack of security involvement in DevOps projects was reportedly creating cyber risk for IT leaders.  More
Story image
Are Fortune 500 companies failing at cyber security? 
"Lax security and its resulting breaches have long-term repercussions for organisations as well as their customers, shareholders, partners, and other stakeholders."More
Story image
Data loss prevention: Why digital images should not be overlooked
Digital images are increasingly being used as mechanisms for cyber-attacks. What can organisations to minimise risks and mitigate against this advanced threat? More
Story image
BitSight and ServiceNow announce integrations improving cyber risk management
Together, BitSight and ServiceNow provide organisations with prioritised visibility and automated workflows to manage cyber risk.More
Story image
Dell announces new data protection solutions
“As organisations generate increasing amounts of data, concerns extend beyond securely storing and protecting data to managing it across diverse environments.”More
Story image
Enterprise incident response plans suffer from neglect – Verizon study
Incident response plans may be a useful part of cyber-preparedness, but they’re of little use if security teams don’t review, test or update those plans on a regular basis.More
Story image
WatchGuard releases new ruggedised network security appliance
The Firebox T35-R provides network security capabilities beyond traditional office settings and to industrial internet of things (IIoT).More
Story image
Fortune 500 companies failing to demonstrate cybersecurity commitment - Bitglass
The report found that 38% of the 2019 Fortune 500 do not have a chief information security officer (CISO).More
Download image
CIOs discuss performance efficiency strategies on the road to hybrid cloud
Listen to the testimonies of these executives to find out if VMware Cloud on AWS is right for your organisation.More
Story image
The key performance metrics to monitor for perfect server visibility
Organisations need to have server monitoring tools that cover the right performance indicators that fit the applications they have running on their servers. More
Story image
Phishing leading cause of data breaches across Australia
This indicates hackers are targeting the weakest link in the security chain – end users.More
Story image
September’s top malware, Emotet botnet strikes again – Check Point
Check Point’s researchers report that the notorious botnet has been reactivated and is spreading active campaigns again.More
Story image
Gartner: Top 10 government tech trends
“Public sector leaders expect government CIOs to find ways technology can reduce costs, create efficiencies and improve outcomes for citizens and businesses."More
Download image
How advanced threats are changing the way organisations approach cybersecurity
Effective security now requires firms to assume penetration and continually scan their environments for malicious activity.More
Story image
Thales: Organisations failing to protect sensitive data in the cloud
Although nearly half of corporate data is stored in the cloud, a quarter of Australian organisations admit they have not employed a security-first approach to cloud storage. More
Story image
Barracuda announces general availability of forensics and incident response offering
The standalone solution gives customers and service providers the ability to increase email security with automated incident response and threat insights.More
Download image
Whitepaper: Australia’s path to cloud migration
A Telsyte study forecasts the total market value for public cloud infrastructure services to reach $775 million by 2019, up from $366 million in 2015.More
Download image
Hands-on advice: Optimising your AWS cloud journey
Core pieces of advice and answers to some of the most commonly asked questions on finding high-performance outcomes through the use of AWS.More
Story image
Cybersecurity and video surveillance – threats, vulnerabilities and best practices
Axis Communications shares its insights on how changing regulations are affecting companies’ data collection and protection practices.More
Canberra Cyber Security Innovation Node launches
The Canberra Node is a part of the National Network of Nodes, which accelerates cyber capability development and innovation across Australia.More
Manage Windows 10 with the most simple, intuitive toolset available
Mobile Mentor’s solution comes with built-in best practice security policies, round-the-clock employee support and bundled endpoint management.More
Cloud-native breaches vastly different from legacy malware attacks - McAfee
The report uncovered that 99% of misconfiguration incidents in public cloud environments go undetected, exposing companies to data loss. More
Sophos launches managed threat response service
The resellable service provides organisations with a dedicated 24/7 security team to neutralise threats.More
DIY or MSSP? How to tailor your security strategy to your needs
Cloud adoption is driving rapid IT transformation and an equally powerful change in the way we must evaluate the threat landscape.More
NetScout's Arbor Networks cybersecurity play shows fruit
We look at the how the vendors cybersecurity strategy has come togetherMore
Trend Micro named as leader in endpoint security
"The bullseye for cyber threats is corporate endpoints, making security solutions in this area a crucial component of any enterprise risk management strategy."More
Sophos Cloud Optix SaaS offering now on AWS Marketplace
Endpoint and network security firm Sophos has now launched its Sophos Cloud Optix SaaS offering on Amazon Web Services (AWS) Marketplace.More
McAfee introduces new threat visibility and prioritisation feature
MVISION Insights will provide the analytics to enable organisations to recognise the threats they will need to take action against, and threats that could potentially impact them in the future.More
Ping Identity releases self-service IAM solution
The solution addresses common tasks across the Ping Intelligent Identity platform with simple, self-service workflows and standardised templates that can be delegated to business users.More
Symantec updates endpoint security offering
The Symantec Endpoint Security (SES) brings automated assistance with security management to evaluate risks and take action to secure their organisation.More
WatchGuard releases cloud-based service to automatically block phishing attempts
DNSWatchGO aims to fill security gap beyond the network perimeter, as new research shows 64% of remote users have fallen victim to a cyber-attack.More
IBM outlines why the 'boom' moment is key to better security
“Often I’m talking with people on the worst day of their business’ life.”More
DXC Connect named ExtraHop’s 2019 Breakthrough Partner
DXC Connect has built out a major service offering focused on the ExtraHop suite of cloud-native network detection and response (NDR) solutions.More
Microsoft announces Azure Sentinel SIEM general availability
Microsoft has announced the general availability of its cloud-native security information and event management (SIEM) solution this week.More
Businesses unsure if they’ve experienced Pass the Hash attacksOne Identity
A PtH attack is when an attacker compromises an end-user’s machine and simulates an IT problem so that a privileged account holder will log into an administrative system. More
Exclusive: Aruba security VP on IoT security, encryption, and UEBA
Aruba security VP and chief technologist Jon Green shares his views on how the changing trends are affecting the way networks are secured.More
Atlassian to integrate Okta’s authentication solution in cloud products
This partnership enables Atlassian to focus on its core products while Okta solves for enterprise identity challenges, securing Atlassian customers.More
More stories