Australia
Story image

DDOS threats – is your business really protected?

29 Jun 2018
Sara Barker
Share:

Targeted cyber-attacks are now, more than ever, a critical concern for all businesses. Threats from ransomware to DDoS attacks, have been regularly making headlines. There is, without a doubt, a growing awareness of the sheer volume of these attacks and they are hitting businesses of all sizes.

Distributed Denial of Service (DDoS)

DDoS attacks aims to render a server, service or an infrastructure unavailable by overloading the server's bandwidth or monopolising its resources until the point of depletion.

During a DDoS attack, a multitude of requests are sent simultaneously from multiple points across the internet. The intensity of this "crossfire" renders the service unstable, or even worse, unavailable.

An unavoidable phenomenon

It is now easier than ever to launch a DDoS attack. You no longer need advanced technical skills to disrupt a service or make it unavailable. Attacks are increasingly frequent and intense but they are also increasingly sophisticated (and constantly evolving). They are designed to create major disruption that does not only impact the bottom-line, but affects reputation too.

A race against time

The race against time has no finishing line. As the internet’s size and capacity expands, the intensity of the attacks will continue to grow. And their sophistication will grow too.

On the one hand, it is important to consider the mechanisms behind the attacks to continuously improve mitigation tactics. On the other, be aware that attackers are trying to understand how protective mechanisms work to get around them or find a vulnerability to exploit it.

An evolving landscape

Greater reactivity will become standard for an increasing number of users. In the field of the Internet of Things (IoT), for example, detection should lead to an immediate reaction.

Indeed, IoT is quickly going to pose another challenge: how to correctly distinguish a DDoS attack from a massive influx of data from connected sensors, which are multiplying exponentially.

From the ground up

Today’s security teams need to think about implementing solutions before building a robust infrastructure. It is imperative to check protection solutions for automated detections and mitigation of the abnormal increase of inbound traffic (i.e. repetition of the same packets in order to destroy the service).

Specifically:

  • Hardware i.e. own appliance inside the entry of the network: it can be a feature included in a firewall or a dedicated device system such as Arbor equipment. The physical layer will provide better protection for inbound packets.
  • Content Delivery Network (CDN): ensure that your CDN is properly configured in order to protect infrastructure from the request (attack) reaching the service (website, game, telephony etc.)
  • Cloud Service Provider (CSP): does your CSP have an in-house solution which defines approved sources of content to maintain your own protection system for more affordable and stronger solutions

Risk mitigation

To ensure systems are adequately equipped to resist attacks it is imperative to understand DDoS mitigation technologies. Ask questions and do not rest until you have the answers.

What mechanisms do you have in place to protect your infrastructure, is your cloud provider doing their job? Do you have adequate protective measures in place to mitigate the impact of attacks? Is your DDoS protection capable of resisting not only the attacks of today but the attacks of tomorrow?

It is not a question of whether you need anti-DDoS protection, but when you will suffer your first DDoS attack.

Article by OVH lead network engineer APAC, Florian Valette.

Related stories:
DNS amplification attacks increase 1000% since last year - Nexusguard
Second Akamai scrubbing centre opens in Melbourne
DDoS attacks on the rise despite taking a summer break 
Only 20% of organisations use cloud DLP – Bitglass
ThetaRay offering uses AI against financial cybercrime
RSA responds to increasing A/NZ regulations with new updates
Dig deeper:
Story image
18 Dec
Security teams could be slowing down DevOps, survey shows
Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.More
Story image
20 Dec
Number of spam emails drops, still accounts for 55% of traffic
Significantly, spam messages account for more than half of 295 billion in 2019, making 55% of global email traffic in this year, the company states.More
Story image
20 Jan
Key considerations for consistent IoT manageability and security
To address the risks connected IoT devices pose, it is important organisations come up with a strategy that will ensure every device is monitored and managed, Forescout says. More
Download image
Preparing your business to harness the power of cybersecurity automation
Discover how cybersecurity automation can help you regain the advantage against modern cybercriminals and bolster your enterprise security posture. More
Story image
02 Jan
Cybersecurity: The top three predictions that will headline 2020
"Collecting data from various systems, tools and devices and the application of analytics, AI and machine learning will gain speed."More
Story image
10 Dec
EC-Council appoints distie to expand into A/NZ
It has appointed ACA Pacific to help roll out its cybersecurity solutions, including newly acquired OhPhish, to the Australia and New Zealand markets.More
Story image
Security teams could be slowing down DevOps, survey shows
Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.More
Story image
Number of spam emails drops, still accounts for 55% of traffic
Significantly, spam messages account for more than half of 295 billion in 2019, making 55% of global email traffic in this year, the company states.More
Story image
Key considerations for consistent IoT manageability and security
To address the risks connected IoT devices pose, it is important organisations come up with a strategy that will ensure every device is monitored and managed, Forescout says. More
Download image
Preparing your business to harness the power of cybersecurity automation
Discover how cybersecurity automation can help you regain the advantage against modern cybercriminals and bolster your enterprise security posture. More
Story image
Cybersecurity: The top three predictions that will headline 2020
"Collecting data from various systems, tools and devices and the application of analytics, AI and machine learning will gain speed."More
Story image
EC-Council appoints distie to expand into A/NZ
It has appointed ACA Pacific to help roll out its cybersecurity solutions, including newly acquired OhPhish, to the Australia and New Zealand markets.More
Story image
Endace expands channel partners globally, experiences significant growth
Endace has announced global growth in the packet capture market, and the importance of packet capture as a key source of data for network security, is contributing to significant growth of the company.More
Story image
Malwarebytes stalwart promoted to chief product officer
"Akshay has been an incredible partner with product development, enabling our long-term product vision. His leadership has been instrumental to our continued growth and success."More
Download image
AWS need not be a minefield: Optimising the cloud journey for real results
Find high-performance outcomes through your use of AWS, and save time and money whilst doing so.More
Story image
Five security risks faced in the modern workplace - Empired
According to the Australian Government Department of Communications, the average cost of an individual cybersecurity breach to a business is $276,000.More
Story image
OPPO partners with bug bounty company HackerOne
With over 320 million monthly active users of OPPO’s ColorOS, and a rapidly expanding online presence, cybersecurity is top of mind for the mobile phone manufacturer.More
Download image
Defuse the security vs innovation tensions in your workplace
Business leaders can start to address this conflict by asking themselves: “How do we confidently manage the cyber risks inherent in our digital strategy?”More
Story image
StorageCraft report suggests firms need a 'ransomware reality check'
68% of respondents have a ransomware recovery plan, yet almost a quarter (23%) don’t test those plans, and 46% test them once a year or less.More
Story image
WhiteHawk delivers cybersecurity amid heightened threats
Nation-state attacks have targeted telecommunications and internet service providers, government organisations, and other institutions globally.More
Story image
Trend Micro debuts security services platform for cloud applications
Trend Micro Cloud One automates and simplifies cloud security to give organisations the flexibility they need to meet their most strategic cloud priorities.More
Story image
Ransomware vs cities in 2019: 174 and counting
At least 174 municipal institutions, with more than 3,000 subset organisations, have been targeted by ransomware during the last year. More
Download image
The ultimate test: Can these firewalls stand up to malware attacks?
With a multitude of solutions on the market, ESG decided to use malware attacks to evaluate market solutions like Juniper Networks’ automated threat detection and remediation.More
Story image
BitSight enhances fourth-party risk management solution
BitSight for Fourth-Party enables customers to identify areas of business and cyber risk. It does this by automatically pinpointing connections between any organisation, its business partners, and potentially risky fourth parties.More
Story image
Kaspersky named top dog in Canalys channel satisfaction report
The company was named the top cybersecurity vendor for channel satisfaction after achieving the highest overall rating against 10 others.More
Story image
75% of DevOps professionals say certificate issuance policies slow them down
Less than half of DevOps professionals believe developers always request certificates that serve as machine identities through authorised channels.More
Story image
Cloud adoption trends: SSO adoption lagging
Research found that only 34% of those who had adopted cloud-based solutions had implemented single sign-on (SSO), one of the most basic cloud security tools.More
Story image
How integrated edge security and WAF can secure application delivery
Edge security, SSO application integration and flexible authentication options are critical for optimal user experience and information security policy compliance, Kemp says.More
Link image
Whitepaper: Everything you need to know to build a strong cyber defence
There’s no denying the cybersecurity challenges: lack of skills, compliance and the changing threat landscape are just the tip of the iceberg.More
Download image
Fighting the sophisticated, sustained cyber-attacks of the 21st century
Advanced persistent threats are capable of breaching data infrastructure through continuous targeting and then remaining within that infrastructure, undetected.More
Story image
Talend hires its first global CISO, Anne Hardy
Talend’s new chief information security officer Anne Hardy says she’s looking forward to driving security priorities within the company as its scales to new heights.More
Story image
Google adds iPhone capability to Advanced Protection Program
iPhone users are now able to use their phones to sign up to Google’s Advanced Protection Program, using the iPhone’s built-in security key technology. More
Story image
Three cybersecurity vendors outline 16 industry predictions for 2020
With 2019 coming to a close, Ping Identity, Attivo Networks, and LogRhythm’s experts share what 2020 holds in store for cybersecurity. More
Top internet outages of 2019 - ThousandEyes
The most significant of these outages took place over the northern hemisphere summer and disrupted nearly every top tech company in some fashion.More
Citrix flaw puts 80,000 companies at risk
"Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat."More
Sophos extends MSP program in the name of advancing enterprise security
Sophos has extended its managed service provider (MSP) program to make it easier for MSPs to deploy, manage and sell the Sophos product portfolio.More
ExtraHop outlines strong growth in 2019 - expects bumper year ahead
ExtraHop has expects to 2020 to be hot on the heels of a bumper year in 2019, with US$150 million in bookings and more than 40% year-on-year growth under its belt.More
Weak passwords continue to give cyber crims access to personal information
New research highlights the continuing issue of weak passwords, revealing that 30% of ransomware infections in 2019 were due to passwords.More
Check Point report highlights latest cyber-threats worldwide
28% of all organisations worldwide were impacted by malicious multi-purpose botnets, while the rise of 20% of incident response cases were targeted ransomware attack.More
ESET urges parents to consider security protection for their children
While many parents worry about their child’s online activity, many are not taking precautionary measures, according to new insights from ESET.More
Whitepaper: Evolving data centre security with next-gen firewalls
NGFW functionality can identify the actual application that is transported, regardless of port being used and the capability to attach user identity to security policies to manage traffic.More
Kaspersky unveils rebranded offices in Asia Pacific
"It is also about how we shift our business mindset, our corporate practices, our market priorities, and our vision and mission as a company."More
Mimecast acquires brand exploitation prevention startup
The acquisition of the Israeli Segasec extends Mimecast’s capabilities to protect against brand exploits used to steal money and data.More
Are they spying? Young people wary of virtual assistants
Privacy and security fears put young people off using virtual assistants for customer servicesMore
ESET releases Australian Cyberawareness Index 2019 results
The survey covered the current state of technology adoption and what users are doing online as well as what they’re doing to protect themselves.More
Report: The evolution and proliferation of banking malware
Fortinet’s quarterly threat report has the latest on trends and updates on threat actors and attack patterns, showing some surprising findings. More
Equifax breach vulnerability surfaces as top network attack in Q3 2019
WatchGuard’s latest Internet Security Report also reveals significant increases in malware and network attacks, as zero day malware accounts for 50% of all detections.More
Blink XT2 surveillance cams patched after 'severe' vulnerabilities found
If exploited, the vulnerabilities could give attackers full control of an affected device, allowing them to remotely view camera footage, listen to audio output and hijack the device for use in a botnet.More
Companies not utilising threat hunters correctly – study
“Responding to threats is important for security, but it is not the main task of the threat hunter.”More
The dummies guide to sussing out MSSPs
A pure DIY approach might not be tenable for your organisation depending on your maturity and business goals.More
Sophos launches Intercept X for mobile
New security for Chrome OS and mobile threat defence for Android and iOS devices protects users from new fleeceware applications uncovered by SophosLabs. More
More stories