Story image
DDoS
OVH
Compliance

DDOS threats – is your business really protected?

By Sara Barker, Fri 29 Jun 2018
FYI, this story is more than a year old

Targeted cyber-attacks are now, more than ever, a critical concern for all businesses. Threats from ransomware to DDoS attacks, have been regularly making headlines. There is, without a doubt, a growing awareness of the sheer volume of these attacks and they are hitting businesses of all sizes.

Distributed Denial of Service (DDoS)

DDoS attacks aims to render a server, service or an infrastructure unavailable by overloading the server's bandwidth or monopolising its resources until the point of depletion.

During a DDoS attack, a multitude of requests are sent simultaneously from multiple points across the internet. The intensity of this "crossfire" renders the service unstable, or even worse, unavailable.

An unavoidable phenomenon

It is now easier than ever to launch a DDoS attack. You no longer need advanced technical skills to disrupt a service or make it unavailable. Attacks are increasingly frequent and intense but they are also increasingly sophisticated (and constantly evolving). They are designed to create major disruption that does not only impact the bottom-line, but affects reputation too.

A race against time

The race against time has no finishing line. As the internet’s size and capacity expands, the intensity of the attacks will continue to grow. And their sophistication will grow too.

On the one hand, it is important to consider the mechanisms behind the attacks to continuously improve mitigation tactics. On the other, be aware that attackers are trying to understand how protective mechanisms work to get around them or find a vulnerability to exploit it.

An evolving landscape

Greater reactivity will become standard for an increasing number of users. In the field of the Internet of Things (IoT), for example, detection should lead to an immediate reaction.

Indeed, IoT is quickly going to pose another challenge: how to correctly distinguish a DDoS attack from a massive influx of data from connected sensors, which are multiplying exponentially.

From the ground up

Today’s security teams need to think about implementing solutions before building a robust infrastructure. It is imperative to check protection solutions for automated detections and mitigation of the abnormal increase of inbound traffic (i.e. repetition of the same packets in order to destroy the service).

Specifically:

  • Hardware i.e. own appliance inside the entry of the network: it can be a feature included in a firewall or a dedicated device system such as Arbor equipment. The physical layer will provide better protection for inbound packets.
  • Content Delivery Network (CDN): ensure that your CDN is properly configured in order to protect infrastructure from the request (attack) reaching the service (website, game, telephony etc.)
  • Cloud Service Provider (CSP): does your CSP have an in-house solution which defines approved sources of content to maintain your own protection system for more affordable and stronger solutions

Risk mitigation

To ensure systems are adequately equipped to resist attacks it is imperative to understand DDoS mitigation technologies. Ask questions and do not rest until you have the answers.

What mechanisms do you have in place to protect your infrastructure, is your cloud provider doing their job? Do you have adequate protective measures in place to mitigate the impact of attacks? Is your DDoS protection capable of resisting not only the attacks of today but the attacks of tomorrow?

It is not a question of whether you need anti-DDoS protection, but when you will suffer your first DDoS attack.

Article by OVH lead network engineer APAC, Florian Valette.

Related stories
How open banking benefits customers, banks – and cybercriminals>>
NormCyber delivers cyber and data protection with latest release>>
Ransom DDoS attacks surged in final quarter of 2021 - report>>
The shape of risk management in 2022: Cyber risk quantification, ESG, and operational resilience>>
Future of trust: Security compliance automation investment set to increase>>
4 out of 5 organisations to significantly increase cybersecurity budgets in 2022>>
Top stories
Recent stories
Story image
Artificial Intelligence / AI
Red Sift releases a new AI product to quickly resolve phishing attacks
Cybersecurity company Red Sift has launched a new product to help security experts reduce the amount of time spent investigating malicious emails.>>
Story image
Multi Cloud
Dell Technologies caters to multi cloud reality with new capabilities
"With our sustained investments in expanded multi cloud portfolio and a vibrant cloud ecosystem, we will enable organisations to improve spend predictability, transparency, and scalability.">>
Story image
Cybersecurity
Kaspersky maps out supply chain resilience plans in APAC
The Asia-Pacific region has seen a huge digitalisation leap due to the pandemic, with cybersecurity measures taking a back seat, resulting in several high profile ICT supply chain attacks last year.>>
Story image
Artificial Intelligence / AI
Meta says it's building the 'fastest supercomputer in the world'
Meta’s AI Research SuperCluster will be used to develop advanced AI in areas such as computer vision, natural language processing and speech recognition.>>
Story image
Cyber attacks
Enea identifies trends that will shape the mobile industry in 2022
"We trust that the trends highlighted in this year’s report provide a roadmap for mobile operators to navigate our post-pandemic world.”>>
Story image
Qlik
Explainability: the foundation of trust in data
In 2022, data is one of the most valuable assets Australian organisations possess. Long-term success and durability for businesses rest upon it.>>
Story image
Ransomware
ALPHV revealed as most advanced threat actor yet while ransomware attacks on the decline
Global cyber security and risk mitigation firm, NCC Group, has identified a considerable decrease in ransomware attacks in December 2021.>>
Story image
IDC
IDC reveals its top 10 IT industry trends for Australia and New Zealand - report
The report reveals IDC's vision of how A/NZ organisations will deploy and consume technology over the next five years, and contribute to the growth of the digital economy.>>
Story image
Check Point
Check Point Research reveals botnets on the rise, software vendors hit hard by cyber attacks
Software vendors saw the largest year-on-year growth in 2021 at 146%, according to the 2022 Security Report from Check Point Research (CPR), the threat intelligence arm of the organisation.>>
Story image
Forrester
Forrester analysts comment on privacy practices ahead of International Privacy Day
Forrester's analysts share insights ahead of International Privacy Day on how privacy is now a priority for nearly every company worldwide.>>
Story image
Digital Transformation / DX
ThycoticCentrify adds veteran leaders to international sales team
ThycoticCentrify has announced two new leaders to its international sales teams. >>
Story image
Phishing
COVID-19 vax most popular topic for phishing attacks in 2021
While phishing attacks remain a consistent threat to online security, attackers are switching up the topics they use to bait unsuspecting victims.>>
Story image
Managed Services
Deloitte calls on Exabeam as vendor for managed XDR
According to Exabeam president Ralph Pisani, the company’s cybersecurity and automation capabilities will assist with threat detection, investigation, and response.>>
Story image
SaaS
Axonius launches first SaaS risk management product
SaaS management tools typically cater to the business side or the security posture management side, but each side is still prone to visibility gaps and information siloes.>>
Story image
Open Source
The aftermath of Log4j - What can be done to protect businesses?
Last year's Apache Log4j vulnerability created a lot of chaos, so what can be done to protect companies from the security implications?>>
Link image
Accenture Interactive
A new range of working trends is approaching, is your business ready?>>
Link image
Cloud Services
Mainframe modernisation the key to business growth>>
Story image
Training
Phishing emails in Q421 focused on everyday tasks - research>>
Story image
Phishing
Omicron-led spike in COVID test-related phishing poses threat to businesses>>
Story image
Malware
More elusive and persistent - Kaspersky researchers uncover the third known firmware bootkit>>
Story image
Disaster Recovery
Disaster recovery: Are you prepared for the cloud to clear?>>
Story image
Cryptocurrency
Check Point Research reveals how hackers run token scams and 'Rug Pull' money - and how to avoid them>>
Story image
Open Source
The Linux Foundation makes record progress in addressing talent shortages >>
Story image
Axiomatics
emt and Axiomatics forge distribution partnership for Asia and A/NZ regions>>
Story image
Accenture
Bringing legacy mainframes into the modern IT environment>>
Story image
Cybersecurity
80% of organisations say infrastructure access is top strategic priority>>
Story image
Endpoint detection and response / EDR
Why network visibility must be the foundation of Zero Trust architecture>>
Story image
Inventory
Warning: Pay heed to Data Protection Day>>
Story image
Kong
Why AI’s breakthrough use case for enterprise is to aid API development>>
Story image
Data analytics
Australia’s DESE’s adopts Qlik data analytics in digital transformation>>
Story image
DevOps
Empowering security teams to be UX innovators>>
Story image
Cybersecurity
Experts weigh in on how to protect yourself against banking scammers>>
Story image
Cybersecurity
Insider threats costing organisations $15.4 million a year>>
More stories