DDOS threats – is your business really protected?

Targeted cyber-attacks are now, more than ever, a critical concern for all businesses. Threats from ransomware to DDoS attacks, have been regularly making headlines. There is, without a doubt, a growing awareness of the sheer volume of these attacks and they are hitting businesses of all sizes.

Distributed Denial of Service (DDoS)

DDoS attacks aims to render a server, service or an infrastructure unavailable by overloading the server's bandwidth or monopolising its resources until the point of depletion.

During a DDoS attack, a multitude of requests are sent simultaneously from multiple points across the internet. The intensity of this "crossfire" renders the service unstable, or even worse, unavailable.

An unavoidable phenomenon

It is now easier than ever to launch a DDoS attack. You no longer need advanced technical skills to disrupt a service or make it unavailable. Attacks are increasingly frequent and intense but they are also increasingly sophisticated (and constantly evolving). They are designed to create major disruption that does not only impact the bottom-line, but affects reputation too.

A race against time

The race against time has no finishing line. As the internet’s size and capacity expands, the intensity of the attacks will continue to grow. And their sophistication will grow too.

On the one hand, it is important to consider the mechanisms behind the attacks to continuously improve mitigation tactics. On the other, be aware that attackers are trying to understand how protective mechanisms work to get around them or find a vulnerability to exploit it.

An evolving landscape

Greater reactivity will become standard for an increasing number of users. In the field of the Internet of Things (IoT), for example, detection should lead to an immediate reaction.

Indeed, IoT is quickly going to pose another challenge: how to correctly distinguish a DDoS attack from a massive influx of data from connected sensors, which are multiplying exponentially.

From the ground up

Today’s security teams need to think about implementing solutions before building a robust infrastructure. It is imperative to check protection solutions for automated detections and mitigation of the abnormal increase of inbound traffic (i.e. repetition of the same packets in order to destroy the service).

Specifically:

• Hardware i.e. own appliance inside the entry of the network: it can be a feature included in a firewall or a dedicated device system such as Arbor equipment. The physical layer will provide better protection for inbound packets.
• Content Delivery Network (CDN): ensure that your CDN is properly configured in order to protect infrastructure from the request (attack) reaching the service (website, game, telephony etc.)
• Cloud Service Provider (CSP): does your CSP have an in-house solution which defines approved sources of content to maintain your own protection system for more affordable and stronger solutions

Risk mitigation

To ensure systems are adequately equipped to resist attacks it is imperative to understand DDoS mitigation technologies. Ask questions and do not rest until you have the answers.

What mechanisms do you have in place to protect your infrastructure, is your cloud provider doing their job? Do you have adequate protective measures in place to mitigate the impact of attacks? Is your DDoS protection capable of resisting not only the attacks of today but the attacks of tomorrow?

It is not a question of whether you need anti-DDoS protection, but when you will suffer your first DDoS attack.

Article by OVH lead network engineer APAC, Florian Valette.