sb-au logo
Story image

DDOS threats – is your business really protected?

29 Jun 2018
Sara Barker
Share:

Targeted cyber-attacks are now, more than ever, a critical concern for all businesses. Threats from ransomware to DDoS attacks, have been regularly making headlines. There is, without a doubt, a growing awareness of the sheer volume of these attacks and they are hitting businesses of all sizes.

Distributed Denial of Service (DDoS)

DDoS attacks aims to render a server, service or an infrastructure unavailable by overloading the server's bandwidth or monopolising its resources until the point of depletion.

During a DDoS attack, a multitude of requests are sent simultaneously from multiple points across the internet. The intensity of this "crossfire" renders the service unstable, or even worse, unavailable.

An unavoidable phenomenon

It is now easier than ever to launch a DDoS attack. You no longer need advanced technical skills to disrupt a service or make it unavailable. Attacks are increasingly frequent and intense but they are also increasingly sophisticated (and constantly evolving). They are designed to create major disruption that does not only impact the bottom-line, but affects reputation too.

A race against time

The race against time has no finishing line. As the internet’s size and capacity expands, the intensity of the attacks will continue to grow. And their sophistication will grow too.

On the one hand, it is important to consider the mechanisms behind the attacks to continuously improve mitigation tactics. On the other, be aware that attackers are trying to understand how protective mechanisms work to get around them or find a vulnerability to exploit it.

An evolving landscape

Greater reactivity will become standard for an increasing number of users. In the field of the Internet of Things (IoT), for example, detection should lead to an immediate reaction.

Indeed, IoT is quickly going to pose another challenge: how to correctly distinguish a DDoS attack from a massive influx of data from connected sensors, which are multiplying exponentially.

From the ground up

Today’s security teams need to think about implementing solutions before building a robust infrastructure. It is imperative to check protection solutions for automated detections and mitigation of the abnormal increase of inbound traffic (i.e. repetition of the same packets in order to destroy the service).

Specifically:

  • Hardware i.e. own appliance inside the entry of the network: it can be a feature included in a firewall or a dedicated device system such as Arbor equipment. The physical layer will provide better protection for inbound packets.
  • Content Delivery Network (CDN): ensure that your CDN is properly configured in order to protect infrastructure from the request (attack) reaching the service (website, game, telephony etc.)
  • Cloud Service Provider (CSP): does your CSP have an in-house solution which defines approved sources of content to maintain your own protection system for more affordable and stronger solutions

Risk mitigation

To ensure systems are adequately equipped to resist attacks it is imperative to understand DDoS mitigation technologies. Ask questions and do not rest until you have the answers.

What mechanisms do you have in place to protect your infrastructure, is your cloud provider doing their job? Do you have adequate protective measures in place to mitigate the impact of attacks? Is your DDoS protection capable of resisting not only the attacks of today but the attacks of tomorrow?

It is not a question of whether you need anti-DDoS protection, but when you will suffer your first DDoS attack.

Article by OVH lead network engineer APAC, Florian Valette.

Related stories:
Network intelligence is stopping a wave of DDoS misdiagnosis
DDoS attacks surge 542% amidst COVID-19 pandemic - report
emt calls for resellers looking for cloud security solution
Trend Micro partners with AWS to launch Australian-first automated open banking solution
Vulnerability discovered in DNS recursive resolvers that can be abused to launch DDoS attacks against any victim
Digital heists: Attacks on financial institutions rise 238% in 3 months
Dig deeper:
Story image
AWS launches fully-managed fraud detection service
Businesses lose billions of dollars to online fraud every year, however businesses respond by investing in cumbersome fraud management solutions that often rely on hand-coded rules and are difficult to keep up to date.More
Story image
7 VPN services leaked data of 20 million users - report
"The report calls into question the providers’ security practices and dismisses their claims of being no-log VPN services."More
Story image
Why answering the question of orchestration vs automation will improve your security effectiveness
Organisations are looking to improve their security operations effectiveness, efficiency, and staff satisfaction, with security, orchestration, automation and response (SOAR) fast becoming a trending approach. More
Link image
What's next for the way we work - and how do we navigate it?
Industry experts discuss the best ways to tackle the challenge of achieving safe, secure and productive work in 2020 - whether at home or in the office.More
Download image
Strengthen the weakest link in your security chain
Globalisation. Remote working. High-turnover workforces. These factors and more add up to make increasingly dynamic workforces - and without proper management, your business could fall behind.More
Story image
Addressing the knowledge gap in the Australian security industry
Nowadays, access control can be combined with video and alarm systems, which can, in turn, link up with licence plate recognition, audio and facial solutions.More
Story image
AWS launches fully-managed fraud detection service
Businesses lose billions of dollars to online fraud every year, however businesses respond by investing in cumbersome fraud management solutions that often rely on hand-coded rules and are difficult to keep up to date.More
Story image
7 VPN services leaked data of 20 million users - report
"The report calls into question the providers’ security practices and dismisses their claims of being no-log VPN services."More
Story image
Why answering the question of orchestration vs automation will improve your security effectiveness
Organisations are looking to improve their security operations effectiveness, efficiency, and staff satisfaction, with security, orchestration, automation and response (SOAR) fast becoming a trending approach. More
Link image
What's next for the way we work - and how do we navigate it?
Industry experts discuss the best ways to tackle the challenge of achieving safe, secure and productive work in 2020 - whether at home or in the office.More
Download image
Strengthen the weakest link in your security chain
Globalisation. Remote working. High-turnover workforces. These factors and more add up to make increasingly dynamic workforces - and without proper management, your business could fall behind.More
Story image
Addressing the knowledge gap in the Australian security industry
Nowadays, access control can be combined with video and alarm systems, which can, in turn, link up with licence plate recognition, audio and facial solutions.More
Story image
BT launches first in series of managed security services for Microsoft cloud
“BT’s collaboration with Microsoft is expanding further to recognise the combined strength of our security offerings and deliver industry leading solutions for our customers.”More
Link image
The dos and don'ts of protecting a remote workforce
This exclusive monthly webcast series explores all of the possible security pitfalls of working remotely, and the best solutions to use to avoid falling victim to them.More
Download image
Is your head in the sand? Only 60% of firms believe an email could trigger a cyber attack
Where would the world be without the humble email? It's an important tool - and a weapon.More
Story image
WatchGuard releases two new enterprise-grade APs
The AP225W for multi-dwelling unit deployment and the AP327X for harsh outdoor environments.More
Story image
WhiteHawk lands 'milestone' $5.9 million cybersecurity contract
The annual Software as a Service (SaaS) contract is a milestone contract with a Tier 1 client – a key US federal government department. More
Story image
RedShield develops 'virtual shield' to protect against SAP RECON vulnerability
The vulnerability (CVE-2020-6287) could allow attackers to take over SAP systems by remotely accessing the server. More
Story image
80% of security breaches involve exposure of customer data - IBM
The new report from IBM indicates that 80% of surveyed organisations reported having exposed customers’ personally identifiable information (PII) as a result of a breach.More
Link image
How to prioritise metrics as an e-commerce CTO
E-commerce technology leaders need to track, analyze, and act on large volumes of business and system performance data. Danny Miles, the CTO of Dollar Shave Club, shares a powerful framework for thinking about and prioritizing e-commerce metricsMore
Download image
Fluid organisations require flexible security
Choice, appropriate risk analysis, and ease of use for everyone top benefits of strong authentication.More
Story image
42% more plaintext HTTP servers than HTTPS counterparts - report
Rapid7 has released a report detailing the changing internet risk landscapes of 2020, and other issues facing cybersecurity teams.More
Story image
DDoS attacks surge 542% amidst COVID-19 pandemic - report
Generally considered the “off season” for DDoS attacks, researchers attribute the surge in incidents to malicious efforts during the COVID-19 pandemic.More
Download image
451 Research: The new shape of the enterprise network
In this new world, distance has become the silent digital business killer. Latency looms large, especially for high-performance edge applications, IoT and 5G use cases. More
Story image
One Identity & Ping Identity join forces on identity management
The partnership brings together Ping Identity's access management technology with One Identity’s identity governance and administration (IGA) technology.More
Story image
Network intelligence is stopping a wave of DDoS misdiagnosis
Security teams already know the value of a layered defence; it’s time to add more layers, writes ThousandEyes principal solutions analyst Mike Hicks.More
Story image
CrowdStrike announces two executive hires, with aim to expand in A/NZ
The endpoint protection company says both executives will be responsible for boosting customer experience (CX) while delivering success mutually with CrowdStrike’s partner team as part of their new roles.More
Story image
Google unveils security overhaul across G Suite products
Google has announced 11 new security features across G Suite, to provide stronger security in Gmail, Meet, and Chat.More
Story image
Attivo named by Gartner as Sample Vendor for deception platforms
The company was named as an example of platforms that create false artifacts to aid threat detection in Gartner’s 2020 Security Ops Hype Cycle report.More
Download image
Your VPN deserves more than a username and password
Are the people logging into your networks who they say they are?More
Story image
Security teams face mounting stress, call for execs to step in
“With more organisations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern. This is a call to action for executives to prioritise alleviating the stress."More
Link image
Lessons from the new world: The reality of remote work in A/NZ
Dive into the compelling lessons of remote work and how businesses can adapt and embrace new models of working.More
Story image
iseek extends data centre investment in Queensland
iseek, the Australian owned cloud, data centre and connectivity provider, has announced the next stage of its Queensland regional investment strategy.More
Adobe, IBM and Red Hat partner up to accelerate DX and real-time data security
"As companies undergo their digital transformations and move core workloads to the cloud, the entire C-suite is facing a re-framing of their roles to meet customer demands – all while keeping security front and centre."More
Microsoft business applications support safer workspaces
A pre-built Power Platform solution includes location readiness for safe office reopening, employee health and safety management, workplace care management, and location management. More
Using risk mitigation to protect your business from cybersecurity threats
Embracing digitisation comes with the promise of better service delivery, more in-depth data analytics, and efficient data handling practices. Sadly though, it also comes with the risk of cybersecurity threats. More
Video: 10 Minute IT JamsAttivo Networks on threat detection using deception
Attivo Networks is a US-based technology vendor in the cybersecurity space. The company focuses on threat detection and deception.More
Three key driving techniques that apply to the network
Gigamon's CEO on his best practice tips for leveraging network and application data in order to get the visibility levels needed for an organisation's DX journey.More
Data breaches costing companies millions - could incident response help?
On average, data breaches cost companies $3.86 million per breach, with compromised employee accounts the most expensive root cause.More
Attivo Networks integrates with FireEye for advanced threat protection
The combined solution is designed to reduce time and resources required to detect and block attacks, while also collecting forensics to help organisations avoid future attacks. More
Juniper Networks inspires overarching approach to connected security
While Juniper is most well-known for its hardware products such as firewalls, routers, switches, and WiFi access points, these are all security products too. More
Juniper named a Champion in Canalys Leadership Matrix
Champions receive generally positive partner feedback, have a large share of shipments, maintain growth and show improvement in channel management.More
Trend Micro launches cloud solution for Microsoft Azure
“The security of the cloud is a cloud providers’ responsibility, but security in the cloud falls to the customer, which is where we fit."More
Driving cloud cost efficiency with performance monitoring
Cloud infrastructure sprawl sneaks up on organisations through a series of individual decisions that in aggregate become inefficient. Thomas Dittmer shares how performance monitoring helped TravelSupermarket reduce cloud costs by 50%More
Interview: Acronis co-founder on going all-in for DLP
Data-loss prevention (DLP) strategies are a cornerstone of wider cybersecurity ecosystems, especially to counter the risks of remote working. Acronis co-founder Stas Protassov explains its significance and why it acquired a DLP powerhouse.More
Why data resilience should be a top priority in 2020
Data is the most important asset for a business. But if it's not stored securely, or if it's not instantly available, its value can plummet.More
True SASE. True zero trust. True cloud.
Secure Access Service Edge (SASE) is the new way of unifying security. Use the combined power of threat protection and data loss prevention to protect data, users, and systems safe when people are now working from almost anywhere.More
Take security awareness training to the next level
Decision makers say leaders are normalising security, but employees say they're wrong.More
Remote workforces drive new risk management strategies
remote and onsite workers have access to multiple collaboration tools, leading to fresh risk management strategies in the post COVID world.More
Nine developer enablement practices to achieve DevOps at enterprise scale
Senior software engineering leader with experience at multiple Fortune 500 companies shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Rapid response: The best way to detect and respond to traffic anomalies
Metadata is a must-have security practice that allows analysts to parse through more devices, more communications and more data in less time.More
More stories