sb-au logo
Story image

Interview: Radware discusses DDoS amid soaring internet usage

21 Apr 2020

Radware is a cybersecurity firm that specialises in application delivery solutions for physical, cloud, software defined data centre. The company also serves as a managed service provider, delivering SaaS solutions for DDoS, malware, and cloud workload protection.

With the COVID-19 pandemic creating new opportunities for businesses to leverage cloud, there are plenty of opportunities for cybercriminals to create havoc against cloud providers, data center providers, and enterprises.

With such a mass upheaval, threat actors are very adaptive to the situation at hand, knowing exactly how to impact continuity, gain data, or exploit financial motives.

To find out what’s going on, we spoke to Radware’s VP of technologies for Asia Pacific and Japan, Yaniv Hoffman.

“We see a significant increase in average DDoS attack sizes, mainly due to the proliferation of IoT devices. Botnets are compromising thousands of nodes and generating massive DDoS attacks at terabits per second.”

“In the 5G era, any IoT devices can be infected, control, and become part of the DDoS army”

There are other concerns too, such as the COVID-19 pandemic, Hoffman adds.

“With the lockdown, the internet has become the world’s connection to the outside world. That has led to dramatic spikes in web traffic. Some service providers have publicly shared statistics that show a 30-60% increase in traffic, caused by a record number of people accessing online systems as businesses move online, and consumers engage with the internet.”

On top of that, VPN access and remote working mean that the attack surface us now much larger.

“Home offices are remotely connecting to the enterprise through VPN or remote desktop. A DDoS attack targeting an organisation could bring the whole business to a grinding halt.”

VPNs and remote desktop solutions are dependent on cloud infrastructure, sharing bandwidth alongside streaming services, gaming, collaboration.

Hoffman adds that SSL protection is important, particularly as at least half of the internet traffic is flowing through the likes of Google, Netflix, YouTube, and WhatsApp.

Providers need to increase their capacity to serve more customers, and protect their own services as well.

That is relevant for organisations everywhere in the world – including Australia. And it’s important to distinguish from a genuine DDoS attack, and when a site is overloaded.

“Problems with the MyGov website in Australia were initially attributed to a DDoS attack, but less than two hours later it was revealed that the site was simply overloaded.”

“COVID-19 echoes a need for real-time information, so this triggers an increase in traffic as people look for information. This could be misinterpreted as a DDoS attack, which is important to note. Genuine solutions should be able to identify what is genuine traffic and what is malicious, and do it without false positives.”

“A solution should be able to challenge information in real time and form a closed feedback loop to identify if it’s bad, or good. If it’s bad, it should automatically create the right mitigation policy and signature in order to block it.”

It must be automated, because attacks change and become more complex by the day.

“Attackers can change one part of their process and suddenly there’s a new threat. Automation is a crucial part of the security lifecycle.”

He says that organisations – no matter whether they are service providers or enterprises, must have an incident response plan that prepares them to respond to incidents.

“If you can understand the threat, you can be better prepared, and you can better respond.”

Story image
Fast track your digital transformation with dynamic security services from Fortinet
Jon McGettigan, Fortinet A/NZ Regional Director, explains how enterprises can speed up their network service delivery programmes by embracing Fortinet’s dynamic security services.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Ping named identity solution Leader by ISG
Recognised for Identity & Access Management in the 2020 Provider Lens Cyber Security – Solutions & Services Quadrant Report Australia.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More