DDoS threats and defense: How certain assumptions can lead to an attack – Source: www.techrepublic.com

Jump to:

• Why ‘blackholing’ is no longer sufficient as a strategy
• Outsourcing DDoS protection poses dangerous risks
• Cybersecurity manual essential for a DDoS strategy

A website without high traffic or offering transaction-intensive online commerce does not need to prepare for DDoS attacks because it is not an attractive target.

Such thinking could not be more wrong yet many decision makers think that way.

Cyber criminals don’t care how popular a website is or what it provides for the user. Moreover, hackers are constantly finding new ways to launch even more complex and effective attacks that could have severe financial and reputational consequences for unprepared victims.

Currently, it is easy and inexpensive to launch medium to large-scale cyber attacks. Alternatively, you can book a DDoS attack on one of countless shady platforms, and then you don’t even have to deal with the technology yourself. Hosting companies or ISPs, in particular, face complicated challenges, as the target landscape can change at any time. Therefore, it is even more difficult to guarantee or predict security there. It is, therefore, even more important for these companies to intensively deal with protective measures and always strive for the best possible defense.

The days of not having to prepare for DDoS attacks are long gone. It doesn’t matter the company’s size, the industry, or how well-known the business may be.

No matter what, a company’s protective measures should always be kept up to date, and you should always question yourself about how well-prepared you are against a DDoS attack – or face severe consequences if you are caught unprepared.

Why ‘blackholing’ is no longer sufficient as a strategy

In the past, one strategy often used to thwart a DDoS attack was providing a “black hole” to the targeted IP address and thus separating that address from the rest of the IT infrastructure to prevent the damage from spreading. An IP address with a black hole was inaccessible until the black hole was removed. Many companies still use this type of defense today, but this defense strategy has limits.

When the CISO evaluates the company’s infrastructure, IT systems are given priority ratings. Thus, systems with low ratings are dispensable for a certain period, while systems with high priorities are almost impossible to replace.

At least, that’s the theory. In practice, the dependency on systems has increased massively with many application program interfaces, microservice architectures and other overlaps.

These dependencies and overlaps make systems once considered expendable no longer quite so irrelevant. The danger of a chain reaction is always present; therefore, the blackholing strategy no longer works as effectively as it did in the past.

Outsourcing DDoS protection poses dangerous risks

It is not uncommon for IT managers to outsource DDoS protection to cloud providers or the ISP. By handing over responsibility to an external partner, they aim to conserve their resources – a sensible idea that entails risks that should not be underestimated.

The DDoS defense of such partners is often only rudimentary and rarely meets modern standards. The possibilities range from blackholing to simple ACLs or rate limits. Such providers are frequently unprepared for protocol or application-level attacks and must watch helplessly as a bad actor wreaks havoc. Some isolated ISPs or cloud services now provide modern L3-L7 DDoS protection measures to their customers, but a direct response in the event of an attack occurs only in rare cases.

However, in situations where response time is critical, every second counts. Furthermore, cloud users frequently require additional services such as load balancers or cloud firewalls, which raises costs unnecessarily.

Outsourcing DDoS protection puts one’s actions out of one’s hands in the event of an attack and  can provide a deceptive sense of security. IT managers should have a thorough understanding of the capabilities of their chosen service provider, ensuring infrastructure protection measures provide effective intervention against attacks.

Cybersecurity manual essential for a DDoS strategy

When companies develop cybersecurity manuals, they should include a strategy for DDoS emergencies. In the event of an attack, the response should be obvious. Otherwise, the uptime and availability of your own services will be jeopardized. In the event of a DDoS attack, it is a good idea to have a multi-layered solution approach ready, including technical and organizational measures.

A cutting-edge firewall (next-generation firewall) provides some protection, but due to limited capacities, it is only useful for defending against broad attacks to a limited extent. Furthermore, they cannot defend cloud-based applications and are vulnerable to so-called state execution attacks.

Incorporating an artificial intelligence-based solution into the in-house protection strategy is an effective and proven approach. Such automated protection operates without human error and always keeps the database up to date.

A hybrid approach that combines DDoS protection with the cloud would be an alternative. This allows for real-time traffic filtering and inspection to ensure high DDoS protection. Thresholds are used here; if they are reached, the cloud solution filters out malicious traffic in real-time, allowing only legitimate traffic into the target.

To summarize, a hybrid solution is an appealing approach to maximizing your protection. It combines the best of both worlds and provides a higher level of protection than measures that operate only locally or in the cloud.

Every company should implement a comprehensive DDoS strategy. Only with such a strategy can the impact of attacks be reduced, and ensuring that systems remain operational and unaffected in the event of a targeted DDoS attack.

Read next: Cheat sheet: Distributed denial of service (DDoS) attacks (free PDF) (TechRepublic Premium)