DDoS attacks are growing in size and scope, so what can your business do to protect itself from the effects of these incidents and minimize any downtime they can cause?
One of the most common cyber security challenges for all businesses in the current environment is coping with distributed denial of service (DDoS) attacks. Since the Mirai attack gained major public attention in 2016 by knocking out services to many of the world's biggest websites, there has been increasing awareness of just how big a problem this can be.
Indeed, recent figures suggest the risk is only growing. DDoS attacks have doubled in the last six months and are up by 91 percent since the start of 2017. The typical business now has to fend off an average of eight attack attempts per day.
Why DDoS matters today
DDoS attacks work by spamming a server with huge numbers of requests that overload its capacity to meet them. The result of this is that legitimate traffic is unable to connect and the server is, for all intents and purposes, knocked offline. It's a fairly straightforward method of attack, and one that can be done without great technical knowledge - you can even buy DDoS as a service kits on the dark web that will do the work for you. But the impact can be devastating.
In the past, DDoS attacks may have been regarded as more of a nuisance than a serious threat to businesses, but this is no longer the case. This is in large part due to the huge proliferation of easily-hackable Internet of Things devices that make it easy to create a large botnet to flood targeted sites with traffic. As a result, attacks can be bigger and last longer than ever before, meaning even the largest businesses are at risk.
However, they still maintain their relative simplicity and can be very difficult to stop, which means businesses must have specific DDoS precautions in their security strategy. Here are a few key steps all businesses must take.
1. Think about your architecture
A resilient network architecture can help mitigate many of the risks of a DDoS attack. For instance, ensuring your key servers are effectively geographically spread across different data centers can go a long way to mitigating the impact. These data centers should also be located on different networks and have diverse paths. Ensuring there are no bottlenecks that can act as a single point of failure, such as only using a single connection to the outside internet, is also essential.
2. Make sure you can monitor your network
Early detection is one of the first lines of defense against a DDoS attack. The sooner you can spot an incoming attack, the better your chances are of shutting it down before it has an impact. This requires close monitoring of your servers and familiarizing yourself with what your typical traffic profile looks like.
This helps to spot any unusual activity that can be an early indicator of an attack. If you aren't able to tell the difference between the early stages of a DDoS incident and a legitimate spike in traffic, you won't be able to block it until it's too late.
3. Deploy the right hardware
Using the right hardware is another way of defending against DDoS attacks, especially the more common types. Tools such as network firewalls, web application firewalls, and load balancers can defend against issues such as layer 4 attacks and application-layer attacks.
If businesses are facing SYN flood attacks, most modern hardware tools should also have settings that allow you to close TCP connections once they reach a certain threshold. While they may not be able to completely block DDoS traffic, they can help mitigate the worst of the impact and ensure that your business is able to keep operating through them.
4. Be prepared for traffic spikes
One of the most effective ways of combating a DDoS attack is to ensure there are enough resources available to absorb the impact of the additional traffic. Being able to scale up the amount of bandwidth you have for your server means that you may be able to simply outpace the DDoS traffic and keep resources open for legitimate traffic.
However, as there is a continuing arms race between hackers and security professionals, and the size and scale of DDoS attacks continue to increase, this can only do so much to defend against the biggest attacks. It can be very effective against smaller-scale incidents, but you may still be overwhelmed by a larger, more determined attack.
5. Don't go it alone
Ultimately, many businesses may find they need expert help when it comes to protecting their operations against the threats posed by DDoS. Your ISP is often the best place to start, as they should be able to offer mitigation services that can help blunt the impact of a DDoS attack. Indeed, research by Corero found 85 percent of IT pros want their service provider to take more responsibility when it comes to defeating DDoS attacks.
There are also specialist DDoS mitigation providers you can turn to in order to help handle attacks. These companies can assist with activities such as rerouting traffic via a mitigation center so malicious connection attempts can be filtered out, setting up new IP addresses for your systems and maintaining separate email servers so you can maintain key functionality throughout an attack. These can be invaluable for smaller businesses that may not have the resources to defend against DDoS on their own.
Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals. To view more IT content, click here.