Improving the Results of Typical DDoS Defenses
The #1 impression from Neustar’s 2017 Worldwide DDoS Attacks and Cyber Insights Research Report is that attackers are globally having tremendous success hitting business websites and infrastructure.
The data shows DDoS attacks are increasing in frequency, are growing in size, and are becoming more complex than ever. As a result, attacks are triggering more chaos and the financial fallout is coming straight off the bottom line.
Nearly all (99%) organizations that participated in this research have one or more layers in place to specifically combat DDoS. Yet despite the heightened awareness, identification and reaction is taking more time, and revenue risk and damages incurred are climbing.
It’s good that 90% of all respondents report plans to invest more to address the fallout. Clearly, their intent signals awareness that the solutions organizations are using may not be enough. For at this moment, attackers may have the upper hand and companies around the world are pushing back.
The following chart shows the types of DDoS defenses used by organizations during the past year compared to the year before.
With 84% of respondents reporting at least one DDoS attack last year, and 86% of those experiencing multiple attacks, it’s clear the typical defenses are not working.
Some of the pitfalls are obvious. Traditional firewalls, for instance, are easily sidestepped by DDoS attackers through a variety of technical means discussed in our report (see pp. 34-50).
An on-premises appliance sounds easy and convenient, but without large cloud-scale capability to failover bad traffic, these devices – and thus defenses – can be quickly saturated by massive attacks that may last hours and even days.
Relying on a content delivery network sounds, at first, like a convenient way to deflect the deluge of data in a DDoS attack – but since a CDN’s primary purpose is to deliver legitimate content, its capacity is never dedicated to shouldering your attack’s data load at the moment of urgent need.
You’re also taking a risk by relying on giant cloud providers to prevent a DDoS attack. You may assume the cloud’s ability to scale will swell with the load of attack data, but load balancers are often unable to react quickly to DDoS and become overwhelmed. Providers are happy to sell you more cloud instances to diffuse DDoS but the cost is prohibitive – especially when an attack might last hours or even days.
Neustar’s approach is different. We encourage a multilayer hybrid approach, which couples an on-premises appliance with our dedicated global cloud-based infrastructure to ensure that you always have the capability to automatically redirect a DDoS attack. Neustar’s approach guarantees availability of your website – no matter how big, how frequent or how complex the attack.
If you haven’t had a chance to study our report, download it here and take a close look at the data. Then contact Neustar for more information and we’ll help create a DDoS mitigation solution tailored to meet the exact requirements of your website. Thanks for reading!