DDoS Defense Video: Real DDoS Attack Results


What worries IT pros the most about DDoS attacks? Neustar surveyed 1,000 of your peers to get detailed answers. See what they have to say about the defenses they use (and don’t), how much they’ve lost in attacks and the lasting impact on customer service and brand reputation.


Video Transcript

Jenny Zano:

Good morning, good afternoon or good evening depending on where you are in the world. Welcome to today's webcast, Distributed Denial of Service Service Results, Learning from the IT Pros on What's at Stake when DDoS Attacks Hit. It's brought to you by Information Week and Neustar and broadcast by United Business Media, Limited. I'm Jenny Zano be your moderator today. We have just a few announcements before we begin.

This webcast contains audience polling. Polling question will appear in the slide's presentation window. Please complete the poll when it appears and click on the submit answer button that's located on the polling slide window. Thanks in advance for your participation.

You can participate in the Q&A session by asking questions at any time during this webcast. Just type your question into the ask a question text area below the video window and click the submit button. At this time, we recommend that you disable your pop-up blockers.

The slides will advance automatically throughout the event.

You may also download a copy of the slides by clicking on the download slide button located below the presentation window.

Finally, if you're experiencing any technical problems, please visit our tech webcast help guide by clicking on the help link below the media player. In addition, you can contact our technical support help line, which is also located in the webcast help guide.

Now on to the presentation – Learning from the IT Pros on What's at Stake When a DDoS Attack Hits. Discussing today's topic is Susan Warner, who is marking manager for DDOS and DNS products at Neustar. We also have with Miguel Ramos who is an expert in distributed denial of service attacks and product manager at Neustar. He's a published expert focused on DDOS attack mitigation and security technology for Neustar. He has ten years of experience with internet hosted services and IT security in both product and engineering roles.

And he currently leads the DDOS product management team for Neustar. So we'll begin the presentation right now and hand it over to you both.

Susan Warner:

Thank you, Jennifer, and thank you everyone for joining us today as we discuss real DDoS attacks and results. So Neustar enjoys a unique position in that we have a bird's eye view into DDOS attacks across our global DNS and mitigation networks. For more than ten years, our dedicated network operations center and security operations center has seen DDOS attacks in action. They see the size, the duration, the type of attacks happening across the network. And it gives us a unique perspective into the global DDOS threat landscape.

What we see often aligns with industry reports around the frequency, size and sophistication of attacks. But across the industry we're seeing more than 7,000 attacks daily.

With the size of the attack varying. But what we're seeing is that most are over ten gigabits per second, which is enough to clog many pipes today.

Even more worrying is how easy it is to initiate an attack. With free tools on the internet and social media to help coordinate the attacks, what's to stop a disgruntled employee or a dissatisfied customer from organizing an attack? And if that angry person is lazy or technically challenged, they can just hire an enterprising hacker to just go and do the job for them.

The attacks themselves are increasingly more complex. The types of attacks have gotten more sophisticated. And attackers are combining multiple types of attacks and aiming for both the DNS and HTTP layers for example. Successfully mitigating these types of sophisticated attacks is requiring deeper and deeper experience.

During a DDOS attack the entire enterprise is at risk.

Besides crippling sales and productivity, attacks also fuel doubts about the company's stability and customer confidence will suffer. And that damage to brand equity can be long lasting and hard to calculate. While the obvious harm is immediate, like site outages and lost revenues, companies also suffer irreversible effects like lost customers, negative PR and tarnished reputations.

Right now it's back to school season. Do you remember when you were a kid and your mom would drag you from store to store to store just trying to get all of your shopping done and everything that you need? Today it's mostly done online. Yankee Group estimates that an average midsize enterprise could lose over $150,000.00 from a single attack. And for a large e-commerce company, they would lose much more. It could be in the millions. So imagine if one of those back to school e-commerce sites were taken down by an attack today.

So what's really happening in the market? In February of this year we wanted to take a look outside and gather some information from the market. We surveyed IT professionals across North America to better understand what was happening with them, to better understand their DDOS experiences. In all, we had 1,000 people from 26 different industries with the titles of network service managers, senior systems engineers, system admins, directors of IT. And they shared their responses about attacks, defenses, ongoing concerns, risks and financial losses. So today we're gonna touch on the highlights of the survey results, but we do encourage you to download the full survey that's available on Neustar.biz.

The real DDOS numbers. The survey shed light on five key questions. Who's been attacked? How much are these DDOS outages costing them? What's the single greatest fear about DDOS attacks?

How long have the attacks lasted? And what type of DDOS protection are people using?

Any business that uses the web for customer service, direct sales or brand awareness is vulnerable. We find that ruthless competitors, angry customers or social, political protestors can easily take down a website that lacks adequate protection. In the survey, more than 300 businesses across multiple industries reported having been hit by a DDOS attack. The industries where customer service was largely web based, such as financial services, reported being victimized more often. And interestingly, nearly half of all responding telecom companies have been hit.

When you download the survey you'll see in other industries the detailed survey results could be deceiving. So while over 80 percent of participating retailers reported having no attacks, the large popular e-commerce sites with millions of dollars at stake have long been targets.

Especially during high business times like the winter holiday season. And as the next set of responses is going to show, online retailers have sometimes paid a very steep price.

But before we move on to that, we wanted to do our first polling question. So if you could take a moment to just answer this. Has your organization or have you personally experienced a DDOS attack?

Jenny Zano:

If everyone will take a couple of minutes, we'll get the results up pretty quickly. I think we're probably ready to show those results now. So send them out there to everybody.

Susan Warner:

Great. So it looks like – oops. Okay, great. So it looks like we've got about 25 percent of you saying that yes, you have, your organization or you have personally experienced a DDOS attack. Which is pretty much in line with what we've been seeing. Now as we move on I'm gonna had this over to Miguel now.

Miguel Ramos:

Hey, everybody. Let's look at the impact of attacks on revenue to organizations. When we surveyed organizations, we saw that more than half of all companies report that the DDOS outage would cost them dearly. Companies with costs of 50,000 an hour would feel a daily impact of 1.2 million. The key takeaway here really is that downtime can have a significant impact on revenue. And we see that in the survey results.

If you break it down by industry, it's quite interesting. In the finance sector we're looking at over 80 percent of respondents that place losses at over 10K an hour. So we'll give you an example. A trading company with a trading platform and traders not being able to place trades, therefore, causing a loss of revenue.

On the retail side, almost 70 percent say outages cost over $100,000.00. This makes sense. If you sell online and you derive a lot of revenue from your website, the impact is obviously disastrous potentially. In excess potentially of 2 million dollars a day. So the impacts to revenue are quite significant.

Interestingly though, the impact to revenue is not necessarily the primary concern that organizations have when it comes to DDOS attacks. Customer experience impact and negative impact are actually the top concerns, not revenue loss. That's actually really interesting. The companies seem to be taking a longer term view on the potential negative impact.

Give you an example.

These days social media plays a huge role, Twitter, blogs, etcetera. Consumers are using these to research organizations. And the fall out from a DDOS can potentially be permanent. There's a permanent record out there of people discussing your company. And there's typically permanent records of DDOS attacks. And easily available for consumers to look at and find. So the long term negative impact can be significant. We also understand that customer experience and the impact the customer experience does also drive negative brand impact. So it's very interesting that companies are taking a longer view and seeing that revenue is not actually the – or short term revenue loss is not actually the most important issue.

We'll kind of walk you through an example of what we're talking about here. In this case, Neustar neutralized and helped a customer mitigate a DDOS attack.

This particular customer was associated with a conservative political party. They were suspended from their service provider. Essentially they were black holed, taken off the internet because they were under a DDOS attack. Their provider actually told them they would not turn them on unless they engaged the services of a DDOS mitigation provider. They'd been down for a week and they decided to search for a provider. They were back up within two hours with the Neustar service.

They saw additional attacks, but they were successfully mitigated. And once – those attacks kind of happened early on. And once the attackers saw that they weren't having the impact that they desired, they gave up. This issue had a specific – a very big impact for the organization in question.

They were down for a week. And that obviously generates negative brand damage. And interestingly enough, the CEO actually fired the entire web services team over their lack of contingency planning and their lack of effective response. So the consequences can be disastrous. And it's very important to be prepared.

When you break down the worries by industry and people's concerns, you do see that largely the trend is still around negative brand impact and customer experience as the top drivers of concerns. Job loss is actually an issue for the IT organizations and that makes sense because it's typically IT people that have to defend against these attacks and their jobs are typically on the line.

But the overarching theme across most industries is the same. That negative impact and long term – negative impact and customer experience are important and the long term view is sort of held by most of these organizations.

So how long do these attacks last? Our survey results showed that the organizations that we polled said that over 35 percent of them experienced attacks that lasted longer than 24 hours. And 11 percent of them experienced attacks that lasted longer than week. This is most likely due to the fact that they did not have the proper defenses in place. Most attacks are neutralized quickly if the right defenses are in place. And once attackers, as I said earlier, once attackers see they aren't having an impact, they give up. So potentially if you don't have the right defenses in place, the attacks are gonna last a lot longer.

Jenny Zano:

Well, we have a poll coming up next. We're going to ask the audience if you could just let us know whether you are confident that your organization could successfully withstand or mitigate a DDOS attack. So if everyone could just take a couple of seconds here to respond yes or no that would be a real help. All right. And I think we are going to send out these results. I think we have some interesting findings here that you might want to comment about. Miguel.

Miguel Ramos:

Interesting. We see that close to 60 percent of the people surveyed have said that they are not confident that they're able to withstand a DDOS attack. And this is a common thing that we're seeing across the industry. Most people are just not prepared. They don't know enough about how to do it or what their options are.

And we'll talk about that shortly as well.

This kind of dovetails into the next question that we ask people around types of DDOS protection that people are using. That organizations are using to fight DDOS attacks. The large majority of people that responded are actually using firewalls, routers or switches. A significant amount of people, a quarter of the people that we spoke with or that responded to our survey are actually not using any DDOS detection – they don't have a DDOS protection at all. And a lot of people are using intrusion detection systems.

DDOS mitigation hardware, which is specialized hardware to fight DDOS attacks, was only used by about 3 percent of the people that responded to our survey. And miscellaneous other ones were 5 percent. It's really interesting. I mean it dovetails very much with the survey results that we just saw. Most people are not prepared or they're using the wrong tools to fight the DDOS problem.

Unfortunately, when you use firewalls and routers and switches, you know these tools are not optimal for solving attacks. They cannot really guard against sophisticated attacks that look like valid traffic. And typically routers are used to black hole certain areas. So you use them to lob off traffic and just drop traffic from specific regions, for example, and that blocks a lot of good traffic. So the right strategies are not in place. And most organizations are either they don't have the right strategy in place or they don't have a strategy at all.

What options are out there? What options do people have for DDOS mitigation? There are about – there are four different options that are available to organizations that are looking to solve this problem.

The first is typically to get a service from your internet service provider. There are some advantages to this. It doesn't require additional staff. It doesn't require additional hardware, expenditures and it's an easy add-on service. There are issues with this particular approach though. Typically these ISPs are not the best at solving layer seven or really advanced DDOS attacks. An organization might have connectivity from multiple different providers and you may be required to buy a service from multiple providers. And typically these providers, I mean if attacks would end up reaching the edge of their networks these providers, even if you have a service from them, if you start to threaten the rest of their infrastructure of the rest of their customers, the will shut you off.

Another option is to kind of do it yourself.

To buy your own hardware and manage it yourself. The hardware that is available is very feature rich. It offers real time views of attack traffic. It usually offers detection functionality as well. But it's very expensive. It's very expensive. It requires very specialized staff to operate. And it still requires a lot of bandwidth. You have to have a lot of bandwidth to mitigate even the largest attacks. So doing it yourself is a very expensive proposition.

A CDN service is sometimes used to mitigate attacks. The issue with that is that they don't typically mitigate layer seven attacks properly. It is easy for a knowledgeable attacker to pierce through the CDN and reach the origin servers and negate the defense capabilities of the CDN completely. Beyond that, you might get a big bill at the end of the month for the overages associated with the CDN.

Cloud based mitigation is another option. It obviously doesn't really require additional capital expenditures and equipment. It doesn't require additional bandwidth. It doesn't require additional staff. And it really leverages the expertise of providers who are specialized in doing this. It keeps traffic away from your infrastructure and its carrier agnostic. So that's another option that people are using to mitigate attacks and an option that makes a lot of sense for most organizations. DDOS attack mitigation is not something most organizations need to focus on. And outsourcing that is a very intriguing and interesting proposition.

Jenny Zano:

Great. We've got another poll question coming up for everyone. Now that you've had an opportunity to – hold on. Trying to get the poll question out here.

Now that you have had an opportunity to hear some of the options that are available to you, can you please go back and answer the same question that you answered a couple minutes ago. Are confident that your organization could successfully withstand or mitigate a DDOS attack? So if you could just take a minute and revisit that question in light of some of the information you've just received, that would be great. Okay. And here are our latest results, Miguel, for you to speak to.

Susan Warner:

Hi, it's Susan back. So this is interesting. So we're looking at – yes, you're hearing – so after hearing everything that Miguel had to say about the types of protection, we're looking at an increased confidence, which is interesting. So I'm glad that some of you out there are feeling better about your selection.

Next up I'd like to tell you a little bit about another real customer that went through some trial and error. This is a smallish company doing 95 percent of its business online. It's a small supply company. They received a threatening email signed from Captain Jack Sparrow stating that something may happen to their website if they did not contact him for protection. They received a number of these types of emails and the final email that they received was, no more communications, you made your choice. So they braced themselves and they waited. They went through the threat assessment and they decided that they weren't going to try to bargain with this person.

The attacks started shortly after the last email. And the team tried to manage the attacks internally and with their ISP, but they were quickly overwhelmed. The attack was a DNS DDOS attack. So they quickly Googled a solution and went with it.

The chosen vendor could not handle the attack as the size of the attack continued to increase over time. So they sought another solution. Within weeks of testing that second solution, they realized that the vendor did not have the experience or the expertise to help them with the kind of an issue that they were dealing with. The attacks had again escalated in frequency, size and they began targeting both the DNS and the HTTP layer. Finally, when they contacted Neustar they were able to successfully mitigate the effects of the attack. The attacks stopped shortly after they utilized Neustar's UltraDNS and SiteProtect network.

The attacks and the trial and error with the different mitigation solutions went on for several weeks. Sorry. Several months. And the attacks intermittently took their website offline.

Luckily and oddly enough, the attacks were focused around the weekend but did run into prime time business hours on Mondays and Fridays. So they did suffer from revenue losses. They felt like with that experience, the trial and error of going through multiple solutions and looking for a solution that really would help them and the learning curve of trying to figure out what to use while under attack was really the biggest problem that they had.

So overall, the survey results that we went through, the survey responses, they did paint a picture of uncertainty and risk. Over 20 percent said website outages cost them more than $50,000.00 an hour. Nearly 70 percent of retailers reported that website outages caused revenue losses of 100,000 an hour and sum totaling millions per day.

Thirty-five percent said that their attacks lasted more than a day. With over the 300 respondents had experienced an attack, a few of them reacted by implementing a specialized protection solution. Again, we encourage you to download the full report, which is entitled DDOS Survey Q1 2012, When Businesses Go Dark. It's on our website, Neustar.biz. And that'll detail the findings that you'll find from the survey. And we hope that after hearing these results you'll take the steps to look at your level of protection, calculate the short term, long term and personal impact of a successful DDOS attack and consider your options for a purpose built DDOS solution.

Now before we get into the – before we wrap up and move into the Q&A portion, I wanted to just give a short introduction to Neustar in case you're not familiar with us. Neustar is a trusted technology and information services company serving the telecommunications, internet, marketing and media industries.

We've been around for more than 12 years and we're listed as one of Forbes top 25 fastest growing companies in America. Every number is what defines us. Our technology enables people to take telephone numbers with them when they're changing providers, ensures that text messages reach the right person, directs people instantly and correctly to the websites they wish to visit and ensures they get through. Most importantly, we provide our customers with information so that they can better serve their customer. And as you can see from the numbers, whether calling, texting or surfing the web, Neustar helps people make billions of connections each day.

Jenny Zano:

Thank you, yes. I just wanted to let everyone know that we are gonna be starting with our Q&A in just a sec. But it would be great if our audience could take a few seconds to fill out the feedback form that's opened on their computer.

To complete the form just please press the submit answer button at the bottom of the page. And I'd like to thank everyone in advance for filling that out because your participation in this survey does allow us to better serve you. So thank you very much.

And now we will be moving on to the Q&A portion of our event. As a reminder, to participate in the Q&A, all you have to do is type your question into the text box that is located below the media player. And then click the submit button. We'll be submitting the answers on this end. So why don't we get started with that? I have a question here. And I'm not sure, Susan or Miguel, which of you might like to take this, but let me just put it out there to you. We have a question from someone who wants to know how successful law enforcement has been in tracking down blackmail protection attacks and how that compares with attacks that just attempt to cause damage? I don't know if the survey had any sort of insight into that at all.

Miguel Ramos:

Actually, I can answer that and I can tell you that from our experience, it's actually we work with law enforcement significantly on attacks that are typically politically motivated, as well as the extortion attacks. We share all the data that we have. These days, it's actually very difficult to detect and determine who is responsible for attacks. A lot of the times these attackers are quite clever and are utilizing bot nets and are quite good at hiding their tracks. So even if we have a – we pass all the information that we have a long and we work with authorities to determine or to help determine who the culprits are. But most of the time it's not possible to do that. Which is actually a key reason to ensure that organizations have a strategy in place to deal with attacks.

Because it's – they're going to happen. And it's very difficult to discourage people from doing and launching them. And they are not easily tracked.

Jenny Zano:

So it's a threat that's out there and can't be avoided. Great. All right. Well, actually here's an interesting follow up question. There are – you always do hear about the big attacks on the big companies. But smaller companies are really at risk as well. This is not just a big company problem, correct?

Miguel Ramos:

Oh, absolutely. It's really interesting actually when we look at our customers, we really see that this problem affects organizations small to large. I mean we have all sorts of small companies that are dealing with these issues. I'll give you an example. There are husband and wife small businesses on our platform that sell things online that have been attacked and have faced attacks.

They typically – it was really interesting to see what this particular company that I'm thinking of, their competitors were also attacked. So it seems like a particular party was targeting their specific industry. And these were small business retailers. So, yeah, it affects organizations small to large. And the smallest organizations don't have the resources to deal with this problem. And the impact can be large. So, yeah, it's absolutely true. It affects everybody.

Jenny Zano:

All right. I've got another question here. The question says, we've heard a lot about what Neustar does, can you give some more specifics on how do you do it?

Miguel Ramos:

Yeah, absolutely. In terms of DDOS mitigation, there is a science aspect of it and then there's an art to it. So definitely the types of technologies that you have deployed that are specialized to do DDOS mitigation are important. And a cloud based infrastructure with nodes and significant amounts of bandwidth is important as well. But beyond what these machines and this hardware can do automatically, the latest attack threats, most of them, a lot of them look like legitimate traffic. And you really need to have that human level of expertise to deal with those issues. And having the right staff to mitigate attacks is really crucial. These are people that have deep experience doing DDOS mitigation, have been in the trenches, have been doing this a long time, have seen it all or are training regularly with all the latest and greatest attack factors. And it's really a combination of science and art. You have to be able to deploy the right technology based on the attacks that you see. But you also have to have the human element and the experience to deal with the latest, greatest advanced threats.

Jenny Zano:

Great. And, Miguel, I'm gonna ask you this question as well. I think you addressed this when you were talking about some of these solutions available. But maybe you can speak a little more specifically to this point. A question is, shouldn't DDOS protection come from our hosting provider?

Miguel Ramos:

That's a good question. And actually, a lot of people assume that they're getting DDOS protection from their hosting provider. The truth of the matter is, your hosting provider, like most ISPs as well, they're going to do what's right for most of the customers as opposed to a particular customer specifically. So let's say that a particular customer is being DDOS attacked. Well, most likely at that point you're actually threatening the rest of the customers. So a hosting provider will shut you off. You're most likely not getting this as a service from your hosting provider.

You know you have to also keep in mind that these – putting together a strategy for DDOS attack mitigation that involves doing it yourself, which is what some of these hosting providers are looking at doing, it's very expensive. It requires a significant investment in hardware, in staff, in globally deployed nodes, etcetera. So most hosting providers are not keen to make this investment. And they don't offer the service. So it's very important to get the service from a specialized entity. So a lot of people do assume, and we get a lot of inquiries from people who were shut off by their hosting provider. And they assume that if these hosting providers have supposedly 100 percent uptime, etcetera. But if you actually look at the agreements, these DDOS attacks are typically not covered in your hosting provider agreement. And they have every right to shut you off and will do so because you're most likely threatening the rest of their customers.

Jenny Zano:

Got it. Well, here's an interesting question. So do DDOS attacks affect only websites and I guess public websites, or could it also affect corporate networks that communicate over the internet?

Miguel Ramos:

That's a good question. Absolutely DDOS attacks do not just affect websites. So attackers are getting clever. Right. And they're – two things are kind of going on. One, DDOS attack tools that are very easy to use are freely available and easily downloadable. And it's very easy to launch an attack. So that is going on. That said, attackers are getting cleverer and they're starting to realize that there are other gateways and there are other keys pieces of infrastructure that they can inflict a lot of damage on without necessarily focusing on the website and still disrupt the ability for an organization to function.

Such as voice over IP systems, such as corporate firewalls, such as VPM systems, such as email servers, such as databases and APIs. There are really a lot of points that can be targeted by these attackers. And attackers are – while attacking a website is a very common attack vector, the threat is evolving and attackers are getting smarter and they're attacking different pieces of infrastructure.

Jenny Zano:

Got it. And in terms of who is actually behind most DDOS attacks, I mean there is no typical profile necessarily is there?

Miguel Ramos:

So what I'd say about that is that DDOS attacks have been in the news lately. Obviously if you go to your Google reader and read the news section of Google and let's say key in DDOS, you'll find a lot of stuff out there. The stuff that makes it out into public knowledge or is publicized is typically the politically motivated stuff. The politically motivated attacks. They typically rely on social media, blogs, Twitter, etcetera, to publicize this and gain support and gather people to launch attacks. That said, the criminal element is very pervasive. You got to think there's a lot of attacks that are happening on a daily basis. And very few of them are being publicized. So in terms of who is launching attacks, in our experience, the political stuff is on the rise. But the criminal element, the extortion aspect is still the key instigator of attacks. It's very difficult, as I explained earlier, to tell who the attacker actually is. But we see a lot of extortion type attacks. Even though the politically motivated attacks are what are in the news.

Jenny Zano:

So we have someone here who wants to know what is the best way to begin building a blueprint to proactively defend from these threats. Whether they're extortion, whether they're political, whatever they're from, how do you start to build that blueprint?

Miguel Ramos:

Well, I think in terms of a blueprint for putting together a plan, the first thing you have to realize is that and accept is that it's not a matter of if you'll be attacked. It really is a matter of when you'll be attacked. You have to assess the damage and the potential damage and plan accordingly. As you evaluate DDOS mitigation strategy , and we talked about some of the different ones that I outlined earlier in the presentation, getting the service, doing it yourself, getting a CDN service or getting a specialized cloud based DDOS mitigation provider, evaluate the costs obviously, the risks to your business.

And start doing your research ahead of time. Be prepared. Start that process before you're attacked so that when it happens, because at some point it will happen, you're ready. And the amount of downtime is minimized. We get a lot of customers that have contacted us when they're already in an emergency situation and they're already dealing with a DDOS attack. We understand this is a crisis situation for a lot of people. They're in a panic. It is not the right or the best time to be dealing with putting together defenses. So you want to do it as proactively as possible. You want to evaluate your options as proactively as possible. You want to do your due diligence, put together a plan early and be ready as opposed to being reactionary.

Jenny Zano:

There is a question here that is asking to look for a little more specifics on the use of a CDN. How effective they are against mitigating DDOS attacks.

Miguel Ramos:

Sure. So CDNs are large global caches. They are really good at helping your visitors get to your web content or your content quickly and providing that acceleration service. The thing is that attackers understand the weaknesses of the CDN services. So let me – I'll give you an example. I or an attacker with some medium level software development experience can scan a website, look at it and determine which part of or which key components of a website could potentially be blackened by a database or are potentially face potentially dynamic content, so an attacker can potentially craft a very custom attack on your infrastructure that focuses on a specific key component of your web infrastructure that they know is dynamically generated, which most likely means that is speaking to a database on the back end. And pierce your CDN completely and go right to your origin servers. So while those CDNs are very good at caching static content, once you – if you create the right attack, you can bypass them completely and go right to the customer or to the organization's infrastructure directly. So attackers know this. They know what they're doing. And if they want to bypass your CDN, they will find a way.

Jenny Zano:

Okay. Got it. Where there's a will there's a way I guess. All right. So our next question here is – so someone's asking whether we can kind of I guess give a list of all the types of appliances and software that are required to completely protect an organization from DDOS attacks.

Miguel Ramos:

That's a good question. And let me say that there are a lot of really good vendors out there for DDOS mitigation hardware. But I'd like to preface that by saying is that they all have their strengths and weaknesses. And there is no magic box that is going to mitigate all attack vectors for you. So there is no one vendor that does everything extremely well. And the right strategy, if you're going to do it yourself, is to have a diverse set of mitigation technology so that you can utilize the best technology for the attack vector or for the attack vector that is observed. And sometimes it makes a lot of sense to combine them and mix and match. So there's a lot of DDOS mitigation hardware vendors out there that are great.

Jenny Zano:

Got it. Got it. Great. Okay. Next question here. Have either of you ever seen a DDOS attack combined with a digital assassination attack via social media as a coordinated way to cause the most damage to the target? That's interesting.

Miguel Ramos:

Yes. Absolutely.

Jenny Zano:

Is that a new way of doing things?

Miguel Ramos:

I'd say that DDOS attacks can be used as a distraction. So potentially savvy intruders are using a DDOS attack to be able to get the attacked organization's technical resources focused on a particular problem so that they stop focusing on other problems. So it happens that a DDOS attack is going on while intruders are attempting to break into systems, while they are in the process of extracting corporate assets or organizational assets from the attacked entity's infrastructure. And sometimes these attacks can be coordinated on social media, Twitter, Facebook, etcetera. But potentially they can be a distraction. And that happens often.

Jenny Zano:

Okay. They're coming in the other door while you're looking at the other door.

Miguel Ramos:


Jenny Zano:

All right. I have a couple of questions here. I think they both seem to be relegated about coping with DDOS attacks or helping prevent DDOS attacks. I'm gonna combine them. So the question is, how does initial size help cope with DDOS attacks? For instance, Google has a 10K page and Microsoft has a 600K initial page. And also, do SYN cookies help prevent DDOS attacks? Anything you can say about those factors? Relationships to DDOS attacks.

Miguel Ramos:

I'll talk about Syn cookies first. Yes, I mean it's a traditional challenge response mechanism. And Syn cookies definitely are used to validate that the computer that is making a request is a valid or is a valid request.

Or is a valid – yeah, a valid request is coming out of the originating computer. That said, there's, as I said earlier, attackers are clever. The software is getting a lot more complicated. And there are ways to defeat Syn cookies as well. So it is – while it is something that can potentially help, there are these attackers are smart enough to defeat these. As I mentioned earlier, the very common attack vector or very common attacked vectors look like legitimate traffic. HTTP, etcetera, coming from legitimate sources. So you really have to have the specialized hardware to do inspection and the qualified staff to deal with those issues. So that's – in terms of page size. I'd say that those page size doesn't necessarily have a positive or negative effect on the impact of a DDOS attack.

Jenny Zano:

Great. Well, we're getting a little close to time here. So, Miguel and Susan, I'm just going to ask, are there any closing comments that you'd like to make before we wrap up today?

Miguel Ramos:

From my perspective, I'd just like to tell people and reinforce the fact that you should be prepared. That something like this will happen. That attackers have the tools available to launch attacks very easily. And there's a lot of savvy attackers that can potentially do very crippling things to your infrastructure. So it's important to be prepared. It's important to understand the risk. It's important to make a plan ahead of time.

And I think our survey, the survey clearly indicates that organizations are not ready or that they have the tools in place to deal with attacks that are not necessarily the correct tools. So I'll ask my colleague, Susan, if she has any closing comments or anything she'd like to say. She's shaking her head no.

Jenny Zano:

Okay. Well, in that case for more information that is related to today's webcast we'd like to invite our audience to visit any of the resource links that are now open before them. Within 24 hours you'll also receive a personalized follow up email with details and a link to today's presentation on demand. And you can also view today's event on demand by visiting www.netseminar.com. So we would just like to thank everyone for joining us today at our event. Once again, the event was DDOS Results, Learning from the IT Pros on What's at Stake When DDoS Attack Hits.

And it was brought to you by Information Week and Neustar. This webcast is copyright 2012 by United Business Media, LLC. The presentation materials are owned by or copyrighted if that's the case, by Information Week and Neustar, who are solely responsible for the content. And the individual speakers are solely responsible for their content and opinions. On behalf of our guests, Susan Warner and Miguel Ramos, I'm Jenny Zano. Thanks for your time and have a great day.

Miguel Ramos:

Thanks for your time everyone.