The best defence is a multi-layered one, covering the application and the network, says Martin Walshaw, senior engineer at F5 Networks.
DDoS attacks are evolving. They are no longer simply a nuisance – they are highly-funded and highly-targeted.
Anyone can launch a DDoS attack, and anyone can be the victim of one. For many, it is even a professional business and the attacks are evolving accordingly.
Extortion, for example, is becoming much more common. Cyber criminals hold businesses to ransom, demanding payment ahead of launching an attack, or when they begin an attack.
The reasons behind DDoS attacks are changing as well. Rewind a few years and many stemmed from hobbyists seeking bragging rights. Today, companies are targeted by their competitors or by those with a vendetta.
Industry research has revealed several interesting points related to DDoS attack trends. As well as increasing in frequency and variety, with attacks regularly exceeding 200Gbps, we are seeing dramatic growth in multi-layered attacks year-over-year at the expense of the volumetric attacks that often grab the headlines.
One of the reasons for this shift is that attacks are becoming application-centric, targeting the application level rather than (or as well as) the network to inflict maximum damage.
Attack strategies of this nature are forcing organisations to change their security posture.
DDoS mitigation is no longer a nice-to-have, but an absolutely essential component of a sustainable business strategy. It also needs to be more advanced and all-encompassing than ever before, offering a complete, layered defence from Layer 3/4 to Layer 7 on a global scale. Today’s threat landscape is extremely complex, rapidly shifting and stretches well beyond your own country’s borders.
When it comes to DDoS solutions, the notion of agility is often overlooked. It is more than a buzzword. With the right solutions in place at the right time, organisations can now achieve full architectural flexibility. This can include on- and off-premise mitigation techniques, decryption of SSL traffic and rigorous, real-time inspection of content.
Increasingly, the benefits of a hybrid approach are becoming apparent. Virtualised solutions are powerful tools to have in your arsenal, especially if there are pressures to scale and incorporate capabilities such as cloud bursting when capacity demands soar. As ever, budget will dictate deployment models but the ability to harness the benefits of on- and off-premise are becoming unavoidably enticing.
The behavioural aspects of DDoS attacks are also significant. Mitigation tools need to understand both the application and its adversary. It needs to know what the problem is, where it is happening and if the attacker is human or not. Here we enter the world of Behavioural DoS (BADoS), which provides automatic protection against DDoS attacks by analysing traffic behaviour using machine learning and data analysis. Working together with other protection solutions, BADoS essentially examines traffic flowing between clients and application servers in data centres, and automatically establishes the baseline traffic/flow profiles for Layer 7 (HTTP) and Layers 3 and 4.
Another important point to consider is visibility and real-time analysis. End-users want to be kept in the loop in real-time when it comes to mitigation, and they will look favourably on those providing proactive insights about relevant updates and best-practice.
It is also vital to engage with the wider industry and never relent in interrogating the issues. This is true for businesses, but especially so for cyber-security companies themselves. At F5, we draw on the expertise of our Security Operations Centers, which offer 24/7 access to highly specialised F5 security experts monitoring global multi-layer attack activities in real-time. Here, our researchers and analysts investigate new attacks throughout the world, and maintain up-to-date information on the latest malware, zero-day, and phishing attacks targeting global enterprises. To stay safe, you have to keep moving, engaging and learning.
Unfortunately, DDoS attacks are not going away any time soon. They are cheap, easy and quick to launch. The good news is that the protective and pre-emptive tools are out there. A complete, layered DDoS mitigation platform covers cloud, on-premise and hybrid environments. It protects the application layer as well as the network layer. And, crucially, it will safeguard both profit and reputation.