Defending Enterprise Network Security: a DDoS Attack Primer
A survey by Neustar indicated that more than 80 percent of financial services firms estimate a loss of $10,000 per hour during a DDoS-related outage. The statistics in this report amplifies the need for financial institutions of any size to develop DDoS preparedness and remediation strategies. Cyberthreat actors don’t discriminate — they target both large and small organizations and exploit weaknesses wherever they can. – Secureworks
Distributed Denial of Service (DDoS) attacks have become a commonplace threat that every business should take seriously. All of the most famous DDoS attacks are newsworthy for one reason, they were on a scale that was so enormous they were easily detected. It’s hard to miss a 2+ terabits per second traffic tsunami. Even when an DDoS attack is orders of magnitude less in volume, hackers can achieve goals other than simply knocking an organization offline.
The Who and Why of Hacking
Cybercrime alone costs nations more than $1 trillion globally, far more than the record $300 billion of damage due to natural disasters in 2017 …” – Harvard Business Review
In the distant past, hacking was a nerd sport, something they did for fun or to annoy people as well as to learn about systems and document their weaknesses. While simple mischief and exploration is still common, today’s motivations also include:
- Political activism or “hacktivisim” – Mostly conducted by lone hackers or small cooperatives, this category has been on a sharp rise over the last decade
- Financial gain mostly by organized crime for –
- Ransom either to terminate DDoS attacks or decrypt data compromised by ransomware
- The theft of personally identifiable information (or PII) or trade secrets
- The subversion of financial systems such as misrouting financial transactions
- Cyber warfare by hostile nation state actors looking to cause disruption or havoc through denial of service, cyber espionage, intellectual property theft, and compromising data and cybersecurity
Whatever the reason for trying to compromise your enterprise network security, DDoS exploits provide a way to probe and test infrastructure security, to degrade communications and server performance, and to provide cover for incursion attempts.
Types of DDoS Attacks
There are three main types of DDoS:
- Volume-based attacks that rely on high traffic volumes to reduce or prevent access to a server
- Protocol-based attacks designed to consume server resources by manipulating specific communications protocols
- Application-based attacks that target code running at the application layer to degrade or crash servers
Each type of attack requires different detection and amelioration technologies and should take into account the target being attacked, the methods of detection, the cost of defensive cybersecurity, and how quickly a response can be mounted. In short, what we’re looking for is a strategic approach to defending critical infrastructure.
How to Create a DDoS Defense Strategy
A tactical DDoS defense strategy—deploying DDoS cybersecurity defense tools and hoping you won’t have to use them—simply isn’t enough to ensure infrastructure security. In-depth defense against DDoS attacks and their consequences requires a strategic approach to enterprise network security built on a 360-degree view of the critical infrastructure security assets that are vulnerable, what the consequences will be if an attack occurs, and an amelioration plan that reduces costs and downtime.
Step 1: Assess Your Assets
Your first task is to identify which of your assets are critical to the enterprise. Typically, this includes email systems, VPN services, web server, application servers, all of the assets that, should they become impacted or compromised, would effectively stop your organization from working. You should attach a downtime dollar value and an estimated time to repair along with any other metrics particular to your enterprise network security assessment to identify priority assets.
Step 2: Deploy Robust DDoS Defenses
The DDoS infrastructure security solution you select should be state-of-the-art with a solid enterprise customer background. Evaluate your vendor’s support options and responsiveness and work with them to establish a solid mitigation plan with routine test protocols. You absolutely need to know that when a DDoS attack occurs, your deployment will work as planned.
Step 3: Ensure You Have Visibility into Your Network
Understanding what constitutes “normal” traffic patterns and being able to identify abnormal events and packet flows is key to in-depth DDoS detection. If hackers don’t execute an “all out” assault on your network but rather use DDoS to degrade your connectivity, then without a deep insight into what’s normal you may not notice the attack. Another aspect of understanding your To understand what constitutes normal traffic, keep re-evaluating your networks as traffic patterns will change over time. Just consider the changes caused by COVID-19. Traffic patterns may now be significantly different.
Step 4: Use Deep Packet Inspection
The final component of your strategic DDoS infrastructure security strategy is application-level deep packet inspection. You should not only be monitoring inbound traffic but also outbound traffic and watching for unauthorized and dangerous payloads and inappropriate content such as social security numbers, and other personally identifiable information to and from unsanctioned endpoints.
How A10 Can Help You Build a Strategic DDoS Defense Strategy
A10 Networks is a strategic partner for establishing enterprise network security. A10 Thunder® Threat Protection System (TPS®) employs advanced defense strategies that protect against all kinds of cyberattacks including new, novel DDoS attacks that could bring down your DNS services. Visit the DDoS Protection solution page to learn more. For insight into your network traffic, A10 Networks Thunder® SSL Insight (SSLi®), available in both hardware and software form factors, provides cost-effective cybersecurity including deep packet inspection for full network traffic visibility as well as SSL offloading, content filtering for data loss prevention, load balancing, and traffic steering along with comprehensive analytics and management providing real-time, actionable insights into traffic statistics, categorization, and suspicious activities and the ability to manage multi-site deployments from a central location.
The State of DDoS Weapons Report (Q2 2020)
Learn how actionable DDoS weapons intelligence enables a proactive approach to DDoS protection by creating blacklists based on current and accurate feeds of IP addresses of DDoS botnets and available vulnerable servers commonly used for DDoS attacks.Learn More About DDoS Attack Weapons