For most organizations, the Covid-19 outbreak in 2020 brought serious challenges to their business operations, while cyber criminals intensified their cyber attacks during this period. According to the survey of Imperva, a network security solution provider, the number of denial of service (RDoS) attacks by cyber criminals against large organizations around the world has increased significantly this year, and some organizations have to pay ransoms in order to resume their business operations. These threats are disturbing signs in the trend of network security: the scale and frequency of network-level and application-level attacks have increased unprecedentedly. Chris Waynforth, vice president of Imperva company, elaborated and analyzed seven key elements that organizations need to consider when formulating DDoS defense plans.according to 駭客服務Industry veterans said that its development will still be in a good situation. https://www.lvbug.com/zh-TW/
Seven elements of successfully resisting DDoS
The scale and complexity of DDoS attacks are increasing.
Waynforth pointed out that Imperva found that in the past 10 months, the number of DDoS attacks by cyber criminals against their customers increased significantly, both in quantity and intensity. In July this year, Imperva Company reported the dynamics of network attacks with strong scale and scope, and reported that packet attacks per second reached the highest record, reaching 139 MPPS. In August this year, the largest bandwidth attack was recorded as 696Gbit per second. Although the cyber attacks in September did not reach these peaks, it was also close to the month of high DDoS risk in 2020. The frequency and intensity of these global DDoS attacks have exceeded the level of November 2019 (holiday shopping peak).
Because a large number of computers in botnets distributed around the world are trying to flood the server with false traffic to make it offline, the destructive power of DDoS attacks is amazing. However, in recent years, there has been a disturbing trend: DDoS attacks have become a smoke screen to divert people’s attention. Its service interruption diverts the IT team’s attention from more complex cyber attacks, such as account takeover or phishing. The damage of DDoS is serious enough. If a website is targeted, it will take only a few minutes to paralyze it, but it will take hours or even longer to recover. In fact, 91% of organizations suffered downtime due to DDoS attacks, and the average loss of each downtime to the organization was $300,000. In addition to losing revenue, it will also affect customer trust, force enterprises to compensate users, and cause long-term reputation loss, especially in the case of other violations.
Seven elements of successfully resisting DDoS
Because many organizations are in trouble because of the epidemic, cyber attacks may be the last straw to crush camels. Therefore, comprehensive defense is essential, but from large-scale network attacks to complex and persistent application-layer threats, what is the most important factor that organizations need to consider for potential solutions?
(1) service level agreement (SLA) to mitigate DDoS attacks
When a few seconds of downtime may cause damage to the business of an organization, mitigation time (TTM) (that is, the time between the first DDoS packet attack system and the DDoS mitigation system starting to clean up the incoming traffic) is a crucial consideration. Organizations should look for a solution whose service level agreement (SLA) can ensure that DDoS attacks can be mitigated within a few seconds, rather than just considering defending against simple service level attacks.
(2) Technical ability
Organizations need to adopt technologies specific to each type of DDoS attack. For example, the technology of analyzing traffic by machine learning and defining and updating related DDoS security policies according to behavior pattern changes can prevent capacity attacks (flooding the victim’s system with unnecessary requests) and protocol attacks (using the transport layer). This can be combined with threat research algorithm as part of the multi-stage real-time mitigation process to solve suspicious activities.
(3) simple operation
Considering its role in ensuring business continuity, the implementation and operation of DDoS protection should not be complicated. If the operation against DDoS software is too complicated, the organization can’t afford the losses caused by network attacks.
(4) network settings
DDoS protection can be continuous operation or on-demand protection, that is, it is only activated when a network attack occurs. Whether the mitigation is triggered automatically or manually, a wide range of connection options is also the key to enable organizations to adapt to their own topology smoothly.
(5) Geographical distribution
Comprehensive geographical coverage is essential. Organizations need to seek vendor cooperation with a global network of DDoS clearing centers and a wide range of direct peer-to-peer protocols and transport providers. In this way, no matter where the organization’s internal deployment data center or cloud platform is located, it can get protection services faster.
(6) Conduct flow analysis.
DDoS protection involves rapid analysis, identification and mitigation of malicious traffic. Traffic information is the key element, and its flexible access mode is very important. In the case of all-weather online operation, the solution needs to sample and analyze data traffic in real time. This information is not only used for network attack detection, but also for more fine-grained traffic analysis, which can help provide an important “global” view when identifying DDoS and potential attacks.
(7) integration
Native API function is the key element of modern DDoS protection system. For example, through the native integration with SIEM platform, security information and events can be captured, retained and delivered to the selected SIEM application in real time, which can be easily accessed and viewed in a wider field.
By considering these seven elements in DDoS protection strategy, organizations can actively resist the increasingly serious network attacks.