Traditional security solutions can’t deal with ever sophisticated DDoS attacks

13 July 2015

Corero CTO Dave Larson believes real-time protection is the only way to proactively defend against DDoS threats.

 

Most IT security professionals are unable to use traditional tools to spot a DDoS attack in advance on their company networks, according to new research from Corero Network Security.

The company recently surveyed 100 IT security professionals at two separate industry events: Infosecurity Europe that took place in June in London, and the RSA conference in San Francisco in April.

Nearly half of those questioned admitted to responding reactively to DDoS attacks. When asked how they knew that they suffered an attack, 21 per cent cited customer complaints of a service issue as the indicator, while 14 per cent said they only became aware of an attack following infrastructure outages. Another 14 per cent said application failures, such as websites going down, alerted them to the DDoS event. 

Corero found that just 46 per cent were able to spot the problem in advance by noticing high bandwidth spikes –an early sign of an imminent attack – by using other network security tools.

“It is an unfortunate but all too common issue when your customers are first to alert you to a service outage,” says Corero’s CTO and VP Dave Larson. “From a technical perspective, it’s much harder to respond to an outage if you start off on the back foot.”

The survey found that around 50 per cent of those interviewed rely on traditional IT infrastructure such as firewalls or an IPS (intrusion prevention system) to protect against DDoS attacks, or depend on their upstream provider to deal with the breach. Only 23 per cent revealed that they have dedicated DDoS protection via an on-premises appliance-based technology or from an anti-DDoS cloud service provider. 

Larson warns that relying on traditional infrastructure or upstream services to protect against the frequent and increasingly sophisticated DDoS attack landscape is not a definitive solution. He believes real-time protection represents the only way to proactively combat the DDoS attacks targeting business.

“Internet peering or dedicated DDoS protection technology that is deployed at the very edge of the network can effectively inspect all internet traffic and mitigate DDoS attacks in real-time, removing the threat to your business before it can inflict damage.

“Using scrubbing centres to mitigate DDoS attacks off-site is a game of cat and mouse. With 96 per cent of DDoS attacks lasting 30 minutes or less, by the time an on-demand defence has been engaged it is already too late and the damage has been done.”