Distributed denial of service attacks (DDoS) are growing in size and frequency. Arbor Networks research has found that there is an average of 124,000 DDoS events each week and that the peak attack size has grown 73% in the last twelve months.
Falling prey to a DDoS attack can result in hours of downtime for your employees and customers as your web services are disrupted and unavailable. The fiscal impact from these attacks can cost large enterprises millions of dollars.
Even if you feel your risk of a DDoS attack is minimal, you may be more exposed than you believe. Unlike advanced persistent threats, DDoS do not require extreme technical sophistication on the part of cybercriminals. In addition, hacker motivations are not always, or even often, financial. For members of underground hacking communities, launching a DDoS can be a way to show off skills or gain credibility among other budding criminals.
To learn more, we recommend 6 Things to Know About DDoS Attacks
In this blog, you'll learn how to defend against DDoS before it disrupts your services and costs your organization sales, and threatens your client satisfaction.
Identify Unusual Traffic Activity
The precise traffic patterns associated with DDoS attacks can vary. They may not start off at full-blast, with some criminals choosing to send a series of unusual requests to test the waters before launching a full botnet army.
If your organization lacks ongoing traffic analysis or any other kind of data-driven baseline for what's "normal" it can be impossible to identify the first minutes of a DDoS attack, data exfiltration, or other massive security risks.
Utilizing flow sampling tools or analytics applications is certainly better than no traffic monitoring, however, tools which enable real-time processing of traffic and network activity will enable you to respond more quickly to any threat.
Don't Gamble with Bandwidth
Using the minimum amount of necessary bandwidth your organization needs is a risk across the board when it comes to security and business continuity. Symptoms of bare-minimum or under-provisioning can include productivity losses, telecommunications woes, and extreme vulnerability to DDoS attacks.
A professionally-administered bandwidth analysis can reveal precisely how much your organization needs and allow you to significantly exceed this estimate. Some organizations choose to double, triple, or even further exceed their baseline.
Even an enormous amount of bandwidth probably won't allow your web services to remain online continuously if you're targeted by a botnet army. However, as Paul Rubens writes in eSecurity Planet, "It may give you a few extra minutes to act before your resources are overwhelmed."
Avoid the Wrong Response to Extortion Attempts
The threat of DDoS attacks can be used against business as a form of blackmail. One should establish a policy outlining the corporate strategy regarding such extortion attempts. It may be best not to respond to these extortion requests. In many cases, the appropriate response probably isn't to pay them off with cash or bitcoins. Even if the criminals follow through with their promise to avoid launching a DDoS, you're rewarding them for their threats and potentially making your organization known as an extortion target.
Developing a correct response to extortion demands is a complex decision that should be made with the assistance of counsel and law enforcement authorities. However, sending money to stop a DDoS is not the most effective—or only—method of preventing an attack.
Immediately Contact Your Internet Service Provider
If your organization does not conduct all hosting activities in-house, one of the first reactions to a suspected DDoS attack should be to contact your internet service provider (ISP). Their response will vary significantly depending on the scope of their resources and your service level agreement.
Some of the most effective ways ISPs assist in the mitigation of DDoS attacks involve the "scrubbing" of malicious data packets which allows legitimate customer requests to get through while keeping your services online. The ability of an ISP to respond to a DDoS attack ultimately depends on the size of the attack in addition to SLAs and technological capabilities.
Develop a Comprehensive Approach to DDoS Security
Your organization is statistically likely to suffer some kind of security incident in the next twelve months. The rapid growth of DDoS attacks reveals that attempts to disrupt your business continuity could be one of the most probable incidents to occur.
Developing the ability to respond immediately to a suspected DDoS can mitigate damage to your business. Full compliance with PCI or other regulatory measures can improve your layered security, reduce vulnerabilities, and add response capabilities.
Agent-based file integrity monitoring is among the most effective ways to improve compliance and gain network-wide oversight. In addition, CimTrak monitors a heartbeat from each agent, which is a great way to identify if servers become unavailable due to DDoS attacks. CimTrak is the only real-time file integrity monitoring tool that allows complete remediation of negative changes directly from the management portal.
With built-in intelligence to reveal non-compliance or abnormal changes to your critical system files or network activity, you can act quickly during security attacks when seconds matter.
To learn more about how CimTrak can reduce risks and increase network-wide security, we recommend The Definitive Guide to File Integrity Monitoring.
December 20, 2016