Volumetric distributed denial of service (DDoS) attacks pose a significant threat to today’s companies. These attacks are becoming more sophisticated and intense every year as hackers develop new ways to threaten the network systems that millions of people depend upon. It’s no surprise, then, that many organizations are investing in various forms of DDoS mitigation as a way of preventing denial of service attacks.
Regardless of their complexity, all networks operate on the same basic principle of transmitting data packets from one fixed point to another along various connections. Those connections could be fiber optic cable, copper wire, or wireless transmissions. When a data packet arrives at its destination, it issues a request for access. The destination router or server reviews the request and either accepts or denies it.
But this process takes time and computing power. In most cases, a network isn’t receiving enough access requests to put strain on the system. A DDoS attack, however, exploits this vulnerability by flooding a server with malicious data packets requesting access. Overwhelmed by this influx of traffic, most servers end up crashing, disrupting services and costing companies an average of $2.5 million. Easy to orchestrate, DDoS attacks typically use malware to turn otherwise mundane computer systems into guided missiles that are then directed at a single network as part of a botnet. This makes blocking DDoS attacks especially difficult since access requests come from so many different sources.
DDoS attacks are measured by the amount of bits per second they transmit to the network and how long they last. Although DDoS attacks were down in 2018, they have become more frequent and intense throughout 2019. A Q1 2019 report found that attacks sized 100 Gbps (gigabits per second) and higher increased by 967% compared to Q1 2018. The overall number of attacks increased 84 percent during the same time frame. The largest DDoS attack on record occurred in March of 2018, clocking in at an astonishing 1.7 Tbps (terabits per second). Considering the substantial costs of extensive server downtime, preventing denial of service attacks should be a major point of emphasis for every IT security team as they implement cybersecurity measures.
Since DDoS attacks fundamentally operate on the principle of overwhelming systems with heavy traffic, simply provisioning extra bandwidth (such as a burstable bandwidth plan) to handle unexpected traffic spikes can provide a measure of protection. This solution can prove expensive, however, as a lot of that bandwidth is going to go unused most of the time. What’s more, additional bandwidth is not as effective at preventing DDoS attacks as it once was. These attacks are getting larger and more sophisticated, and no amount of bandwidth is going to be able to withstand attacks exceeding 1 Tbps without additional DDoS mitigation measures. Despite this, provisioning burstable bandwidth can help cushion the impact of an attack, providing the extra time needed to take action to combat the attack.
There are a variety of ways for IT security teams to monitor incoming traffic and identify the early warning signs that are vital to preventing DDoS attacks. Most routers support some type of flow sampling, which examines samples of incoming data packets to create a large scale picture of trends in network traffic. Since flow sampling is only looking at a sliver of traffic at a time, however, it can miss potentially damaging trends or turn up “false positives.” Flow analytics devices give a better picture of data traffic, and they are often combined with other DDoS mitigation solutions to redirect traffic that is flagged as unusual. In-path deployment mitigation devices are the most effective monitoring method, allowing for continuous processing of all incoming and outgoing traffic.
Once organizations know a DDoS attack is underway, there are a variety of actions they can take to protect their infrastructure. The first strategy for how to prevent DDoS attacks is generally to stop malicious packets from reaching servers by “null routing” traffic, which drops and redirects requests flooding in under the direction of a botnet. DDoS optimized firewalls can also identify incomplete connections and flush them from the system when they reach a certain threshold. Routers can also be rate limited to help prevent the server from being overwhelmed. In some instances, all traffic is diverted to a “scrubber” that sorts legitimate requests from malicious ones more thoroughly. Many of these cybersecurity measures, however, are bandwidth-dependent and could be overwhelmed by a large-scale attack.
As DDoS attacks become larger and more sophisticated, IT security efforts are focusing as much on backups and redundancies as on prevention. After all, if the goal of a DDoS attack is ultimately to disrupt service, it doesn’t much matter how a provider keeps its servers up and running as long as it stays online. Rather than meeting the attacks head-on, redundancy allows organizations to expand the capacity of their infrastructure to make it more resilient. Overwhelming a few servers with volumetric attacks amounts to little more than a Pyrrhic victory if the company can simply fall back on redundant systems to continue delivering service without interruption. Redundancy also makes it easier to actively combat attacks because traffic can be cut off and rerouted more effectively.
Relying on a single internet service provider (ISP) can leave a company vulnerable to DDoS attacks because any attack that disrupts the provider’s systems will likely result in downtime for all connected systems. Moreover, when a DDoS attack is launched over a single ISP’s connections, there are few solutions that don’t involve disconnecting and waiting until the attack is over. With a blended internet service that offers ISP redundancy, companies can design redundant networks that allow them to switch between different providers as needed in the event of a DDoS attack. Once the attack is underway, a blended ISP solution like vXdefend can detect what’s happening and reroute traffic to prevent lasting damage and prevent downtime.
Data centers can provide organizations with an extensive array of tools for combating DDoS attacks. Since they have much greater bandwidth capacity and more secure routers managing incoming traffic, data center security is much better equipped to withstand attempts to overwhelm their infrastructure than the typical on-premises IT solution. With blended ISP connections that provide multiple layers of redundancy and real-time monitoring powered by predictive analytics and backed up by remote hands services, data centers have the resources needed to combat the latest DDoS attack strategies.
With more and more devices connected to networks every year, DDoS attacks will continue to pose a significant threat to organizations across a wide range of industries. By taking careful steps to monitor their IT deployments and respond to suspected attacks before they reach full intensity, companies can protect their infrastructure and continue to deliver reliable services to their customers.