Distributed denial of service (DDoS) attacks pose a significant threat to today’s companies. Easy to orchestrate, DDoS attacks typically use malware to turn otherwise mundane computer systems into guided missiles that are then directed at a single network as part of a botnet. Overwhelmed by this influx of traffic, most servers end up crashing, disrupting services and costing companies an average of $2.5 million.
These attacks are not only increasing in frequency, but also becoming more intense. DDoS attacks are measured by the amount of bits per second they transmit to the network. A May 2017 report found that 45% of attacks over the previous 12 months were greater than 10 gigabytes per second (Gbps) and 15% of attacks reached levels of at least 50 Gbps. The largest DDoS attack on record occurred in March of 2018, clocking in at an astonishing 1.7 terabytes per second (Tbps). Considering the substantial costs of extensive server downtime, preventing DDoS attacks should be a major point of emphasis for every IT security team as they implement cybersecurity measures.
Since DDoS attacks fundamentally operate on the principle of overwhelming systems with heavy traffic, simply provisioning extra bandwidth to handle unexpected traffic spikes can provide a measure of protection. This solution can prove expensive, however, as a lot of that bandwidth is going to go unused most of the time. What’s more, additional bandwidth is not as effective at preventing DDoS attacks as it once was. These attacks are getting larger and more sophisticated, and no amount of bandwidth is going to be able to withstand attacks exceeding 1 Tbps without additional mitigation measures. Despite this, provisioning surplus bandwidth can help cushion the impact of an attack, providing the extra time needed to take action to combat the attack.
There are a variety of ways for IT security teams to monitor incoming traffic and identify the early warning signs that are vital to preventing DDoS attacks. Most routers support some type of flow sampling, which examines samples of incoming data packets to create a large scale picture of trends in network traffic. Since flow sampling is only looking at a sliver of traffic at a time, however, it can miss potentially damaging trends or turn up “false positives.” Flow analytics devices give a better picture of data traffic, and they are often combined with other mitigation solutions to redirect traffic that is flagged as unusual. In-path deployment mitigation devices are the most effective monitoring method, allowing for continuous processing of all incoming and outgoing traffic.
Once organizations know a DDoS attack is underway, there are a variety of actions they can take to protect their infrastructure. The first strategy for how to prevent a DDoS attack is generally to stop malicious packets from reaching servers by “null routing” traffic, which drops and redirects requests flooding in under the direction of a botnet. DDoS optimized firewalls can also identify incomplete connections and flush them from the system when they reach a certain threshold. Routers can also be rate limited to help prevent the server from being overwhelmed. In some instances, all traffic is diverted to a “scrubber” that sorts legitimate requests from malicious ones more thoroughly. Many of these cybersecurity measures, however, are bandwidth-dependent and could be overwhelmed by a large-scale attack.
As DDoS attacks become larger and more sophisticated, IT security efforts are focusing as much on backups and redundancies as on prevention. After all, if the goal of a DDoS attack is ultimately to disrupt service, it doesn’t much matter how a provider keeps its servers up and running as long as it stays online. Rather than meeting the attacks head-on, redundancy allows organizations to expand the capacity of their infrastructure to make it more resilient. Overwhelming a few servers with volumetric attacks amounts to little more than a Pyrrhic victory if the company can simply fall back on redundant systems to continue delivering service without interruption. Redundancy also makes it easier to actively combat attacks because traffic can be cut off and rerouted more effectively.
Data centers can provide organizations with an extensive array of tools for combating DDoS attacks. Since they have much greater bandwidth capacity and more secure routers managing incoming traffic, data center security is much better equipped to withstand attempts to overwhelm their infrastructure than the typical on-premises IT solution. With blended ISP connections that provide multiple layers of redundancy and real-time monitoring powered by predictive analytics and backed up by remote hands services, data centers have the resources needed to combat the latest DDoS attack strategies.
With more and more devices connected to networks every year, DDoS attacks will continue to pose a significant threat to organizations across a wide range of industries. By taking careful steps to monitor their IT deployments and respond to suspected attacks before they reach full intensity, companies can protect their infrastructure and continue to deliver reliable services to their customers.