Managed Security Product Director
Erik Nordquist is the Global Product Director at GTT responsible for the Managed Security portfolio including Managed Firewall, Managed DDOS, Managed Detection & Response and GTT’s newest offering, Managed SASE known as Secure Connect.
5 Tips for Defending Against DDoS Attacks
The nature of DDoS attacks is constantly evolving due in part to the technology used but also to the motivations of the attackers. Today’s distributed denial of service (DDoS) attacks are very different to the ones of only a scant few years ago. Originally, these cyber tsunamis were straightforward volumetric attacks to single victim IP addresses intended to cause embarrassment and disruption. Now the motives behind DDoS attacks are increasingly unclear, the techniques are becoming ever-more complex, and the frequency of attacks is growing exponentially. Even more serious is the fact that attacks can now be automated, attackers can switch profiles faster than any human or traditional DDoS security solution can respond to. The size, frequency and duration of modern DDoS attacks represents a serious threat to any organization connected to the internet. Minutes or even tens of seconds of downtime, or increased latency could significantly impact a business. But there is some good news. Despite the increase and frequency of attacks, there are way to mitigate the damage or the attack itself.
There are 5 dos and don’ts to help ensure that your business is protected from DDoS attacks.
- Document your DDoS resiliency plan. A good resiliency plan is breaks down into three components, all of which should be carefully documented, easy to locate, and kept up to date.
- The technical competencies on staff, including emergency contact information and where and when they fit within the incident response team responsible for mitigating the attach and reducing the damage.
- A crisis communication process to alert all key decision makers across the organization to ensure stakeholders are notified and consulted accordingly.
- An operations plan that protects business continuity in the event of a DDoS attack, allowing the business to continue to operate, despite an active, ongoing threat or actual attack.
- Recognize DDoS attack activity. Large, high-volume DDoS attacks are not the only form of DDoS activity. Short duration, low-volume attacks are commonly launched by cybercriminals as a stress- test, searching for vulnerabilities within your network. Understand your network traffic patterns and look to a managed service provider of DDoS Mitigation services to help identify DDoS traffic in real-time, with the ability to immediately remove both large volumetric and small resource attacks.
- Don’t assume that only large-scale, volumetric attacks are the problem. DDoS attackers are getting more sophisticated; their objective is not only to render a website or network paralyzed, but possibly as a distraction to network or security staff, with the intent of disguising a more nefarious network infiltration. Such attacks typically are short duration (under 5 minutes) and low volume, meaning they could easily slip under the radar without mitigation by a traffic monitor, or even by legacy DDoS protection systems.
- Don’t rely on traffic monitoring or thresholds. You may notice when network traffic spikes, but are you be able to distinguish between good traffic and bad traffic? How do you respond to a spike? Could you block out only the bad traffic, or would your network resources be overwhelmed? Monitoring your traffic and setting threshold limits is not a form of protection, especially if you consider that small resource attacks often go unnoticed by threshold triggers.
- Don’t rely on an IPS or firewall. Neither an intrusion prevention system (IPS) nor a firewall will protect you. Even firewalls that claim anti-DDoS capabilities built-in have very limited abilities to block attacks. Those firewalls often rely on the usage of indiscriminate thresholds and when the threshold limit is reached, every application and every user using that port gets blocked, causing an outage. It is also possible for attacks to simply flood your internet connection to the point that no amount of traffic blocking by the firewall will have any effect.
The best defense is a good offense. Real, pro-active DDoS protection is best provided by a tier 1 ISP network with large capacity interfaces and the ability to detect and mitigate DDoS attacks at scale.
As your resiliency plan takes shape, spend time research full-service providers with Tier one.
As you develop your resiliency and Defense-in-Depth strategy, be sure to include DDoS protection. When every second counts, time-to-mitigation must be a critical factor in your decision-making process and an always on solution capable of defending against even the largest of attacks provides you the best defense. With always on DDoS protection, you can be assured that “bad” traffic will be blocked, letting legitimate traffic and your business keep operating. Look to a Managed Security Service Provider that is backed by security experts and best in breed DDoS technology offering unlimited clean traffic for any size network along with alerting, reporting and visibility of the service through self-service tools.