Man, Machine and DDoS Mitigation The Case for Human Cyber Security Expertise Selected excerpts Prolexic recently released a white paper that explains why experienced security professionals analyzing network traffic in real time stop distributed denial of service (DDoS) attacks faster than pre-programmed and automated mitigation equipment – and at far less risk to an organization’s bottom line. DDoS mitigation appliances are network devices used by IT departments that are intended to prevent an outage caused by a DDoS attack. But today’s DDoS attacks are often large and complex – too large and complex for automated DDoS mitigation. As a result, Prolexic has found that realtime monitoring and analysis of network traffic by experienced DDoS mitigation engineers during an attack is the only approach that ensures effective DDoS mitigation, especially when live attackers change attacks throughout an event. A DDoS attack is an attempt to make a computer resource (i.e. website, e-mail, voice, or a network) unavailable to its intended users. By overwhelming it with data, requests or both, the target system either responds so slowly as to be unusable or crashes completely. The data volumes required to do this are typically achieved when attackers harness a network of remotely controlled zombie or botnet (robot network) computers. These compromised computers have fallen under the control of an attacker, generally through the use of a Trojan virus or other malware. Outages caused by DDoS attacks are increasing in frequency, size and volume and are damaging to businesses. As a result, many organizations have made big investments in automated defensive tools such as firewalls, intrusion prevention systems (IPS), intrusion detection systems (IDS), and router appliances. Unfortunately, automated tools often fail to block a DDoS attack. Growing attack size and complexity Typically, a local DDoS mitigation appliance can handle less than 10 gigabits per second (Gbps) of attack traffic, while a firewall solution offered by an ISP can usually handle less than 20 Gbps. A typical solution from a cloud-hosting provider can handle less than 40 Gbps. Yet, many of today’s DDoS attacks are bigger than that. For example, in 2013, Prolexic blocked multiple attacks that peaked at more than 100 Gbps, with the company largest measuring the largest at 179 Gbps. DDoS attacks also continue to increase in complexity. DDoS attackers target the network layer, described in the Open Systems Interconnection model (OSI model) as Layer 3, the transport layer (Layer 4) and the application layer (Layer 7) – and often all three in the same campaign. Attackers create Layer 7 attacks that resemble legitimate traffic as a strategy to overload specific elements
of an application server infrastructure. Even simple application attacks can critically overload web servers and databases. Although many company executives may think it is unlikely their organization will be attacked, all companies and industry sectors are vulnerable. Today’s attackers are using more powerful DDoS toolkits such as the itsoknoproblembro toolkit to take advantage of vulnerabilities in web servers. The financial damage from DDoS attacks is growing. Gartner predicts a 10 percent growth in the financial impact that cybercrime will have on online businesses through 2016, as DDoS attackers take advantage of new software vulnerabilities that are introduced via new cloud services and employee-owned devices used in the workplace.1 As a result, enterprises are at a higher risk of financial losses and damage to their global business reputation than ever before. Get the full white paper for more details Download the white paper, Man, Machine and DDoS Mitigation, which explains why you need human cyber security expertise: ● Understand the current and future DDoS threatscape ● Learn the capabilities and limitations of specific types of DDoS mitigation appliances ● Find out how live attackers overwhelm automated systems ● Understand the weaknesses of the new breed of intelligent DDoS mitigation device ● Avoid blocking legitimate traffic when under attack ● Learn about Prolexic’s Security Operations Center The more you know about DDoS attacks, the better you can protect your network against cybercrime. Download the free DDoS protection white paper today. About Prolexic Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. Learn more at http://www.prolexic.com.
1 “Gartner Reveals Top Predictions for IT Organizations and Users for 2012 and Beyond,” December 1, 2011