Introduction
DDoS attacks are frequently portrayed as growing in volume, with the greater scale posing more of a threat to organisations. For example, back in June the BBC reported – ‘Amazon “thwarts largest ever DDoS cyber-attack” ’. Amazon confirmed their cloud offering, Amazon Web Services, had been hit with 2.3 Tbps attack back in February. To put that figure into perspective, it’s just under half of all traffic BT sees on its entire UK network during an average working day.
The Problem
However, focusing only on the larger DDoS attacks risks overlooking the smaller, more targeted threats. Observers are seeing DDoS as a matter of much more than just goliath brute force. As the cyberthreat landscape evolves, DDoS is turning into a more surgical tool which, when used alongside other methods, can lead to more lasting damage than a few hours of website outage.
Over recent years, Corero’s research into attacks attempted on their customers consistently indicates that the overwhelming majority (98%) of attacks are not high-volume. They are often less than 10 Gbps in size and typically last less than 10 minutes.
Multi-Vectored Attacks
Performing a small-scale attack is a conscious, tactical choice designed to go unnoticed by traditional mitigation strategies. For many of the most damaging DDoS attacks, the traffic flow involved is so small that not only does the server stay online, but the defensive tools also remain blissfully unaware.
Hackers can also automate the change of parameters and vectors in response to the defences they encounter during an attack. By layering different vector types and varying attack vectors, they can continually evade detection and mitigation.
With such a strategy, smaller, more precise DDoS methods enable attackers to fulfil their actual goal. For example, targeting business critical web-based infrastructure or degrading website performance over the long run, rather than disabling the website entirely and triggering an immediate response to the threat.
The Hybrid Solution
An on-premise deployment can offer automated, real-time DDoS protection that is geared towards dealing with the smaller, more prevalent attacks that require instant mitigation. This allows an end user to locally prevent any downtime for their applications and services.
In contrast, cloud-based mitigation is necessary to defend against DDoS attacks that are larger than an organisation’s bandwidth, the kind that result in overwhelming floods of traffic. The attack will initially be stopped in the early stages by the on-premise solution and shifted to cloud scrubbing as the attack grows in volume.
A hybrid approach can offer protection against the full spectrum of DDoS attacks and crucially, prevent downtime of business-critical applications. The on-premise solution also reduces the usage of the cloud, by attempting the handle attacks locally first. Thus, lowering operating costs for the end user without compromising defence continuity.
Conclusion
Organisations need to protect themselves from DDoS attacks, particularly those that cannot tolerate any downtime. The best choice is a fully integrated hybrid deployment that delivers both on-premise, always-on, real-time DDoS mitigation, with co-ordinated automatic cloud backup, to defend against attacks of all size.
References
- Amazon ‘thwarts largest ever DDoS cyber-attack’ – https://www.bbc.co.uk/news/technology-53093611
- Small is the New Big, When it Comes to DDoS Attacks – https://www.corero.com/blog/small-is-the-new-big-when-it-comes-to-ddos-attacks/
- DDoS attacks: why size doesn’t always equate to impact – https://www.itproportal.com/features/ddos-attacks-why-size-doesnt-always-equate-to-impact/
- Understanding and Stopping Multi-Vector DDoS Attacks – https://www.corero.com/blog/understanding-and-stopping-multi-vector-ddos-attacks/
- Advantages of Hybrid DDoS Protection – https://bit.ly/376v77g
