Closing the DDoS floodgates: why DDoS attacks are not inevitable

Of all the malicious hacking threats now facing enterprise networks, the DDoS attack is by far the most common and easily executed. This type of attack has plagued businesses for years, but it has recently gained particular notoriety in the media, with high-profile organisations reporting being the victim of large-scale attacks.

Such attacks can hit networks for up to 320 hours at a time, inflicting considerable damage to a company’s sales, service offering and reputation.

The UK has been hit particularly badly. As the home of several of the fastest growing digital enterprises in Europe, it is the top originating source country for DDoS attack traffic. And with companies losing up to around £4,000 per hour due to downtime, now is not the time to be taking risks with networks.

With traditional approaches to security focusing largely on absorbing increased traffic or diverting it, actions to defend the network are typically executed when attacks are already in progress.

> See also: Ransomware and DDoS combine to form a dangerous new two-pronged attack

As such, the first crucial step for organisations is to protect themselves at source. This can be achieved through having a clear, wide-reaching view of their network infrastructure.

However, it is also fairly easy to create an early warning system. Specialist tools are now available to companies at any operational scale that can detect such attacks and enable a more proactive approach.

Using these to monitor firewall and load balancing activity can help IT teams detect and mitigate against DDoS threats to stop them in their tracks.

For example, in cases like the recent RBS attack, when an attacker initiates a connection-based protocol, he or she might send 50,000 packets a second over the network, leaving connections open and vulnerable.

If a company is proactively monitoring its network, it will see an enormous spike in connections from the load balancer, along with an increase in throughput on the firewall and the bandwidth utilisation on Internet links.

The ability to monitor this firewall and load balancer activity can arm network operation teams, and with the crucial advanced warning facility they can protect themselves from DDoS attacks. Monitoring network activity in this way is rapidly becoming an essential first line of defence against the growing threat.

Using speed-at-scale, real-time monitoring tools, also allows operations teams to alert IT departments of an attack using both a granular and full picture view of their digital infrastructure.

Similarly, these tools allow IT teams to be alerted when random ports are flooded with packets, or when spoofed requests from a variety of sources attack a target server. This agility helps them identify debilitating attacks before resources are exhausted and the server is forced to go offline.

It is also possible for IT staff to set up accurate thresholds for questionable network traffic by reviewing historical data. For example, a rule can be set so that traffic is automatically blocked when a specific number of packets come through in less than a specified number of seconds.

> See also: DDoS attacks now a priority with UK law enforcement, says Cybercrime Unit chief

This equips users with an extremely effective barrier to mitigate the impact of DDoS attacks on the digital infrastructure.

Ultimately, mitigating the threat of these attacks is all about paying attention to the details of network traffic. A granular perspective of metrics, flows and logs will equip organisations with as much data as possible to detect, visualise, and mitigate attacks before they are capable of causing the very real damage that recent events have highlighted.

Sourced from Tom Griffin, Managing Director, EMEA, SevOne

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics