Ahh…2018, the year of the big, bad, volumetric distributed denial of service (DDoS) attack. Remember the then-world-record Github attack in February (1.3 Tbps) and another world-record attack (1.7 Tbps) five days later in March?
Unfortunately, 2018 was the latest of several years of DDoS whoppers. During the past five years, the trend has been clear. Larger botnets are carrying out more powerful attacks with a wider variety of tools and tech that amplify the damage done to targets. And that’s the problem. The sheer mind-boggling size of DDoS attacks and the bizarre amplification methods used usually take center stage. The damage done often gets far less attention and news coverage.
Focus on damage and damage control
The days when DDoS attacks were a minor-league nuisance to IT teams are long gone. Now, we’re talking major-league damage to companies of any size or industry. When hackers release a DDoS attack, they start a process that can do all sorts of physical, financial and business damage. Here’s a list of consequences of DDoS-related slow networks or downtime:
- Damage to a company’s brand or reputation, when disappointed users lose trust in and stop doing business with a DDoS attack target.
- Revenue lost when e-commerce customers cannot use the website during and after an attack.
- Employee effort and productivity lost when the network goes down.
- Recovery costs such as in-house IT recovery operations and ad campaigns to refurbish a tarnished brand.
- Paid compensation of damages described in SLAs and other contracts.
- Physical damage to ISP infrastructure, a recently identified problem.
- Stolen data or intellectual property, the result of DDoS attacks used as a smokescreen for data theft.
On average, DDoS attacks last several hours and can completely disrupt an online service. However, 9 percent of attacks that make services go dark last from two days to a week. In another 7 percent of cases, these attacks last for several weeks or more.
The damage is not limited to downtime. Many DDoS attacks also include network intrusions, usually application-layer attacks. These attacks could lead to additional damage, such as the loss or theft of intellectual property and other sensitive data.
DDoS attack damage and mitigation
As all IT security pros know, attack recovery time is greater than network downtime. Total DDoS attack damage includes (but isn’t limited to) the time and resources needed to recover. Also, attack mitigation time is an essential part of total recovery time. So, reducing the time required to mitigate an attack is an effective way to reduce the total damage.
These facts are real for all attack targets, regardless of their size or industry. That’s why rapid mitigation time is vital to all potential DDoS attack targets—in other words, every business connected to the Internet.
The continuing growth of DDoS attack size and costs make rapid mitigation a valuable service. If you get hit by an attack, expect to pay $20,000 to $100,000, which doesn’t include indirect costs of SLA penalties and revenue lost to disenchanted customers.
Even short downtime episodes can ruin online service providers’ bottom line. The key to active DDoS mitigation: discovering attacks and stopping them before they can do damage.
Stopping DDoS attacks in seconds
The DDoS mitigation process detects attacks and scrubs malware while it protects the network’s infrastructure from downtime. In a three-step process, a mitigation service:
- Detects a DDoS attack.
- Analyzes malicious traffic and creates data scrubbing instructions.
- Blocks and scrubs malicious traffic.
Mitigation time is the time between the first malicious traffic entering your network to the start of the data scrubbing process.
Ideally, DDoS protection stops an attack before any downtime occurs. Achieving this level of performance requires the solution to detect and analyze traffic and create scrubbing instructions in milliseconds.
High-powered technologies drive rapid mitigation
Advanced mitigation approaches combine high-volume, high-speed data analytics and machine learning algorithms to detect, describe analyze, and clean malicious data quickly without disturbing legitimate traffic or the website user experience.
Currently, rapid mitigation times are measured in seconds. (Ten seconds is the current industry record). Advanced DDoS mitigation solutions should include these features and capabilities to provide multi-second protection services:
- High-volume data storage capacity, which accommodates interconnected scrubbing facilities used to profile traffic and block malicious data.
- Robust network capacity, which enables protection services to move high volumes of malicious data to scrubbing services and maintain optimal website conditions during a DDoS attack.
- High-speed data analytics capabilities, which enable IT pros to establish a baseline of network traits and behavior.
- Automated attack defense software, which can flag suspicious data characteristics or activity.
- Advanced tools and techniques, such as deep packet inspection, automated bot detection, IP blocking, and an enterprise-grade web application firewall.
- Customer control over security management features such as rate limiting, blacklisting, whitelisting, IP reputation network, and IP blocking.
- A mitigation time guarantee in the SLA. The SLA is where DDoS mitigation services providers get real—or not. If you’re looking for blistering-fast mitigation times, isn’t it reasonable to ask for it in writing?
Rapid mitigation times are becoming part of standard DDoS attack protection practice. When it comes to costs and grief to your business, it pays to find and use protective services that keep the risk of DDoS attack damage low.