The perpetual cycle in which evolving threats to data are countered by a timely response from the IT industry looked to be slowing recently, in the face of steady growth in the nature, volume and sophistication of distributed denial of service (DDoS) attacks by criminal syndicates and hackers.
While businesses around the world grow increasingly reliant on the uptime of Internet-connected services, many are finding that legacy security solutions such as firewalls and intrusion prevention systems (IPS) have insufficient capacity to mitigate today's multi-vector DDoS attacks at scale.
Organisations are facing the threat of significant revenue loss and brand reputation damage from these DDoS attacks as cyber criminals look to gain from disrupting the availability of essential services.
Service availability is at risk. The Internet is a shared medium, and malicious DDoS attacks have increased rapidly in the past few years, originating from and targeted at many different locations. Attacks may be generated by ideological groups (hacktivism) for political reasons, by organised criminal syndicates (cybercrime) for extortion and theft, or by foreign military intelligence agencies.
Today, many DDoS attacks are being generated by novice hackers without much expertise, seeking to take anyone or any service off the Internet. When an organisation's services are unavailable to its customer base, it can quickly result in revenue loss, customer frustration and dissatisfaction, and damaged brand reputation.
DDoS attacks using techniques such as SYN Flooding and Fragmentation are evolving rapidly to becoming a big numbers game, with malicious bots or zombie machines directing massive amounts of traffic in unison towards target victims. While high volume DDoS attacks exceeding 100 Gbps are becoming common, effective DDoS solutions need to mitigate at equally massive scale and performance to prevent service interruption. Service availability for Internet-connected applications is critical to enterprises and service providers, yet few good solutions exist that are able to improve the uptime and security of enterprise applications.
Although organisations have strategies in place that mitigate a range of existing security threats, most seem unprepared to address the new breed of DDoS attacks, which leverage large distributed 'botnet' networks of compromised zombie machines to launch simultaneous attacks using compliant protocols that are very difficult to detect and even harder to mitigate at scale. It is clear that additional solutions are needed to complement existing security infrastructure in a layered defence model.
Depending on the DDoS attack type, a victim's Internet connection can become saturated, network security services may become overwhelmed trying to inspect the intense volume of zombie traffic, or application servers can become exhausted trying to respond to the many botnet requests.
Solutions are not easy to integrate. Deploying DDoS protection services in an existing network can be challenging since these may introduce choke points and increase latency for the services they are trying to protect. Service providers often deal with many different network architectures and have invested in an existing security strategy. Network operators want to stick to their choice of network analysis and security detection solutions, and require DDoS mitigation devices that can integrate with and complement solutions from different vendors.
Sign up for Computerworld eNewsletters.