2014 will be a pivotal year for Enterprise Security professionals. Large scale Denial of Service ( DoS ) and Distributed Denial of Service attacks ( DDoS ) have been increasing over the years, which is nothing new. As technology evolves, including faster machines and cheaper bandwidth, attacks will also evolve just as fast if not a little faster. What is alarming is the dramatic increase in the size of these DoS and DDoS attacks over the last year. These attacks are nothing to sneeze at, and in fact, are down right scary. Most of these attacks can cripple even the biggest of Enterprises due to their sheer size. This will require Enterprise Security professionals to take a serious look at their security plans for 2014.
2013 saw the largest DDoS attack on record, with the 300gbps attack on the Anti-Spam site Spamhaus. 2014 has also started off quickly with a large NTP reflection attack. Jaeson Schultz has a great article on this topic, available here. This isn’t the start of the year the Enterprise Security professional wants to see. But it’s a real threat, and any Enterprise needs to have plans in place to handle this type of situation so can keep service available for their clients.
How Enterprise Security professional handle this type of nightmare can lead to some sleepless nights. With the amount of bandwidth increasing in these attacks every day, as well as the complexity of these attacks, Enterprises are having increased trouble on the best way to handle. Since most, if not all Enterprises, simply just do not have enough bandwidth or infrastructure available to handle this type of attack in-house, working with 3rd party companies that handle this sort of business is a must. Enterprises would need to continually grow their bandwidth and infrastructure just to handle these incidents, which may or may not happen. Budgets for this infrastructure increase are just not possible in most Enterprises, as well as the man power to keep up with it. That is why finding a good 3rd party to partner with were this type of scenario is their niche.
There are many companies out there that handle just this type of attack. These companies are constantly increasing their bandwidth and infrastructure to handle the future of DoS and DDoS attacks, as well as studying how these attacks are being done so that they can continue to protect against them. In my many years in the Enterprise Security field, I have learned some valuable lessons. One of these lessons being is that in some cases, partnering with a 3rd party is the best business decision. Let them handle the infrastructure side, and you can then focus on other security needs. Creating a detailed security playbook with these companies will help for a smoother incident handling should this happen to your Enterprise. Like any other situation, proper planning and attention to detail can definitely help minimize the impact of these attacks should have your Enterprise. You definitely don’t want to start thinking about mitigation during the event.
A colleague’s client was a victim of that NTP attack. Do you have recommendations or a process to qualify 3rd party companies to supplement and audit services?
Thanks John!! As for recommendations, I think it depends on the size of the attack. Prolexic is one of the best out there, but may be too “big” for their needs. There are lots of little ones out there, like DOSarrest and Neustar that I have had success with in the past. Some large ISP’s offer these services too, like Verizon. If you have a single provider, this may be an option too.
As for how to find the best one, I tend to look at their customers, and what types of attacks they have protected against in the past. I also tend to see if the vendor puts out whitepapers and such on past/present attacks and future trends. This way I know they are doing their due diligence. Hope that helps!!
Thanks for sharing Jason. It’s not surprising to see more businesses are looking to install DDoS protection techniques as DDoS attacks become more frequent and complex. The best way to avoid being the victim of such an attack is to have a good defensive measure in place to stop this from happening to your business.