Gone are the days when you could get away with doing nothing to prepare for DDoS attacks. With the cost of DDoS attacks falling and their frequency and sophistication growing, even organizations that think their profile is too low to worry about DDoS can still become victims.
Even organizations that think they’re protected against DDoS attacks may be more at risk than they think. We’ll look at two common solutions that may not be as protective as organizations think, and then we’ll discuss what effective DDoS protection looks like.
See our Guide to the Types of DDoS Attacks
Blackholing: An Insufficient DDoS Solution
During a DDoS attack, a common strategy in the past was to blackhole the targeted IP to avoid collateral damage to adjacent IT infrastructure. The blackholed IP would be inaccessible until the blackhole was removed, usually after 24 hours.
This approach persists to this day, with some organizations considering it sufficient to meet their needs. However, there are limitations to this strategy.
When CISOs evaluate their IT infrastructure, they assign scoring priorities to different systems. Lower-priority systems can be blackholed for short periods of time. However, the reliance of systems on each other has increased significantly, with APIs, microservice architecture, and other interdependencies. As a result, what was previously considered expendable is no longer the case.
And with so much at stake, including revenue, branding, and SEO ranking, there are increasingly fewer scenarios in which blackholing will suffice. Therefore, relying solely on blackholing as a DDoS protection strategy is no longer sufficient in today’s complex and interconnected IT landscape.
Outsourcing DDoS Protection May Not Adequately Control Risk
IT managers may be inclined to outsource their DDoS protection to their ISP or cloud service provider. It’s understandable that they would want to offload this responsibility to another organization, freeing up their own internal resources. However, there are risks associated with this approach.
DDoS mitigation capabilities among service providers vary greatly, ranging from simple blackhole services to basic ACLs or rate limiting. Some providers are unable to deal with protocol or application layer attacks.
While more advanced L3-L7 DDoS mitigation services may be available from some ISPs or cloud vendors, response times to an attack tend to be slow. Additionally, cloud users may require additional services, such as cloud firewalls, load balancers, and more instances, which can significantly increase costs.
Moreover, outsourcing DDoS protection may give IT managers a false sense of security. They may assume that their service provider is taking care of everything, when they may only be offering basic protection. In such cases, organizations may be vulnerable to more sophisticated attacks, leaving them exposed to significant damage. Thus, it’s important for IT managers to understand the capabilities of their service providers and ensure that they have appropriate measures in place to protect their infrastructure from DDoS attacks.
Also read: Cloudflare Blocks Record DDoS Attack as Threats Surge
What a Good DDoS Strategy Looks Like
As organizations develop their cyber security playbooks, it’s essential that they include a strategy for dealing with DDoS attacks. Good preparation against DDoS attacks involves a multi-layered approach that includes technical and organizational measures.
While next-generation firewalls (NGFWs) can provide some level of DDoS protection, they are not suitable for large-scale or sophisticated DDoS attacks due to their limited capacity. On-premises solutions like firewalls are vulnerable to state-exhaustion attacks, cannot protect cloud-hosted applications, and they create bottlenecks during large attacks.
One effective approach to DDoS protection is to incorporate an automated, AI-based solution into the playbook. Automated solutions can respond quickly and without the risk of human error, and they are always up to date with the latest threat intelligence.
Also, a hybrid solution, combining on-premises and cloud DDoS protection, can add extra protection. By filtering traffic in real-time, it maximizes the benefits of both on-premises and cloud-based solutions, providing better protection against DDoS attacks. The on-premises DDoS protection applications mitigate attacks locally until they reach a predefined threshold. Once this threshold is reached, the cloud DDoS protection solution kicks in, filtering out malicious traffic in real-time so that only legitimate traffic reaches the enterprise.
By combining an on-premises and cloud-based solution, enterprises can maximize the benefits of both IT security strategies, getting better protection against DDoS attacks than either an on-premises or a cloud-based solution alone.
By implementing a comprehensive DDoS strategy, organizations can minimize the impact of attacks and ensure that their systems remain secure and available, even in the face of a sophisticated and targeted DDoS campaign. If your organization depends on web-facing assets, you can’t afford to go without a DDoS strategy.
More on DDoS: