DDoS MITIGATION BEST PRACTICES

Similar documents
AKAMAI CLOUD SECURITY SOLUTIONS

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

Analisi degli attacchi DDOS e delle contromisure

Cyber Threat Landscape April 2013

Enterprise D/DoS Mitigation Solution offering

Preparing your network for the next wave of innovation

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

IBM Cloud Internet Services: Optimizing security to protect your web applications

DDoS: Evolving Threats, Solutions FEATURING: Carlos Morales of Arbor Networks Offers New Strategies INTERVIEW TRANSCRIPT

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Machine-Powered Learning for People-Centered Security

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Safeguard Your Internet Presence with Sophisticated DDoS Mitigation.

AT&T Endpoint Security

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Arbor White Paper Keeping the Lights On

Security by Default: Enabling Transformation Through Cyber Resilience

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

WHITE PAPER Hybrid Approach to DDoS Mitigation

Intelligent and Secure Network

HP Fortify Software Security Center

White Paper. How to Write an MSSP RFP

Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

Cisco ASA 5500 Series IPS Edition for the Enterprise

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

The Honest Advantage

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

RSA NetWitness Suite Respond in Minutes, Not Months

Protect vital DNS assets and identify malware

Imperva Incapsula Product Overview

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Neustar Security Solutions Overview

THE IMPLICATIONS OF PERFORMANCE, SECURITY, AND RESOURCE CONSTRAINTS IN DIGITAL TRANSFORMATION

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

IT SECURITY FOR NONPROFITS

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

Arbor Solution Brief Arbor Cloud for Enterprises

align security instill confidence

SIEM: Five Requirements that Solve the Bigger Business Issues

Mastering The Endpoint

Traditional Security Solutions Have Reached Their Limit

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Build Your Zero Trust Security Strategy With Microsegmentation

How to Write an MSSP RFP. White Paper

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

SIEMLESS THREAT DETECTION FOR AWS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Multi-vector DDOS Attacks

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

A GUIDE TO DDoS PROTECTION

Security for SIP-based VoIP Communications Solutions

CABLE MSO AND TELCO USE CASE HANDBOOK

Why DDoS Makes for Risky Business and What You Can Do About It

to Enhance Your Cyber Security Needs

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Panda Security 2010 Page 1

RSA INCIDENT RESPONSE SERVICES

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Accelerating the Business Value of Virtualization

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Putting security first for critical online brand assets. cscdigitalbrand.services

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Toward an Automated Future

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Why Enterprises Need to Optimize Their Data Centers

Perfect Balance of Public and Private Cloud

Keys to a more secure data environment

BUILDING A NEXT-GENERATION FIREWALL

HOSTED SECURITY SERVICES

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

CYBER RESILIENCE & INCIDENT RESPONSE

Integrated Access Management Solutions. Access Televentures

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Transcription:

DDoS MITIGATION BEST PRACTICES

DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According to Arbors Network s 10th Annual Worldwide Infrastructure Security Report, organizations of all types and sizes faced disruptive DDoS threats to their business during 2014. Nearly half of all enterprises in the report were hit with DDoS attacks during the survey period, with almost 40 percent of those seeing their Internet connectivity saturated. With DDoS attacks becoming the number one operational threat to businesses, now is the time to become familiar with DDoS Attacks and what you can do to prevent them. What are DDoS Attacks? A DDoS attack is simply an attempt by an attacker to exhaust the resources available to a network, application or service so that genuine users cannot gain access. The majority of attacks that we see today are what we call Distributed DoS (DDoS) attacks these are just DoS attacks launched from multiple different hosts simultaneously; and, in the case of a botnet, we could be talking about 10s, 100s or even 1,000s of machines. DDoS attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories: 1. ATTEMPT TO CONSUME THE BANDWIDTH either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion. 2. ATTEMPT TO CONSUME THE CONNECTION STATE TABLES which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks. 3. TARGET SOME ASPECT OF AN APPLICATION OR SERVICE AT LAYER 7. These are the most critical type of attack as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to pro-actively detect and mitigate). These attacks have become prevalent over the past three or four years. Simple application layer flood attacks (HTTP GET flood etc.) have been one of the most common DDoS attacks identified. Within these categories the actual attack vectors being used are evolving continuously. There has been a dramatic acceleration of innovation on the part of the hacker community. Hackers are coming up with new and more complex attack tools on a regular basis and it appears that no one is safe from attack. 42% of companies surveyed this year reported more than 21 attacks per month. Compared to 25% in 2013. Source: Arbor Network s 10th Annual Worldwide Infrastructure Security Report The DDoS landscape continues to change considerably and organizations are unprepared to deal with today s threats as highlighted by the number and severity of DDoS attacks reported in 2014. 2 DDoS MITIGATION BEST PRACTICES

WHY ARE DDoS ATTACKS PERVASIVE? Over the past year we have seen the types and sizes of organizations being targeted broaden substantially. It s not just financial institutions and gaming sites being targeted, recently we ve seen government departments hit, e-commerce sites and even pizza delivery companies targeted. Why this change? Well, here are a few reasons: + Easy to launch Anyone can download and launch an attack. The availability and awareness of attack tools have made DDoS attacks accessible to any person, organization or state looking for a way to impact another Internet user. Also, we should not assume that attacks generated by individuals will only be effective against another individual; some of the attack vectors incorporated in the readily available attack tools are stealthy and complex, and are effective against commercial systems with just a single attack source if these systems are not configured or protected appropriately. More of a concern though is what happens when many people download the same tool and direct it towards a common target. In this case we effectively have a volunteer botnet and more significant volumes of traffic can be generated, impacting larger and better protected targets. + Inexpensive to outsource It s easy to hire a botnet to carry out a DDoS campaign on your behalf. Numerous sites offer this service and the rates are very reasonable $5 per hour, $40 per day. This has led to the use of DDoS attacks as a competitive weapon between rival businesses. + Devastating to business Some attacks are still motivated by extortion, blackmail and business competition while others want to purely gain an advantage in a virtual gaming world, but recently ideological hacktvism and Internet vandalism have come to the forefront as motivations. According to a 2011 Arbor Network s Worldwide Infrastructure Security Report, ideological hacktivism and Internet vandalism were voted the number one and two motivations behind attacks monitored by network operators responding to the survey. A botnet can carry out a devastating DDoS attack for as little as $40 per day 3 DDoS MITIGATION BEST PRACTICES

HOW TO REDUCE OR MINIMIZE ATTACKS What should you do to protect your business from the DDoS threat? There are a number of things that you can do to reduce your threat surface and minimize the impact of any attack that include: + Understand the types and volumes of traffic on your network Know where traffic comes in, where it goes out, what it is etc., and understand your typical traffic for a given time of day and day of week. With this level of traffic visibility at layers 3, 4 and 7 you can proactively identify changes from the norm and recognize an attack or reconnaissance activity prior to an attack. If you know something is happening, or about to happen you can alter your security posture appropriately. + Establish a contact list before you re compromised If you are under attack, or feel an attack is imminent, knowing who to call is very important (but often overlooked). It is imperative that we know who within our organizations, our service providers and our managed security partners is there to help us and how we should contact them. If you don t have this information at hand, or the information is outdated, your ability to respond has already been compromised. + Develop an incident handling process Insist on a documented process for interactions with any managed security service partners. Having an incident handling process provides an important structure for dealing with an incident, when stress levels can be high. These processes allow incidents to be dealt with more quickly and can prevent people from taking risks with security to try and solve an immediate problem (DDoS has been commonly used as a smoke screen for data exfiltration). + Practice and test attack scenarios Ensure your staff practices the incident handling process. Make sure all of the tools for defending against an attack are at your disposal and operating effectively and efficiently. Just having an incident handling process isn t enough it must be regularly tested and proven to work. DDoS attacks have become a standard component of larger campaigns, often serving as a distraction or smoke screen for other malicious activity. Gary Sockrider, Solutions Architect at Arbor Networks 4 DDoS MITIGATION BEST PRACTICES

HOW TO REDUCE OR MINIMIZE ATTACKS + Block access effectively If you operate online services, restrict access to only the protocols and ports which are required. If you have a large number of repeat users or important customers, develop a whitelist of their IP addresses so that their traffic can be passed during an attack even if everything else must be dropped. Getting visibility of the traffic on your network will help identify the ports, protocols and repeat users for restricting access. + Use your infrastructure wisely If you need to restrict access to an on-line service or block attack traffic should you use your firewalls? You can, but many routers and switches support stateless Access Control Lists, implemented in hardware. This makes them ideal for controlling the traffic reaching your servers enforcing a white-list. And, can even be used to drop the traffic from sources identified as sending attack traffic. Dropping traffic here, rather than on any stateful firewall reduces your threat surface. Firewalls can exhaust their state tables and some attacks exploit this routers and switches do not have this issue. + Leverage your relationships with your service providers Blocking traffic before it reaches your network perimeter protects your upstream links from becoming saturated during an attack. Some service providers have automated processes whereby customers can have traffic to/from particular sources blocked in this way. All of these best practices can help you minimize the impact of DDoS attacks but they only provide partial protection from the threat. Your online services are vital to your company and DDoS attacks can render these services inaccessible to your customers, damaging your reputation and resulting in devastating losses to your business. To effectively defend against DDoS attacks you need to focus on mitigating DDoS attacks. There are generally two approaches for an organization to defend against DDoS attacks: deploy defense with your internal resources (a DIY defense) or use a cloud-based service. A DIY defense allows you more control with your IT team bearing the responsibility. This approach requires your organization to invest in tools and technical expertise. Many organizations already struggling with tight IT budgets and staffing opt to leverage the services of a cloud-based DDoS service. Key IT Challenges Communication issues during the critical stages of a DDoS attack between business leaders and IT often hamper effective defense. Planning and testing for DDoS attacks are inadequate and result in confusion and prolong the damage of an attack. Staffing issues resulting in a lack of technical expertise and operational experience to respond to DDoS attacks. Defense against DDoS attacks relies primarily on existing security services that are less effective than a focused DDoS mitigation service. 5 DDoS MITIGATION BEST PRACTICES

SELECT AN EFFECTIVE DDoS DEFENSE DDoS attacks are becoming more sophisticated and continually evolving in intensity, scale and scope. Companies of all sizes are having difficulties keeping up with the changing DDoS landscape and many are leveraging cloud-based DDoS mitigation services as an affordable solution that doesn t require capital investments. Additional benefits of a cloud-based DDoS mitigation service include the following: + Upstream location With defense upstream traffic in an attack is blocked before it can saturate your organization s connection. This minimizes impact to your company s Internet bandwidth and allows legitimate traffic and your business to continue. + Visibility Leveraging a service provider and their tools for analyzing your network traffic makes it easier to assess your network traffic and establish a baseline to accurately differentiate between normal and malicious traffic. + Management By using a cloud-based mitigation service, your organization gains access to a robust 24 x7 security operation team with the latest tactics to defend against evolving DDoS exploits. + Availability and Scalability Your organization gains the availability, infrastructure, network services and backup strategies of your DDoS mitigation service provider. In a paper evaluating DIY and cloud-based service, Nemertes Research recommended-cloud base defense due to the unique nature of DDoS and the significant differences between the two options. 1 Relying on a cloud-based service enables your organization to cost effectively protect your online services with industry experts in DDoS attack mitigation while allowing your IT resources to focus on more strategic aspects of your business. Keeping your organization secure requires a comprehensive plan that includes defense against DDoS attacks. Evaluate and update your comprehensive cyber security plan regularly and be sure you deploy the best solutions to protect your organization. CONTACT US (877) 953-7747 ABOUT ELECTRIC LIGHTWAVE Electric Lightwave, an Integra company, serves as a trusted network infrastructure partner to enterprises, government agencies and carriers in select markets throughout the western United States. We combine dense metro and intercity fiber assets, enterprise-grade network solutions, including Ethernet, Wavelengths and IP, with a highly responsive and easy to do business with approach. Electric Lightwave offers a premium service experience to match our premium network infrastructure solutions. VISIT US AT: electriclightwave.com 1 http://www.business.att.com/content/whitepaper/nemertes-dn2400-att-ddos-issue-paper.pdf 6 DDoS MITIGATION BEST PRACTICES

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback