Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Dynamics 365

    Google

    HP

    IBM

    Intel

    Microsoft

    Microsoft Azure

    Oracle

    Red Hat

    Salesforce

    SAP

    Share Point

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    More
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Symantec
    Editor's Pick (1 - 4 of 8)
    left
    Examining Past and Future DDoS Attacks: What Enterprises Can Do to Prepare

    Tammy Moskites, CIO/CISO, Venafi

    Denial of Service Attacks- From Bandwidth to APIs

    Edward G.Amoroso,

    Where There's Smoke Theres A DDoS Attack

    Evgeny Vigovsky,

    5 Disruptive Trends to Traditional IT Operations

    Aaron Delp,

    Tapping the Cloud to Secure Financial Assets during Disaster Recovery

    Lisa Pope:SVP-Global Strategy & Sales, Infor CloudSuite

    Overcoming Enterprise Security Challenges with Continuous Monitoring in the Cloud

    Sumedh Thakar, Chief Product Officer, Qualys

    right

    DDoS: Are You Prepared?

    By Robb Reck, CISO, and Ping Identity and Sam Masiello, VP and CISO, Teletech

    Tweet
    content-image

    Robb Reck, CISO,

    Distributed Denial of Service (DDoS) attacks are at an all-time high and companies across every vertical are feeling the pain. The internet has been weaponized and is being used to disable and disrupt the services and products being delivered from it. DDoS is a parasite that is damaging the internet from the inside-out. What if the time and money that you spent on data center redundancy and your strategies for site failover were rendered ineffective because a DDoS took it all offline in a matter of moments leaving you unable to service your customers or generate revenue? 

    “The goal for any organization should be to invest the right amount of time and money into protections to manage risk appropriately” 

    Not only are DDoS attacks increasing in frequency, but also in size and complexity. With many attacks leveraging vulnerabilities across multiple internet protocols the time and effort required to identify and apply a mitigation strategy has increased dramatically. The questions then follow: How long will the attack last? Which of our impacted services are most important? How much revenue have we lost? How will our clients view the stability of our relationship as a partner? It is enough to make any leader lose sleep at night.  

    Real Life Consequences - Protonmail  

    Protonmail, an encrypted email service provider, chronicled their own plight recently when their infrastructure was attacked by two separate DDoS groups. These attacks crippled their website, and effectively shuttered their company for almost a week Protonmail noted that the attack that targeted their environment “exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes.” It impacted not only Protonmail’s ability to deliver their service, but dozens of other companies that were impacted as collateral damage. 

    Motivation behind DDoS 

    The motivation behind a DDoS attack falls into: financial gain, political agenda, or mischief.  

    The use of cyber-attacks for financial gain should not surprise anyone as this has been the primary intent of malicious cyber activity for over a decade. Where DDoS lends an interesting twist is that the value to the cybercriminal is not in dropping malware, phishing, and stealing credentials or data. It comes in the form of extortion and corporate espionage. During or even before an attack, it is not uncommon for the person or people behind it to request a ransom payment to either prevent the attack from occurring or to stop it once it has started. Paying the ransom is a dual-edged sword, however because you are effectively negotiating with criminals at that point, which means that they may stop the attack when payment is received or an initial small bounty. Competitors may also use DDoS as a means to promote a negative image of your brand in an effort to build distrust in your ability to deliver service and drive business away. It is widely accepted that this is common practice in some highly competitive markets, such as online gambling.  

    With the rise of (loosely) organized DDoS groups like Anonymous, Lizard Squad, and DD4BC along with the availability of free and low-cost DDoS-as-a-service tools, the barrier to entry for someone who wishes to engage in this type of activity is quite low. This has made DDoS the weapon of choice for many who wish to launch such an attack for fun, to wreak havoc, or to squelch a vocal online minority An example occurred in June of this year when many Canadian

    government websites and systems were taken offline due to DDoS in response to bill C-51 which aimed to enact of a number of measures aimed at banning promotion of terrorism and expanding the power of the Canadian Security Intelligence Service (CSIS). 

    What you should do about it 

    It is essential that IT leaders prepare their organizations for this threat. The goal for any organization should be to invest the right amount of time and money into protections to manage risk appropriately. Too little investment and we leave ourselves vulnerable to unacceptable loss due to attack, but too much investment means that we’re stealing the resources from other critical risks. These four steps provide a framework for protecting your organization. 

    Business impact analysis (BIA). The goal of BIA is to survey the corporate resources that could be attacked from outside and determine what impact to your company would be if they were taken off-line. At the very least, come up with a relative impact rating, to help you determine which resources are most critical to your organization. 

    Be careful not to overlook supportive systems. Your customer-facing website may be the highest profile resource, but there are likely other resources required to maintain that website. VPN concentrators, DNS servers, and load balancers are just some of the infrastructure components that may be essential for the customer-facing site to function, and could be targeted by attackers.  

    Assign recovery time objectives (RTO). RTO quantifies how long your business is willing to go without this resource. It gives you success criteria by which to evaluate your DDoS protection controls. The lower the RTO the more controls you will need to put in place to protect the resources, so making the decision to give everything an RTO of 0 is not only extremely expensive, it’s also impractical. The assignment of RTOs should be performed in coordination with the company’s executive team. This will ensure the RTOs align with the senior leadership’s desires and may make it easier when you request budget for DDoS controls. 

    Implement solutions. Next you should design and implement solutions which facilitate achieving those RTOs. Effective DDoS mitigation solutions require people, process and technology wrapped together. Purely technical solutions are unlikely to be sufficient. Some DDoS mitigation technologies impact performance or usability of the services they are protecting so should not be enabled at all times. Many third party scrubbing solutions charge based on the volume of data send through their environment, so an always-on approach gets expensive very quickly.  

    Consider a tiered approach to DDoS mitigation. 

    1. On the simplest end, look at DDoS protection options built into your firewall, web application firewall or other networking equipment. These can help with some of the simplest attacks. 

    2.  Generally appliances are much more effective than the defenses built into your existing network gear. While on-network protections are essential for continuous protection, they can only do so much. A large scale DDoS can easily overwhelm your internet pipe and make your resources unavailable. 

    3. For the largest attacks it makes sense to partner with a third party scrubbing company. In the event of a volumetric attack you can swing your traffic to the third party. These companies have huge internet connections that can take the attack traffic, filter out the bad, and send the clean data to you. 

    Whichever technical solutions you choose, be sure to wrap the appropriate personnel and processes around them. Employees need to know how to recognize an attack, how to enable any protections that aren’t always on, and how to restore the environment to normal operations. 

    Test your solutions. Optimally, try to perform a series of tests, starting with small discrete tests that focus on validating specific parts of your tiered approach. Discrete tests could include: 

    • Do your firewall’s controls successfully prevent SYN flood attacks? 

    • Does your on-site DDoS appliance successfully prevent low volume attacks? 

    •·Can you determine whether resource performance issues are benign anomalous behavior or indicate an ongoing attack? 

    • Is your staff able to respond to attacks and route traffic to your third party scrubbing service quickly enough to support your RTO? 

    • Is your scrubbing vendor able to mitigate high volume attacks and provide a clean stream of data to your infrastructure? 

    After validating the individual components of the program, the next step is a comprehensive testing strategy. In this step you will need more experienced testers, and will probably want to engage an experienced external firm. A qualified third party can help evaluate all the ploys an attacker may launch, providing your organization with another set of eyes. 

    The results of the testing can fit directly into your continuous improvement process, allowing you to tweak and improve your DDoS controls over time, better mitigating the risks to your organization. 

     Conclusion 

    The trend is clear: DDoS attacks have become a favorite implement in the hackers’ toolbox. The best time to create your DDoS mitigation plan is now, before attackers have knocked your systems off-line. While you cannot eliminate this risk entirely, you can give yourself a fighting chance by: 

    1. Understanding the changing landscape, 
    2. Inventorying your own company’s internet accessible resources,  
    3. Implementing solutions to appropriately protect them, and  
    4. Testing your people, processes and technologies. 

     

    Read Also

    Denial of Service Attacks- From Bandwidth to APIs

    Denial of Service Attacks- From Bandwidth to APIs
    Where There's Smoke Theres A DDoS Attack

    Where There's Smoke Theres A DDoS Attack
    5 Disruptive Trends to Traditional IT Operations

    5 Disruptive Trends to Traditional IT Operations
    Tapping the Cloud to Secure Financial Assets during Disaster Recovery

    Tapping the Cloud to Secure Financial Assets during Disaster Recovery

    Featured Vendors

    Sabre Corporation

    Sean Menke, President & CEO

    Greenview

    Eric Ricaurte, Founder & CEO

    New Editions

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://symantec.apacciooutlook.com/cxoinsights/ddos-are-you-prepared-nwid-1454.html