Normal service not resumed
With DDoS attacks increasing in frequency and variety, we examine what the future holds for businesses and the resellers that provide their security
The security channel could have the chance to cash in as their client bases find themselves in the firing line with distributed denial of service (DDoS) attacks becoming easier to perpetrate and their targets diversifying.
Security breaches have rarely been out of the news in the past couple of years. High-profile victims of DDoS in 2011 alone include Visa, MasterCard, PayPal, Sony PlayStation, the Hong Kong Stock Exchange and even the CIA.
A quarterly report published this month by DDoS protection services specialist Prolexic states that the total number of DDoS attacks worldwide grew by 25 per cent year on year during Q1. The financial services space found itself increasingly bombarded, with Prolexic mitigating more attack traffic for its customers in this sector during Q1 2012 than it did in the whole of last year.
Neal Quinn, chief operating officer at the Floridian vendor, said: "There is a lot of activism and social protest targeting the financial services industry and we are starting to see that used in a lot of different countries. A lot of people like to talk about Anonymous, but a lot of [hackers] are organising not so much under any [particular] banner any more."
Quinn claimed we can expect more attacks to be launched against Fortune 500 firms and their ilk. But he warned that mid-market firms and even SMBs should take the threat seriously as launching an attack becomes much easier, even for individuals.
"[Attacks] happen at all levels and it is becoming mainstream," he added. "It is relatively easy for an internet user to hire a botnet and we will see more and more disgruntled users, customers and ex-employees [launching attacks]."
Steve Palmer, senior product manager at integrator Azzurri, claimed that DDoS attacks will become an "all-pervading threat to all types of businesses". He agreed that an increased threat will come from individuals buying attacks to order.
"The growth of free mobile apps across Android and iOS is a big deal too," he added. "Many contain Trojans that can be utilised by bots to fire off repeated small data packets which, cumulatively, will bring down a site."
Andre Stewart, vice president of sales at Corero, said one of the vendor's clients in the online gaming space has, in the past few years, seen the number of attempted attacks it suffers grow from once a quarter to two or three a week.
He claimed that almost a third of enterprises in the US and UK have come under attack at some point.
"This is the fastest-growing problem in security at the moment," he said. "[The market] is much smaller than firewall or IPS, but it is growing fast."
Short and sour
The Prolexic study picks out the rise in shorter attacks with higher bandwidth as the key trend to look out for this year. Between Q4 2011 and Q1 2012, the average attack duration fell from 34 to 28.5 hours, with bandwidth rising from 5.2Gbit/s to 6.1Gbit/s.
The 2011 Worldwide Infrastructure Security Report from Arbor Networks is another recent piece of research to point towards the increasing pervasiveness of DDoS attacks, and the changing vectors of how they are carried out and what is fuelling them.
The ISPs and IT service providers surveyed by the vendor indicated that attacks on their customers represent the biggest operational threat, having been cited by more than 70 per cent of respondents. Attacks on their own infrastructure or services were singled out by about 40 per cent.
The research also shines a light on the changing motivations behind attacks. Some 35 per cent of respondents cited political or ideological reasons. Perhaps more worryingly, 31 per cent picked out nihilism or vandalism as a key reason for attack.
But, according to Corey Nachreiner, director of security strategy at vendor Watchguard, commercial enterprises outside the very top-end enterprise arena are more likely to be targeted by criminally minded attackers than so-called hacktivists.
"While hackitivists launch huge-scale DDoS attacks to get noticed, criminal hackers use DDoS attacks to make money," he said. "These money-motivated attackers launch more subtle, small-scale DDoS attacks against smaller targets, in the hope of extorting them. They purposely limit the scale and target of their targets and traffic in order to avoid the authorities and the media."
Channelling business
With so many businesses and government bodies coming under attack, it is clear the opportunities for the security channel are huge. But how can resellers help their customers prevent or mitigate attacks while ensuring lucrative sales?
Prolexic's Quinn explained that, for many businesses, "the assumption is that a DDoS attack is going to happen".
"What we do is prevent the outage associated with one," he added.
Laura Harman (pictured), UK sales director at Avnet Technology Solutions, claimed that providing customers with a mitigation offering as a service could prove fruitful for VARs.
"Business partners involved in mid-market security should look to offer customers attack control services in terms of rapid response units," she said. "Mid-market enterprise datacentres will find it easier to insure against DDoS attacks out of operating expenses than justifying the capital expenditure required to purchase mitigation systems of their own. DDoS is an opportunity for business partners to sell a service supported by distribution on an annual basis with healthy margins."
Ian Kilpatrick, chairman of distributor Wick Hill, claimed that website protection and end-point protection are key offerings for the channel, particularly given the rise of BYOD.
"[There is also] DDoS protection - you need something that will recognise the attack and throttle the assault," he said. "Many defences, including many firewalls, just shut down to protect the infrastructure behind it. This of course makes the attack self-fulfilling. If you shut down to defend it, you are carrying out your own denial of service to your users."
Stewart at DDoS prevention specialist Corero claimed many big-name vendors - including Fortinet, Palo Alto, F5 and Kaspersky - are making a lot of noise about DDoS. But Corero considers only Arbor Networks and Radware as true rivals.
"There are a number of products that say they do DDoS, but there are very few sophisticated solutions out there," he explained.
With most end users unable to protect themselves, or unsure of how to do so, the opportunities for the channel look set to grow.
Simon Leech, EMEA pre-sales director at HP Enterprise Security, said: "Protecting against DDoS attacks is a different kind of security to keeping up to date with patch management, installing AV, or managing a perimeter firewall. Many organisations are simply not able to protect against this sort of attack."