DDoS attacks can be targeted

Jeremy Nicholls looks at the reseller opportunity around distributed denial of service attacks

For years, enterprises have seen distributed denial of service attacks (DDoS) attacks as a nuisance, something that could and should be handled by their ISP. That is true of volumetric DDoS attacks, which simply try to overwhelm a connection with data, but if a volumetric attack reaches the front door of an enterprise, it is too late.

Volumetric attacks are getting bigger. In 2001, Microsoft, eBay and Yahoo! were taken down by large volumetric attacks that were in the 300Mbps range. Today sustained DDoS attacks may exceed 100Gbps – 10 times the size of most internet backbone pipes.

To deal with DDoS attacks of this magnitude, ISPs are offering clean pipes which should ensure enterprises are able to focus on other operational security issues, such as data integrity, confidentiality and compliance.

Last year, however, saw DDoS moving away from large volumetric attacks to smaller, harder-to-detect attacks that target the enterprise infrastructure itself. Then there is the rise of 'hacktivism' and cheap opt-in DDoS tools.

Existing security infrastructure is not able to protect datacentre assets from small, harder-to-identify application-layer DDoS, as some Fortune 500 companies have discovered.

In my view, everything starts with availability itself. If datacentre assets are unavailable to users, the other layers of security hardly matter.

IPS devices, firewalls and other security products address network integrity and confidentiality, but not network availability. Adding to the threat, IPS devices and firewalls maintain state information for every session between a client on the internet and the corresponding server, which means they are vulnerable to DDoS attacks and often become targeted choke points themselves.

Yet many enterprises and datacentre operators have a false sense of security. They think they have secured their key services against attacks simply by deploying IPS devices or firewalls in front of their servers.

In reality, such deployments can expose organisations to service outages, affecting customer satisfaction and revenue.

Typical users of datacentre and cloud services expect on-demand services. When business-critical services are not available, enterprises and datacentre operators can lose millions of dollars and potentially damage important customer and partner relationships.

VARs have an opportunity here to educate enterprises about dedicated intelligent DDoS mitigation that serves as infrastructure protection for existing products and compliments firewalls and IPS.

To protect against application-layer DDoS attacks, deploy dedicated DDoS mitigation with comprehensive protection against new and evolving threats that secures the availability of services, provides excellent visibility across the whole infrastructure, and detects emerging threats by looking beyond the network edge.

Low-bandwidth, application-layer attacks are difficult to detect, so I believe enterprises will look to their VARs for help.

VARs must be able to demonstrate ability and capacity to protect customers against new and evolving threats, that they can guarantee availability, and that they have visibility of the customer's entire network to ensure that threats are identified and stopped quickly.

Jeremy Nicholls is EMEA director of channels at Arbor Networks