DDoS Wars, Episode II: The Network Strikes Back

This is part 2 of Srini CR’s post on the new era of cybersecurity. Read part 1.

DDoS attacks are becoming increasingly sophisticated and malicious, as cyber criminals hold businesses to ransom, threatening to bring corporate networks down for days or even for weeks by bombarding their networks with disruptive traffic during their most profitable periods.

Furthermore, while DDoS attacks are not, strictly speaking, to be confused with hacking, which involves infiltrating a network rather than simply choking it into submission, the two can be combined to devastating effect.

A successful DDoS attack can render the network operator powerless to protect their systems, making them more susceptible to a full-scale network breach. Consequently, there have recently been examples of companies effectively being held to ransom under the threat of a DDoS attack in exchange for sums of bitcoin and other forms of extortion.

Given the nature of DDoS attacks, the best form of defence is attack. Rather than waiting for attacks to hit your network and relying on the ability of your security system to stand up to them, best practice is to anticipate them, and deal with them in real-time. This process is known as scrubbing.

Designated scrubbing centres take care of the heavy lifting when it comes to mitigating and breaking up attacks. Scrubbing ensures the network layers act as the first line of defence. Incoming traffic is monitored and cleansed in real-time. Clean traffic is then routed into the network, whereas traffic that is considered threatening is routed back to the source.

This approach means that legitimate traffic always gets through, and malicious traffic is mitigated at the source rather than near the target network, so it does not choke bandwidth.

Tata Communications has 15 scrubbing centres across the globe. A team of skilled engineers monitor attacks close to the botnet and DDoS heatmap. The attack is broken down in manageable chunks rather than tackled when it has gathered too much momentum. Yet, scrubbing should only be considered the first line of defence.

IT managers also have monitoring proxy services, network and web application firewalls, VPN protection and securing virtual gateways to think about. Ideally, these should be delivered as part of a comprehensive managed security service. This can be achieved by delivering security services from the cloud, giving IT managers greater flexibility and choice in terms of the services and pricing models available to them.

Providing security as a managed service with cloud-based solutions such as Distributed Denial of Service as a Service (DDoSaaS), Firewall as a Service (FwaaS), Virtual Private Network as a Service (VPNaaS) and Security Information and Event Management as a Service (SIEMaaS) has numerous benefits for businesses.

As well as the peace of mind of knowing that all aspects of security are being proactively managed by a team of dedicated experts, a managed security service also gives IT managers a single point of contact for their security needs. This removes the administrative strain of multiple contracts, and the prospect of being passed around the houses when trying to solve a problem.

In conclusion, best practice to fight DDoS follows common security rules of thumb. As with any type of cyber threat, enterprises should expect to be hit by a DDoS attack, so preventative measures are key. Protecting the network is a living, breathing operation – you need to constantly seek out the next DDoS wave on the network and strike back before your business comes under attack.