What is a DDoS attack?
This used to be an easy question to answer.
For nearly a decade, DDoS (Distributed Denial of Service) was a basic flood attack that simply tried to overwhelm a connection with traffic with the goal of taking that web property offline. DDoS was a basic attack against availability.
When Arbor Networks first began working with leading web properties fighting DDoS attacks in 2000, “flood” attacks were in the 400Mbps range. Today, they can exceed 100Gbps. The sheer size of the attacks is not all that has changed.
Beginning in 2010, and driven in no small part by groups like Anonymous and the rise of Hacktivism, we’ve seen a renaissance in DDoS attacks that has led to innovation in the areas of tools, targets and techniques. Today, DDoS is a complex attack against availability.
The barrier to entry has been obliterated by new tools that enable anyone with an Internet connection and a grievance to launch an attack. This is a true game changer in terms of the threat landscape and what businesses should consider themselves a potential target of attack. It used to be certain verticals would be likely targets for DDoS, finance, gaming and e-commerce at the top of the list. Today, any business, for any reason, any real or perceived offense or affiliation, can become a target.
Beyond the democratization of DDoS are the advancements in attack techniques and targets. DDoS today is in fact a series of attacks that target not just connection bandwidth, but multiple devices that make up your existing security infrastructure, such as Firewall/IPS devices, as well wide variety of applications that the business relies on, like HTTP, HTTPS, VoIP, DNS and SMTP.
The hottest trend in DDoS today is the multi-vector attack, combining flood, application and state exhaustion attacks against infrastructure devices all in a single, sustained attack. These attacks are popular because they difficult to defend against and often highly effective.
The new realities of DDoS today require a new approach to DDoS defenses. Arbor Networks has been at the forefront of researching and combating DDoS for more than a dozen years. According to Infonetics Research, we are the global market leader, as well as the leader in the Carrier, Enterprise and Mobile market segments.
We believe that the best defensive posture against the modern DDoS threat is a layered approach that combines on-premise and cloud based protections. Only then will your organization be protected against the full spectrum of DDoS attacks.