Arbor Networks 10th Annual Worldwide Infrastructure Security Report Finds 50X Increase in DDoS Attack Size in Past Decade
Size, complexity and frequency of attacks continue to rise, customer infrastructure and data centers have become prime attack targets
Burlington, Mass., January 27, 2015 – Arbor Networks, Inc. today released its 10th Annual Worldwide Infrastructure Security Report (WISR) offering a rare view into the most critical security challenges facing today’s network operators. Now in its tenth year, the WISR survey includes detailed information on the threats and concerns of both service providers and enterprises. This annual report is intended to highlight the key trends in the threats and concerns facing organizations, and the strategies they adopt to address and mitigate them.
The threat landscape then and now:
- Mostly a nuisance and nothing more than an independent event a decade ago, distributed denial-of-service (DDoS) is now a very serious threat to business continuity and the bottom-line. DDoS attacks today are now components of complex, often long-standing advanced threat campaigns.
- Application-layer attacks were experienced by 90 percent of respondents in 2014. Ten years ago, 90 percent of respondents cited simple “brute force” flood attacks as the most common attack vector.
- The human element continues to be a factor in defensive capabilities – not just today, but throughout the last ten years of WISR reporting. Just in the past year alone, 54 percent of respondents reported difficulty hiring and retaining skilled personnel within their security organizations.
- The largest DDoS attack reported in 2014 was 400Gbps; ten years ago the largest reported attack was a mere 8Gbps.
Arbor’s long-standing customer relationships and reputation as a trusted advisor and solution provider make this report possible each year. Click here (registration required) to access the Arbor Networks 10th Annual Worldwide Infrastructure Security Report.
“Arbor has been conducting the Worldwide Infrastructure Security Report survey for the last 10 years and we have had the privilege of tracking the evolution of the Internet and its uses from the early adoption of online content to today’s hyper connected society,” said Arbor Networks Director of Solutions Architects Darren Anstee. “In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files. Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating – the stakes are much higher now. “
2015 WISR KEY FINDINGS:
Attacks are Growing in Size, Complexity and Frequency
- Use of reflection/amplification to launch massive attacks: The largest reported attack in 2014 was 400Gbps, with other large reported events at 300, 200 and 170Gbps with a further six respondents reporting events over the 100Gbps threshold. Ten years ago, the largest attack was 8 Gbps.
- Multi-vector and application-layer DDoS attacks are becoming ubiquitous: 90 percent of respondents reported application-layer attacks and 42 percent experienced multi-vector attacks that combine volumetric, application-layer and state exhaustion techniques within a single sustained attack.
- DDoS attack frequency is on the rise: In 2013, just over one quarter of respondents indicated they had seen more than 21 attacks per month; in 2014, that percentage has nearly doubled to 38 percent.
Enterprises Are Under Assault
- DDoS and advanced threats are increasingly common: Nearly half of respondents saw DDoS attacks during the survey period, with almost 40 percent of those seeing their Internet connectivity saturated.
- Firewalls and IPS devices continue to be targets for attackers: Over one third of organizations had Firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.
- Cloud services are a bull’s-eye for attackers: Over one quarter of respondents indicated that they had seen attacks targeting cloud services.
- Security incidents are up but enterprises are not fully prepared to respond: Just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year. 40 percent of respondents felt reasonably or well prepared for a security incident, with 10 percent feeling completely unprepared to respond to an incident.
Data Centers are a High-Volume, High-Impact Target
- Over one third of data center operators saw DDoS attacks which exhausted their Internet bandwidth. This underscores just how critical of an issue this continues to be for data center operators: downtime means not just lost business for the data center operator, but the collateral damage extended to their customers operating business critical infrastructure in the cloud.
- Operational expense is the top cost attributed by data center operators to DDoS events. This shows the increasingly high costs of defending against growing attacks and the priority data center operators place on DDoS mitigation.
- Revenue loss due to DDoS is up sharply: 44 percent of data center respondents experienced revenue losses due to DDoS.
- Just under half of respondents indicated they had their firewalls experience or contribute towards an outage due to DDoS. This is up from 42 percent last year. Load balancers also saw issues, with over one third of respondents seeing these fail due to DDoS, in the last year.
Survey Scope & Demographics
- 287 responses, up from 220 last year, from a mix of Tier 1 and Tier 2/3 service providers, hosting, mobile, enterprise and other types of network operators from around the world.
- Looking back to ten years ago, the WISR had 36 respondents – so the data presented in the WISR is now significantly more representative across a broader range of geographies and network operator types.
- More than 60 percent of respondents this year are service providers with around 30 percent of respondents from enterprise, education or government organizations, providing a global view into the traffic and threats targeting their networks, services and customers.
- Data covers November, 2013 through October, 2014.
- Download the full report here (registration required)
- Attend this webinar for a deeper dive on the WISR key findings
- Watch this video interview with Darren Anstee for an overview of how the threat landscape has changed in the past ten years of WISR reporting
- Visit the Arbor Networks blog for a summary of key findings
- Download WISR infographics on the Arbor Networks Pinterest page
- Visit the Arbor Networks SlideShare page to download the WISR presentation
- Like us on Facebook and follow @arbornetworks and the #WISR hashtag on Twitter for more key findings
About Arbor Networks
Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of on-premise DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver comprehensive network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context - so customers can solve problems faster and help reduce the risk to their business.
To learn more about Arbor products and services, please visit our website at arbornetworks.com. Arbor’s research, analysis and insight, together with data from the ATLAS® global threat intelligence system, can be found at the ATLAS Threat Portal.
Trademark Notice: Arbor Networks, the Arbor Networks logo, Peakflow, ArbOS, Pravail, Cloud Signaling, Arbor Cloud, ATLAS, We see things others can’t.TM and Arbor Networks. Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners.