Application-Layer DDoS Attacks: The Numbers May Surprise You

The largest DDoS attacks get the most attention. After all, they are reaching sizes that were unimaginable only a few years ago.

Peak Attack Size Graph

Network Guardians need to understand that the vast majority of attacks, 88%, are less than 2Gbps. For most enterprise networks, that is larger than their internet facing circuits. As my colleague Tom Bienkowski recently wrote, A DDoS Attack Only Needs to Be as Large as “Your” Network Pipe. DDoS attacks that target business-critical applications are often referred to as “low and slow” attacks. They target applications with what look like legitimate requests until they can no longer respond. According to Arbor’s 12th Annual Worldwide Infrastructure Security Report (WISR),

  • DNS is the most common service targeted by application-layer attacks, reported by 81 percent of respondents.
  • HTTP had been the top targeted service prior to last year, and it still remains very close.
  • Over 80 percent are now seeing application-layer attacks targeting DNS and HTTP services, up from 75 percent last year.
  • Additionally, the proportion seeing attacks targeting secure web services (HTTPS) rose from 47 percent last year to 52 percent this year.
  • Purpose built intelligent DDoS mitigation systems deployed on-premise are the first line of defense against all types of DDoS attacks, especially those targeting Layer 7 applications.

So why consider Arbor for on-premise DDoS protection?

When independent product testing firm NSS Labs conducted its first ever test of on-premise DDoS appliances, Arbor Networks APS earned the highest score for overall security effectiveness and a 100% score for application-layer protection versus an average score of 80%. Highlights from Arbor Networks APS Test Report include:

  • 100% Score for Application-layer attacks across HTTP Get Flood; RUDY (Low and Slow); LOIC; NTP Reflection; 10G DNS Reflection and SIP Invite Flood attacks.
  • 90.8% Score for Overall Attack Mitigation: Across Volumetric, Protocol and Application-layer DDoS attacks.
  • Real-World Mitigation Test: Performed at 20Gbps, as claimed, for “Real-World” Protocol Mix (Data Center – Financial; Data Center – Mobile Users and Applications; Data Center – Web Based Applications and Services and Protocol Internet Service Provider (ISP) Mix).

To learn more, download the NSS Labs Test Report.

Leave a Reply

Your email address will not be published. Required fields are marked *