DDoS Attacks, The Necessity of Multi-Layered Defense
DDoS attacks are larger than ever. Our 9th annual Worldwide Infrastructure Security Report illustrates this point very clearly with the largest reported DDoS attack in 2013 clocking in at 309 Gbps. ATLAS data corroborates the report, with 8x the number of attacks over 20Gb/sec monitored in 2013 (as compared to 2012). And, 2014 is already shaping up to be a big year for attacks with a widely reported NTP reflection attack of 300Gbps+, and multiple attacks over 100Gbps, in early February.
However large bursts of traffic designed to cause network/link congestion are not the only type of DDoS attack. DDoS is more complex than that.
Application-layer and state-exhaustion attacks make up 24% and 20% of attacks respectively, according to Arbor’s 9th annual Worldwide Infrastructure Security Report, and 86% of survey respondents had monitored application-layer attacks on their networks – illustrating how widespread these more sophisticated attacks have now become.
Application-layer attacks can be difficult to proactively detect in the cloud, as they can be difficult to differentiate from genuine traffic, leaving the availability of services at risk. Even with a cloud-based detection/mitigation service that can react quickly (10-15 minutes), the exposure of our infrastructure to application-layer and/or state-exhaustion attack vectors can lead to lengthy service recovery times, as the impact of an attack to systems may not self-resolve when the attack is mitigated e.g. firewalls may need a reload etc..
What’s needed to prevent this is a multi-layered defense. On-premise protection at the network perimeter can react immediately to prevent infrastructure and service availability being impacted by an application-layer or state-exhaustion attack. But, on-premise protection does not provide a complete solution; an attack can escalate in size, saturating Internet connectivity, at which point network perimeter defenses will not help. A cloud-based service is required to deal with higher magnitude attacks, where sufficient capacity and capability exists to deal with high-volume attacks.
Ideally these two defensive layers should work together, using similar technologies and exchanging information, to provide an integrated solution. Only with this multi-layered defense in place is a network fully protected from DDoS attacks. It is for this reason we developed the Pravail Availability Protection System and Cloud Signaling, a multi-layered DDoS solution that integrates on-premise protection with cloud-based mitigation services.