Cloud Computing & Web Services f Matt Grech hApril 25, 2016

A Quick Guide to Understanding DDoS Attacks and Mitigation Methods

With businesses relying so heavily on an internet presence, it’s incredibly crucial to ensure you have the proper DDoS protection from any forms of attack. Distributed Denial of Service (DDoS) invasions are some of the simplest forms of virtual attacks to carry out with an ever growing number of easily accessible tools, but can also bring the biggest threat. DDoS attacks can be carried out by simple web services, yet are capable of bringing down even the most stable servers. Designed to overwhelm services with requests, these attacks prevent public access and halt any potential operations or sales.

Many businesses, especially smaller in size, are unable to establish independent protection against these types of attacks, or obtain DDoS Secure servers. However, as the threat of attack rises, so does the availability of outside help. In their annual worldwide Infrastructure Security Report, Arbor Networks recognized a significant demand from customers for DDoS detection and protection, up to 74% from the previous year’s minuscule 4%.

What exactly are DDoS attacks and how do you protect your business from falling victim to ruthless invasions?

Methods of DDos Attack

Seemingly simple in theory, DDoS attacks can utilize different methods of flooding your servers making it more difficult to determine the source and method of invasion.

Why do you need DDoS protection?

In their security report, Arbor Networks determined a significant rise in DDoS attacks from previous years. In 2015, 44% of Service Providers have noted more than 21 attacks per month, an increase from the previous 38%. With a demand for constant connectivity and instant access, customers could be deterred from your service if DDoS attacks are always bringing your website down. In the VOIP industry alone, the report concluded the number of DDoS attacks on providers has risen from only 9% of all attacks in 2014 to 19% in 2015.

Top motivation behind DDoS attacks seems to be “criminals demonstrating attack capabilities,” with “gaming” and “criminal extortion attempts” trailing not too far behind, according to the study. That’s right – criminal extortion. It is not uncommon for hackers to send small, warning DDoS attacks as a threat followed by a ransom email with threat of more intense interruption to services.

Not only can they interrupt your stream of service, but Arbor Networks also noted a rise in DDoS attacks being used more often as a smokescreen, an attempt to mask other malicious activates such as malware infection, information theft or even fraud.

How DDoS Mitigation Works

By their nature, DDoS attacks are very difficult to deal with as they are occurring. The best line of defense is to proactively adopt and setup measures that actively analyze incoming data, and mitigate any false or malicious requests. However, choosing the best DDoS protection can be as overwhelming as the attacks and it is important to note not only the features these protections include, but their methods and support networks. While one service might offer the best features and methods, without a proper supporting network able to handle the sheer volume, the protection will fail.

-Are you under attack?

It is first important to determine if your service is in fact victim of a DDoS attack – the protection must be capable of distinguishing good traffic (your customers) from bad traffic (the attack). If the mitigation service simply detects traffic and shuts out all incoming requests, you have the same issue of legitimate users unable to access your web page or service. This is where Bot Discernment and Deep Packet Inspection services come in, these methods are developed to distinguish between the good and bad traffic.

-Redirect the bad traffic

Once it is recognized, bad traffic must be properly mitigated and rerouted away from your server. This is where the strength and level of a protection network comes into play. All bad pings will be taken away from you, and filtered through the mitigation infrastructure – to the protection service itself. That bad traffic is filtered through your protection service’s Security Operation Centers. With too weak a network and too few centers, the protection service will be unable to cope with the influx of requests. This in essence would void any real protection from attack. Therefore, it is important to compare the number and location of these security operation, or scrubbing, centers when considering protection providers.

-Utilizing your protection

With most protection services being customizable to your business’ needs, how you set up and maintain DDoS protection can vary greatly. Depending on the level of importance your protection can run all the time and always on, intermittent at specific times or even toggled on and off. Different deployment methods also vary on how you want the services to operate, either cloud based, with on-site hardware or a hybrid model utilizing both. Choosing the proper deployment method will vary based on your business size, urgency of protection, and even IT capabilities. On-site hardware might require additional on-site support, and might be too much for small IT teams to handle. Meanwhile most cloud services will be fully maintained by the provider, and will alert you when an attack occurs – instead of toggling protection when you become aware of an attack.

Compare Top 6 DDoS Mitigation Solutions

With a solid understanding of what DDoS attacks are, and how they can be mitigated, it is important to closely analyze the different solution offerings on the market to determine their effectiveness. As discussed previously, it is important for the protection to not only employ proper protection methods, but must have the adequately network support to properly mitigate any attacks. Beyond simple features, it is important to note the amount of security operation centers at the protection’s disposal, as well as the network capacity.

With too few security centers, or too little network capacity, the best mitigation tools would fail to properly prevent an attack because there is no where to send the traffic. An easy way to understand this is to relate it to a toll booth for a bridge crossing. Quick entry points that do not require cars to stop and make toll payments allows for quicker passing, but if the amount of entry points is limited to 2 or 3, when rush hour comes the influx of cars will be funneled into a limited number of entry points. Without proper infrastructure to allow for more entry points, the system becomes overwhelmed and the benefit of quicker payment systems is nullified.

DDoS attacks are difficult to simulate and testing each individual protection service is not entirely feasible. In order to breakdown each provider’s offerings we sourced information from their individual web pages, as well as independent research and contact with the providers. Below you will find a chart outlining the most prominent services and their comparable features.

Arbor-120 cloudflare-120 Dos-120 Incapsula-120 Gigenet
Number of Security Operation Centers 4 42 4 27  3 5
Network Capacity (measured in TB per second) 1 N/A 1 1.5  0.5 1.7
Firewall No Yes Yes Yes  No No
Auto Bot Discernment Yes Yes Yes Yes  Yes Yes
Deep Packet Inspection Yes N/A Yes Yes  Yes Yes
DNS Redirection Yes Yes Yes Yes  Yes Yes
Web Proxy No Yes Yes Yes  Yes Yes
Real Time Monitoring Yes Yes Yes Yes  Yes Yes
IP Blocking Yes Yes Yes Yes  Yes Yes
Always On Yes Yes Yes Yes  Yes Yes
Cloud Based Protection Yes Yes Yes Yes  Yes Yes
Hybrid Protection Yes No No Yes  Yes Yes
On-site monitoring Yes No No Yes  No No
24/7 Customer Service Yes Yes Yes Yes  Yes Yes
Email Support Yes Yes Yes Yes Yes Yes
Phone Support Yes Yes Yes Yes Yes Yes
Live Web Chat No No Yes Yes Yes No
More Info More Details More Details More Details More Details More Details More Details
Articles you might like
5 Signs That Your VoIP System is Hacked
When it comes to VoIP communication, there are many advantages to be gained, especially from a...
Why Your Business Needs To Employ a VPN
With so many tools at our disposal to make remote and mobile work possible, its no real surprise the...
A Practical Guide to Understanding the Sales Funnel
The sales funnel is often presented as a chart that indicates a company's current leads, prospects...