Since When Has DDoS Protection Service Become A Necessity For Business And Why?
In the era of the cloud, 5G and the Internet of Things (IoT), networks matter more than ever. They are critical for business, from manufacturing and supply chains to logistics. They are also critical for the functioning of society, from energy and resources to transportation and the public sector.
Networks bring us together — at work, for remote learning and at play. As networks have grown in importance, distributed denial of service (DDoS) attacks has also grown, both in number and in their frequency, intensity and sophistication. Volumetric attacks of particular concern for damage potential are volumetric attacks — which comprise more than 95 percent of all DDoS traffic. To prevent from these attacks DDoS protection service requires.
These attacks have increased dramatically in recent years, and around 2016 we entered the era of terabit-level DDoS attacks. Volumetric attacks can appear as high-bandwidth attacks, described by their total bandwidth and expressed in bits per second (b/s).
These attacks aim to exhaust transmission capacity by the sheer volume of traffic. Alternatively, volumetric attacks can appear as high packet-rate attacks, described by their packet intensity and expressed in packets per second (pps).
These attacks aim to exhaust the processing capacity of network hosts and other network elements such as routers. In 2020, both Amazon and Akamai reported high-bandwidth and high packet-intensity attacks. In May of that year, Amazon experienced a 2.3 Tb/s attack. The next month, Akamai reported an attack of 809 Mpps (418 Gb/s).
Damage from attacks DDoS attacks spare no one. Targets range from individual users to networks belonging to service providers, cloud builders and large digital enterprises.
While most DDoS attacks are a nuisance (e.g., to individual gamers), the bandwidth representing high bandwidth and high packet intensity volumetric attacks is cause for concern. These attacks can inflict damage on both connectivity and service availability and result in damages costing hundreds of thousands or even millions of dollars in production and operational losses.
There are also legal costs. And it’s difficult to even put a price on reputational damage. Some segments, such as banking, insurance and healthcare, can also be subject to high regulatory fines.
In August of 2020, an attack on the New Zealand Stock Exchange left the exchange out of service for four days and incurred significant monetary loss plus a warning from the country’s financial regulator.
On May 4, 2021 a Belgian network provider providing connectivity services to government, including remote learning and COVID-19 vaccines registration, was hit by a DDoS attack originating from 257,000 IP addresses from 29 countries — leaving many customers without vital connectivity.
It’s worth noting that although some big attacks get the headlines, many attacks go unreported because service providers do not want to expose details about their security capabilities or vulnerabilities. Even worse, many attacks go undetected or are reported by users on social media.
Motivation for attacks the motivation for DDoS attacks varies widely; while some attacks are just a nuisance, others are tools to achieve a variety of goals. Online gamers do it to win a round of a game as well as get an adrenaline rush. Hacker activists called “hacktivists” are motivated by ideology and have a political or social agenda. Extortion is common, with perpetrators using DDoS attacks — or the threat of attacks — to demand ransom from individuals or corporations (ransom DDoS).
In some cases, DDoS attacks are combined with other malware attacks and are used to obfuscate or hide the real attack. DDoS attacks are made easier with the advent of DDoS-for-hire services and the wider use of crypto currency, and they have gone from being an annoyance to causing major business and service disruptions. As attack ROI and incentives increase, so do attackers’ skill sets.
Approaches to DDoS protection the great variety of DDoS techniques and continued efforts to combine/evolve them and change attack dynamics make DDoS detection and mitigation very challenging. Legacy DDoS detection and mitigation approaches that used to be effective no longer work.
DDoS detection Historically, DDoS detection was done using tools and technologies that provide additional insight into traffic and services: dedicated network probes, inline traffic processing and deep packet inspection (DPI) technology.
Detection techniques focused on recognizing known traffic patterns of DDoS traffic or monitoring traffic volumes for irregularities. This approach evolved to the distributed gathering of DDoS intelligence: obtaining insights from a network of distributed data plane probes (hardware or software). This information was passed to a centralized location for further processing.
When a specific threat or attack was detected, the knowledge about that threat/attack was then disseminated to all network-wide data collection points, to be added to their localized knowledge bases and also used for localized DDoS mitigation.
DDoS detection techniques and approaches have included:
- DDoS signature analysis
- Heuristic and behavioral analysis
- Traffic anomalies monitoring
- Analysis of traffic packet samples.
DDoS mitigation Because DDoS traffic manifests itself at the network level; network-level protection using IP addresses has been the main protection mechanism. DDoS mitigation techniques included DNS-based blocking, but DNS-based protection can be circumvented easily. More effective approaches have focused on IP address-based filtering. Filtering techniques have included:
- Inline mitigation
- Remotely triggered blackhole routing (RTBH)
- BGP Flow spec
- Traffic scrubbing.
New DDoS protection requirements for the cloud, 5G and IoT era A new, forward-looking approach to DDoS protection is a vital aspect of overall network security. To protect from the new generation of threats, the DDoS defense must be context-aware. The DDoS defense needs to provide cloud-era visibility beyond IP addresses and include visibility into services CDNs, web sites and IoT devices.
Finally, an effective defense needs to be flexible and capable of detecting new and emerging threats as they develop and evolve.
Hybrid network architectures, combining physical and virtualized network domains, are proliferating and creating even more and distributed sets of network boundaries that need to be monitored for both ingress and egress DDoS. With the increased number of endpoints that need to be protected — customers, end devices and systems, plus network infrastructure — it is imperative that DDoS security delivers improved performance with scalability and automation.
The DDoS threats of today and tomorrow demand a whole new way of thinking about DDoS protection. Protection for everything and everyone the new global networking environment, with its ever- evolving technologies, requires a new type of protection that will encompass all customers, services and the network infrastructure.
This is a major paradigm shift from the legacy approach in which DDoS protection was reserved for the most valuable and demanding customers and the most critical network entities.
In addition to protecting the hosts and servers, next-generation DDoS protection service must include the ability to monitor network infrastructure within the entire network perimeter, from peering edge to centralized and distributed data centers, to service edge.