NC Nov-Dec 2023
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
OPINION: DDoS ATTACKS<br />
resource - like a website or pdf - from the<br />
targeted server.<br />
As a result, the application is overwhelmed<br />
and is unable to deliver content to its users.<br />
These attacks are mostly used to target web<br />
servers, but can also go after any digital<br />
application, including session initiation<br />
protocol (SIP) and border gateway protocol<br />
(BGP) services.<br />
VOLUMETRIC ATTACKS<br />
Lastly, there are volumetric attacks. These<br />
involve threat actors flooding a target with<br />
malicious traffic in an attempt to consume<br />
all available bandwidth either within the<br />
target network/service, or between the<br />
target network/service and the rest of the<br />
internet. These attacks are simply about<br />
causing congestion.<br />
From 2006 to 2021, volumetric attacks<br />
reigned supreme, with DNS amplification<br />
attacks at the forefront. These attacks work<br />
by sending requests that generate large<br />
replies to multiple open domain name<br />
system (DNS) servers from a spoofed IP<br />
address to appear as though the request is<br />
coming from the target. At full scale, the<br />
large influx of DNS traffic onto a single<br />
server can overwhelm it, forcing the server<br />
to crash.<br />
Adversaries will typically choose one or<br />
more of these different types of attacks to<br />
use against the on-premises and cloud<br />
environments of targets in order to maximise<br />
the degree of damage. This demonstrates<br />
the need for organisations to integrate a<br />
multi-faceted defence approach across both<br />
their network availability and digital<br />
infrastructure to effectively mitigate modern<br />
DDoS threats.<br />
THE NEED FOR A HYBRID DDOS<br />
DEFE<strong>NC</strong>E APPROACH<br />
The difficulty organisations face is having to<br />
put equal protections in place to reinforce<br />
their security across all network<br />
environments. This blocks DDoS attacks<br />
which are capable of evading either onpremises<br />
only or cloud-only defences.<br />
For instance, conventional cloud-based<br />
DDoS mitigation tools can defend against<br />
larger volumetric attacks targeting internet<br />
connectivity prior to them overwhelming<br />
local protection. Meanwhile, to defend<br />
against application-layer and encrypted<br />
traffic attacks, organisations will need onpremises<br />
defences near the targeted<br />
applications or services. However, with both<br />
examples, the solutions' level of effectiveness<br />
is very limited as it protects one network<br />
environment instead of the other.<br />
For organisations to overcome this, it is<br />
best practice for them to adopt a hybrid<br />
or multi-layer DDoS defence approach<br />
with both cloud and on-premises<br />
components that recognise all the<br />
different DDoS attack vectors and<br />
methodologies.<br />
HOW TO ESTABLISH A HYBRID<br />
SECURITY STRATEGY<br />
A hybrid DDoS defence strategy<br />
incorporates an on-premises, detection<br />
and prevention system with on-demand<br />
cloud-based mitigation capabilities at<br />
the edge. The combination of the<br />
unrelenting nature of adversaries and<br />
the growing complexity of DDoS attack<br />
methodologies and techniques<br />
necessitates the basis of a<br />
comprehensive DDoS mitigation<br />
strategy to be an on-premises, roundthe-clock,<br />
purpose-built DDoS attack<br />
protection system.<br />
This must be capable of automatically<br />
identifying and blocking all types of<br />
DDoS attacks and other cyberthreats<br />
prior to damage being inflicted on<br />
business-critical online infrastructure<br />
and services.<br />
While traditional cloud-based DDoS<br />
protection solutions are effective when it<br />
comes to stopping large volumetric DDoS<br />
attacks, they have difficulty in blocking<br />
other types of DDoS attacks designed to<br />
evade their systems. But cloud-based<br />
mitigation solutions shouldn't be<br />
discarded entirely, as they strengthen the<br />
protection of on-premises tools.<br />
Fundamentally, the best solution is to<br />
use a combination of an on-premises and<br />
a cloud solution with intelligent and<br />
automated integration, as this provides<br />
the most comprehensive protection<br />
possible. Although this doesn't represent a<br />
one-size-fits-all solution, this approach<br />
helps organisations to ensure that new<br />
and evolving DDoS threats can be dealt<br />
with in real time.<br />
I<strong>NC</strong>REASINGLY EFFECTIVE THREAT<br />
ACTORS<br />
With cybercriminals becoming<br />
increasingly adept at launching<br />
dangerous attacks and evading<br />
traditional defence techniques, an<br />
inability to adapt and defend against<br />
these emerging DDoS attack techniques<br />
will significantly damage businesses.<br />
Therefore, businesses should implement a<br />
more comprehensive defence strategy to<br />
secure their network edges.<br />
Even though cloud-based solutions may<br />
be cost-effective, ultimately, they must do<br />
more to protect organisations from the<br />
rapidly evolving nature of the threat<br />
landscape and the emerging types of<br />
DDoS attacks.<br />
Nevertheless, a multi-layer, hybrid solution<br />
which deploys on-premises defence at the<br />
edge, alongside a cloud-based backup,<br />
ensures enterprises can maintain improved<br />
cyber hygiene and prevent extended server<br />
downtime in the event they're impacted by a<br />
DDoS attack. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBERR <strong>2023</strong> NETWORKcomputing 27