DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. With that in mind we’ve assembled some essential advice for protecting against DDoS attacks.
1. Have your ddos mitigation plan ready
Organizations must try to anticipate the applications and network services adversaries will target and draft an emergency response plan to mitigate those attacks.
"Enterprises are paying more attention to these attacks and planning how they'll respond. And they're getting better at assembling their own internal attack information as well as the information their vendors are providing them to help fight these attacks," says Tsantes.
IBM's Price agrees. "Organizations are getting better at response. They're integrating their internal applications and networking teams, and they know when the attack response needs to be escalated so that they aren't caught off guard. So as attackers are becoming much more sophisticated, so are the financial institutions," she says.
“A disaster recovery plan and tested procedures should also be in place in the event a business-impacting DDoS attack does occur, including good public messaging. Diversity of infrastructure both in type and geography can also help mitigate against DDoS as well as appropriate hybridization with public and private cloud," says Day.
“Any large enterprise should start with network level protection with multiple WAN entry points and agreements with the large traffic scrubbing providers (such as Akamai or F5) to mitigate and re-route attacks before they get to your edge. No physical DDoS devices can keep up with WAN speed attacks, so they must be first scrubbed in the cloud. Make sure that your operations staff has procedures in place to easily re-route traffic for scrubbing and also fail over network devices that get saturated,” says Scott Carlson, technical fellow at BeyondTrust.
2. Make real-time adjustments
While it’s always been true that enterprises need to be able to adjust in real-time to DDoS attacks, it became increasingly so when a wave of attacks struck many in the financial services and banking industry in 2012 and 2013, including the likes of Bank of America, Capital One, Chase, Citibank, PNC Bank and Wells Fargo. These attacks were both relentless and sophisticated. "Not only were these attacks multi-vector, but the tactics changed in real time," says Gary Sockrider, solutions architect for the Americas at Arbor Networks. The attackers would watch how sites responded, and when the site came back online, the hackers would adjust with new attack methods.
Sign up for Computerworld eNewsletters.