Distributed denial of service (DDoS) attacks, a cyberattack that makes a specific resource unavailable to its intended user, are becoming more complex and sophisticated. Attackers don’t just carry out single attacks — they repeatedly test their target’s security and target their assault to achieve the highest amount of damage. Thousands and thousands of attacks occur daily, shutting down websites and network systems, essentially rendering businesses inoperable.
To combat DD0S attacks, the first thing SMBs must do is assume they are going to be a target. Since the only DDoS attacks we hear about are those against large corporations, banks and the government, many SMBs don’t think they will ever be the target of digital warfare. Consequently, they don’t take the necessary precautions to prevent or mitigate attacks.
“The reason for an attack could be anything,” said Vann Abernethy, senior product manager for NSFOCUS, a leading global DDoS mitigation solution provider. It could be an extortion attempt, a protest against company practices, or even an act of revenge by a disgruntled client or ex-employee. Unarmed with any technical knowledge, anyone with checkbook and a grudge or statement to make can launch an attack. “Everybody that has a measurable ROI associated with their web presence or anybody that can feel pain from their website being down is a target.”
Despite the growing threat of DDoS attacks, most Web service providers will not guard your back, according to Abernethy, as it’s not common to cut off one pipe to protect the network. “If you get hit, they’ll say, ‘We’re gonna protect the rest of our customers by shutting you down.’”
Therefore, Abernethy tells businesses to always read the fine print and see what their Web host’s policies are regarding DDoS attacks. While some say they will protect you, most have consumer-grade security that is not strong enough to defend your website against high-volume attacks.
“SMBs really have two choices to make,” said Brian Laing, vice president of AhnLab, a security solutions provider. “The first is to use cloud-based applications which can more easily scale up to handle any DDoS attacks. The second option would be to implement a DDoS solution that can protect against both application and bandwidth (packet flooding) attacks.”
Before implementing any type of DDoS defender, SMBs should investigate exactly what type of solution a vendor is providing, according to Laing. For instance, the defense mechanism should be able to recognize good traffic from bad, while also having a self-learning capability to be able to set flexible thresholds.
Abernethy agrees. “We see thousands and thousands of attacks every day, so we have both detection and mitigation algorithms. They basically say, ‘That looks like an attack, it smells like an attack, let’s engage our mitigation algorithms.’ It looks at the attack traffic itself and then says, ‘Yes, that is an attack.’ We can detect those attacks and the system can be set up to go into automatic mitigation.”
What SMBs need, Abernethy says, is a purpose-built DDoS defender with both detection and mitigation functions to quickly diagnose and mitigate DDoS attacks. The system should also be a "learning machine" that gets to know your environment over time for more precise detection.
SMBs should also keep in mind that defending oneself from DDoS attacks doesn’t stop at prevention and mitigation. Because a DDoS attack shuts down your entire operation — and because most anti-DDoS protections are primarily concerned with simply knocking the attack down — you should have a recovery plan that either you or your providers facilitate.
Pierluigi Stella, chief technology officer of Network Box USA, global managed security services provider, says that fending off an attack boils down to strategy and having the right resources for defense.
“The real problem, though, is that defense is not a piece of hardware but a strategy, wherein the hardware plays an important role, but isn’t the only player,” Stella said.
First, if your bandwidth is an old T1 at 1.5 Mbps, Stella advises businesses to upgrade that old Internet connection to one with a much larger bandwidth that can’t be taken down so quickly.
A Disaster Recovery (DR) site should also be part of your recovery plan, Stella said. The DR site should have all your data, so it will serve as your temporary site as you work on getting the current one back up.
Ryan Huber, chief architect at Risk I/O, a leader in vulnerability intelligence, says that depending on your business, a simpler option is a static page, such as product literature or other representation of your site. This will temporarily disable site functions such as online ordering, but serves its damage-control purpose of not keeping customers in the dark as you get the full site running. “This has the added benefit of helping you to keep users informed during the attack,” he said.
Abernethy recommends that anyone who does business online do regular, full backups. The recovery plan should also include critical details, such as what the recovery process is, where data backups are stored and who is responsible for which tasks. Disaster-recovery planning should also be part of regular operational maintenance.
“Don’t just make a plan and think you are covered,” Abernethy said. “Get into the habit of reviewing the full plan each backup cycle to ensure any changes are accounted for. It sounds like a lot of extra work, but it really isn't if you build it into your normal routine.”
As Stella says, businesses should always be in ‘prepared mode.’ “Don’t wait for the hurricane to strike.”