Very few people would operate their businesses without adequate insurance protection against everything from an act of God to a bad debt.
Yet many of these companies still choose to leave their main channel of customer communication – their internet storefront – vulnerable to an abrupt termination or sudden drop in performance.
The consequences of non-availability of a corporate website, particularly for businesses based on e-commerce, can be far more damaging than dealing with the aftermath of a flood or fire and with the same or even higher chances of it occurring.
To be fair to network managers, part of the reason for the lack of investment in specialist technology that guards against a distributed denial of service (DDoS) attack (in which assailants flood a system to bring it down) can be attributed to budget restrictions as well as a belief that their patching system or Firewall will do the job.
This is further compounded by a general impression that the bad guys have moved on and, from a return on investment perspective, the risk is worth taking.
However, evidence suggests that since hackers first used DDoS to gain peer group kudos in early 2000, it has evolved into a highly organised, financially motivated cyber-crime with an estimated 10,000 attacks occurring each day.
This alone should be enough to ensure that network managers take the problem more seriously, but if more reasons are needed there is also the phenomenon of “flash-crowds”.
With the arrival of Twitter and Facebook and the ubiquitous availability of the internet, any announcement can trigger a tsunami wave of hits on a website capable of taking even the most high profile site offline in a matter of minutes.
A study carried out by security analysts at Forrester, IDC and the Yankee Group concluded that large e-commerce based businesses potentially face a $30m loss in direct revenue and reduced productivity costs, from just one 24 hour break in internet availability, whether it be the result of a targeted DDoS attack or a flash-crowd incident.
Most DDoS attacks can last several days, if not weeks, so it is hardly surprising that victims often prefer to pay the ransom demand that usually follows than spend valuable time struggling to fend off the attack.
Unlike other internet malware, DDoS attacks typically do not carry a malicious payload or have any distinct signature or behaviour profile, resulting in most of the malevolent traffic being allowed through unhindered.
Although there are some manual adjustments that can be made to blacklist un-trusted IP addresses and reduce the impact of the attack, this is usually after the event and can be a very blunt instrument resulting in a high level of false positives – which means disgruntled customers.
DDoS attacks are generally made up of large volumes of normal internet traffic generated by a global network of robot PCs, or botnets, that have been created by tricking innocent users unwittingly to allow malicious code on to their computer.
Designed to exploit the limitations of the server hardware resources and resulting in the system closing itself down, this is no different, in effect, from millions of people all trying to access the same information, on the same web server at the same time.
While companies may still feel that the chances of being a DDoS victim are extremely low, there is the very real risk that their customers and remote users could suddenly find that access to web-based services is unavailable due to a flash-crowd event – with the inevitable serious financial consequences.
It has been argued that the current economic climate increases the temptation to use DDoS to make money, while reducing the IT resources available to combat it.
Plugging the gap has not been easy, with technology challenges severely restricting options to deliver sustainable security and specific anti-DDoS services in the cloud.
Hardware performance limitations and infrastructure costs have not made enough economic business sense for many service providers to make the necessary investment; until recently only high cost, premium services have been available. These don’t make sense for the vast majority of organisations.
Fortunately recent advances in high-performance, multi-tenant server architecture and new behaviour-based DDoS mitigation software, has started to emerge that is set to pave the way for a range of cloud-based security services.
Supporting potentially hundreds of individual customers on a single appliance it will soon be possible for service providers to deliver anti-DDoS services at highly cost-effective prices that will enable organisations of any size or scale to bring their DDoS protection in line with the rest of their IT security.
Early indications suggest that the first services based on the technology will be ready to roll out this year.
There will then be no excuse for leaving networks unprotected and at risk from any form of flood attack – malicious or otherwise.
Be alerted on Terrorism