What are the Guaranteed Best DDoS Defence Practices?

By Ronald Sens, EMEA Director for A10 Networks

DDoS is a constantly evolving threat. We are seeing DDoS attacks getting more sophisticated, more frequent and bigger than ever before. The systems that are most common in enterprises today cannot keep up with the constantly evolving DDoS threats because many use old technology. It is therefore important that enterprises adopt a modern defence solution that can help meet these newer requirements. Specifically, there are four different requirements that need to be met:

  1. Precision: More effective precision will help enterprises avoid costly detection and mitigation mistakes. It is important that attacks fail hard by precisely identifying a threat and stopping it before it causes any long-term damage.
  1. Scalability: The need to scale when required is important, especially against IoT devices. With the spread of IoT devices comes the spread of bots in various sizes and powers. It is not just the throughput numbers any more but also the range, distribution and widespread nature of these attacks, meaning enterprises must have the right defences required to be able to stay safe.
  1. Automation: Automation is becoming a major component of DDoS defence as it helps to improve efficiency in the workplace. Older systems still require human input and often need a dedicated member of the IT department to manage them. With automation the human input is no longer required, allowing the dedicated IT security employees to focus their expertise elsewhere within their department.
  1. Affordable: Systems must become smaller and more affordable but, at the same time, cyber defences can’t lose any kind of performance. They must retain their performance and all the required protection capabilities that companies need. Performance by design that offers solutions that make economic sense. 

Improving Intelligence 

Outside of the four requirements mentioned above, enterprises also need to think about utilising cyber threat intelligence. This is another important part of DDoS defence. Cyber threat intelligence stops enterprise employees from undertaking blind DDoS mitigations based on guesswork. It is vital that those in charge of cybersecurity in the business are up to date and knowledgeable on all parts of the network. The last thing an IT manager wants to hear is an employee saying, “I have never seen traffic for this destination and know nothing about it”. It is imperative to have relevant and actionable intelligence in order to have the best DDoS defence for the network.

Fighting back 

For any common threat, instead of guessing the ‘intent’ of hackers, enterprises should try to have an inventory of methods to defend the network. Finding and identifying what methods need to be used is very important, but to do this security professionals need to identify the type of attack. What are the most popular attacks and how are these being carried out? Application attacks represent the majority and are only increasing in frequency. Then there are other forms of attacks, for example ‘floods’. The aim of these attacks is to ‘flood’ the various ports in a network and distract the scanners so that the malicious traffic can sneak through. There are multiple types of these attacks but they all have similar methodology.  All of these forms of attacks are common so answering this first question is a key step to knowing how to fight back.

Next, how do businesses protect themselves from attacks? The best way is by utilising all the required DDoS defence practices along with human management. Legacy systems lack all the features to fight back but even modern systems can be lacking when it comes to incorporating human input. Technology that relies on flow-based detection and automation is essential, but they can completely miss more complicated attacks. For the best protection, at least one dedicated person is needed to work with these systems and manually intervene when a complex attack is detected.

Older systems also lack the ability to scale. This means enterprises must buy more technology to increase protection, rather than simply upgrading, and this makes cyber defence an expensive process. So, a comprehensive protection solution needs the following:

  • Enterprises need to make sure their defences have a multi-layered or hybrid protection approach when it comes to DDoS defence.
  • A dedicated on-premise detection and mitigation management tool that is constantly providing protection from any kind of DDoS attack.
  • The right support group that can help enterprises manage and subjugate any situation, especially whenever an attack is about to saturate the pipes of a network.
  • Security professionals need to make a decision to redirect the track to a hybrid cloud protection if an on-premise one is not working hard enough. After a clean in the cloud, the traffic can be sent back to the on-premise protection.

This is a hybrid defence so utilising a solution that can implement all of these features alongside a competent team of cybersecurity professionals is the best practice enterprises can adopt in the fight against DDoS.

But knowing is only half the battle…

Now enterprises must implement these practices. Ultimately, there are four key approaches that enterprises should take to ensure a modern approach to DDoS defence. First, a layered/hybrid detection that is both cost-effective and reactive to attacks with a layered packet detection. The next approach utilises intelligent automation and machine learning to help defeat the need for manual intervention. Doing so will save both money and time for staff and allow them to put their expertise elsewhere. A scalable solution that can go up to 100k of monitored entities with individual policies is needed. With scaling of this magnitude, a profitable, clean, pipe service can be made. Finally, overcoming organisational silo issues will allow enterprises to leverage common resources and talents to bring out the best of what they have on hand.