I am catching up on my reading and just read the 4th quarter Akamai report on the state of the internet. For those of us who follow information security, it provides a fascinating, and ultimately, harrowing look into the current state of mega DDoS attacks. Here is what struck me …
First, attack volumes are becoming huge. There were, in fact, 12 attacks in the fourth quarter exceeding 100 Gbps. Five exceeded 200 Gbps! The biggest clocked in at 517 Gbps. That’s a huge increase in volume in a very short period of time.
Beyond that, I was struck by the sheer diversity of the attacks. A quick review of the data shows that the really big attacks – those exceeding 300 Gbps – were spread across five different botnets. We’ve all seen the news about Mirai, but Mirai is by no means the only game in town.
And while the U.S. still leads the pack, there are at least 10 countries with a vibrant DDoS export business, including the UK, Germany, China, Russia and many others. The full list reads more like the World Cup bracket than a rogue’s gallery of black hats.
And then there are the attack vectors. The Akamai report lists more than a dozen, including UDP fragment, DNS, NTP, CHARGEN and a host of others.
So, let’s review: We’re experiencing a golden age of DDoS attacks that comes in wildly diverse permutations and pack an unheard of multi-Gbps attack punch. Not fun if you are in charge of security.
Divide and Conquer
To meet this emerging volumetric DDoS challenge one needs the very best DDoS detection and a mitigation solution that can handle multi-Gbps attacks. That’s a tall order – exponentially more so if you try to find both in a single solution.
Better to divide and conquer. BGP Flowspec was designed to enable precisely this. You can place best-of-breed detection solutions right where you need them and let them quickly identify and analyze mega DDoS attacks as they occur. Then, using BGP Flowspec the detection device coordinates with best-in-class mitigation solutions to set-up appropriate rules. Once set-up, these Gbps-class DDoS mitigation leviathans can cut the DDoS attacks to shreds using any number of strategies, all at line-rate speeds.
I would be remiss, of course, if I neglected to mention that Corsa makes just such a mitigation solution. I’ll let you click through if you are interested in learning about the Corsa Red Armor NSE7500 and NSE7200, which provide universal enforcement for any size volumetric DDoS attack.
The point is DDoS attacks are not sitting still; they continue to permute and become more pernicious. DDoS defenses that worked yesterday won’t work tomorrow. To stay ahead, you need to evolve your DDoS mitigation strategy as well.