In the past 24 months, distributed denial of service (DDoS) attacks have changed profoundly. Gone are the days when attackers worked under the radar, when machines were infected by botnet code unknowingly and attacks were disguised leaving very little to trace the exact origin. Today, sophisticated attackers broadcast their aims to the world, mobilizing participants around socio-political causes. Their aim is to protest, not steal. Of course, if the website of a multinational bank is offline long enough, something has been robbed, be it revenues or public trust.
The other game-changer: It's easier than ever to execute attacks. The tools are so widely available that anyone with basic skills and a high-speed connection can become a "hacktivist." With protests of all kinds gaining momentum around the world, enterprises should be ready. It's time to forge a plan.
At Neustar we see three key elements to dedicated DDoS protection: people, process and technology.
People: Create a Team of Experts
It's vital to hire credentialed operational and engineering staff with proven experience in DDoS mitigation. Maintain your DDoS swat team as a separate unit practicing a highly specialized and recognized discipline. Be sure to nurture your talent and expertise and, above all, have a round-the-clock presence. Where I work, in the Neustar Security Operations Center, we mitigate attacks from all over the world 24x7.
Process: Document, Automate and Practice
Essential: alerts must be reviewed in real time, given threat assignments and classified per a standard guideline. With an established process, you'll be able to respond faster and more effectively. You'll also want to develop mitigation strategies to blunt the impact of DDoS on your company's services. And remember, if practice doesn't make perfect it beats the heck out of winging it, so run regular drills. Practice your response to different scenarios, so you can assess and fine-tune your incident handling. Your program should involve all stakeholders across the company and be sure to practice regularly — it's how you learn and improve your performance come game time!
Technology: Adapt it to Work for You
Seek-out purpose-built technology that allows some degree of customization to your environment. Whatever you choose, it should allow you to detect and mitigate DDoS attacks quickly. It's also a good idea to implement best practices that restrict all non-business-related traffic to your applications. Finally, deploy multi-layer defenses, giving you comprehensive protection from perimeter to application. (At Neustar, we built this into our DDoS mitigation service 'SiteProtect', knowing sophisticated attackers will probe every point of entry.)
Attacks Are a When, Not If
Of course, such a dedicated approach takes time, money and expertise. Many companies don't have enough of all three, so there's been a surge of interest in affordable, flexible third-party solutions. Our advice: as you do your homework, remember, the best defense is a good offense. With the right people, process and technology, you'll have a winning game plan.
By Jim Pasquale, Jim Pasquale, Sr. Manager, Network and Information Security, Neustar Inc.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines