Home / Industry

Tips to Address New FFIEC DDoS Requirements

Recently, the FFIEC released statements that describe steps it expects financial institutions to take to address cyberattacks — like distributed denial of service (DDoS) attacks — and highlight resources institutions can use to help mitigate the risks posed by such attacks.

The statement went so far as to say that FFIEC members "expect financial institutions to address DDoS readiness as part of their ongoing information security and incident plans. More specifically, each institution is expected to monitor incoming traffic to its public website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate."

While this is common practice for many of the largest financial institutions today, these new recommendations have thrown many smaller banks and credit unions for a loop. In an effort to help financial institutions of all sizes address the new FFIEC guidelines, Verisign and Juniper Networks recently held a joint webinar to highlight what exactly these new guidelines mean for financial institutions, and explain DDoS attacks and common options that leading institutions use today for DDoS protection and mitigation. All of this was discussed in the context of the six key focus areas described by the FFIEC statement: risk assessment, monitoring, incident response, staffing, information sharing, and ongoing evaluation and assessment.

There were several questions during the webinar, including the following two highlighting some key industry challenges:

Q: How does the financial industry compare with others in terms of frequency of DDoS attacks?

At Verisign we compile and analyze data on attack attempts against our customers. Based on 2013 attack activity, about 45 percent of DDoS attacks targeted the financial services industry. Our customer base is weighted toward financials — indicative of the importance of this type of protection to the industry — so it's not too surprising that the vertical represents a high percentage of activity.

Q: NTP attacks have been in the news lately. What are these?

In the webinar, we described NTP amplification attacks that we've seen over the past several years, which rely on a weakness in the User Datagram Protocol (UDP) that allows an attacker to impersonate (spoof) the victim when requesting data from a third-party server. By sending small requests to many third parties that result in large responses directed towards the victim, the attacker can overwhelm victim resources while using relatively few of his own. NTP is a UDP-based protocol like DNS, but it's used to allow computers across the Internet to synchronize their internal clocks so they all agree on what time it is. There are many "open" NTP servers on the Internet that will respond to any request, and the attackers use these servers as the third party in amplification attacks against their victims. The majority of large attacks we have seen over the last year have been amplification attacks. Having a robust network and application layer DDoS protection solution is the best way to protect against these attacks.

For more information about how to implement a DDoS protection strategy, watch the on-demand webinar or read an earlier blog post, How Financial Institutions Can Up Their Game Against DDoS Attacks.


About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Visit Page

Follow CircleID on

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias


Sponsored byVerisign