Protecting against DDoS attacks – how well prepared are Data Centres?

By Dave Larson, CTO and VP Product at Corero Network Security.

  • Monday, 22nd December 2014 Posted 10 years ago in by Phil Alsop

In today’s Internet-driven businesses, any service degradation or outage can have a detrimental impact on brand, customer loyalty and ultimately the bottom line. A cursory review of the stories that have made the headlines recently will show cyber attacks are continuing to make the front pages. Increasingly, these incidents, are a result of Distributed Denial of Service (DDoS) attacks.

 

Cyber attackers know no boundaries when it comes to targeting their next victims, and the drivers for launching attacks are far-ranging and difficult to predict. But as the attacks continue to become larger, longer and more sophisticated, the data centres, and to a large extent the businesses that outsource their data centers, which rely on their online service and web presence as a revenue source cannot afford to remain complacent. But how well prepared are data centres in the UK against these types of attack? As enterprises and government organisations call on their service providers and data centres for help in combating malicious attacks, the question is what can be done to mitigate the risk?

 

At a basic level, DDoS attacks are relatively simple to carry out, and very effective at causing disruption to online services. Whether it is the more traditional approach of flooding a website with ‘bad’ traffic or targeting applications within websites (e.g. web forms), the aim is to slow down, take down, or infiltrate the organisation’s network. Due to the size and scale of hosting provider or data centre operator network infrastructures and their vast customer base, it provides an expansive attack surface due to the multiple entry points and significant aggregate bandwidth made available as a conduit for a damaging and disruptive DDoS attacks.

 

Impact on Data Centres

 

From research recently conducted alongside European technology sector market intelligence firm Megabuyte, we found that provider customers have experienced varying levels of impact from DDoS attacks, with the service providers themselves also suffering from the attack. Interestingly, some providers noted they can be subjected to DDoS attempts between 10 to 50 times a day.

 

What is more worryingly though is that almost 50% of service providers were only made aware of a DDoS attack when they were notified by their customers, who were complaining of service issues. This of course has negative connotations for the data centre and service providers, as it not only puts them on the back foot but also highlights that they do not have adequate measures in place to detect and block, these types of attacks. Unsurprisingly it was also found that service providers whose customers had experienced a significant impact did work to make improvements to their defences.

 

The multi-tenant nature of cloud-based data centres and shared, hosted environments can be less than forgiving for unsuspecting tenants. A DDoS attack, volumetric in nature against one tenant, can lead to disastrous repercussions for others; a domino effect of latency issues, service degradation and potentially damaging and long lasting service outages. The excessive amount of malicious traffic bombarding a single tenant during a volumetric DDoS attack can have adverse effects on other tenants as well as the overall data centre or hosting providers operation. Most recently, because of a focused DDoS attack against Hong Kong University, Amazon Web Services (AWS) and UDomain were both forced to pull hosting support for the university to prevent it from creating collateral damage to other sites they were hosting. It is becoming more common that attacks on a single tenant or service can completely choke up the shared infrastructure and bandwidth resources, resulting in the entire data centre being taken offline or severely slowed.

 

The growing dependence on the Internet makes the impact of successful DDoS attacks increasingly painful for service providers, enterprises, and government agencies. And newer, more powerful DDoS tools promise to unleash even more destructive attacks in the months and years to come.

 

Real-time attack mitigation to ensure proper defence

 

Despite being a prime target, service providers are in fact well positioned to deliver solutions to combat the majority of attacks. Encouragingly, 89% of providers do feel responsible for implementing DDoS protection, both for the protection of their customers and their own protection, despite the fact that they believe customers are impacted by DDoS to a greater extent than their own networks. It was also felt by more than 80% of participants that DDoS defences are either more important or of equal importance compared to other types of security defences.

 

This presents service providers and data centres with a real opportunity to offer DDoS protection to their customers. For those service providers in a unique position to provide a managed monitoring and protection service, it will enable them to generate incremental revenue streams.

 

Here are three key steps for providers to better protect their own infrastructure, and that of their customers.

 

1. Eliminate the delays incurred between the time traditional monitoring devices detects a threat, generates an alert and an operator is able to respond; reducing initial attack impact from hours to seconds by deploying appliances that both monitor and mitigate DDoS threats automatically. The mitigation solution should allow for real-time reporting, alerts and event integration with back-end OSS infrastructure for fast reaction times, and the clear visibility needed to understand the threat condition and proactively improve DDoS defenses.

 

2. Deploy the DDoS mitigation inline. If you have out-of-band devices in place to scrub traffic, deploy inline threat detection equipment that can quickly inspect, analyse and respond to DDoS threats in real-time.

 

3. Invest in a DDoS mitigation solution architected to never drop good traffic. Providers should avoid the risk of allowing the security equipment to become a bottleneck in delivering hosted services—always allowing legitimate traffic to pass un-interrupted, a do no harm approach to successful DDoS defence.

 

Service providers and their customers are both impacted by the challenges of DDoS attacks and cyber threats. As these attacks grow in size and frequency so do customer expectations for improved service availability and security. Enterprises are increasingly calling on service providers to assist them in the detection, analysis and mitigation of DDoS attacks and other cyber threats before they have an impact on their operations and ultimately, their business.