Posted June 24, 2013
Diminished Productivity as IT, Security Pros Fight Large, Sophisticated Assaults
As we’ve seen in the past year, Distributed Denial of Service (DDoS) attacks have become so frequent that they’ve even started to get the attention of business media. Two articles that appeared in the June 22 edition of The Economist —“Denying the Deniers” and “Computer Says No”— highlight the increasing size and sophistication of DDoS attacks as well as the growing business of DDoS mitigation services. The article cites Arbor Networks, which estimates that the average monthly size of DDoS attacks has reached 2.5 gigabits per second, up from under 0.5 gigabits per second in 2009
Service interruption, reputation damage, damage to equipment, regulatory and compliance violations, and even theft of funds and data are all potential implications of DDoS attacks. While these are all very important, the biggest potential cost of DDoS attacks falls in the lowly but expensive bucket of diminished productivity, largely in the form of IT staff getting pulled away from their day-to-day responsibilities to fight unexpected DDoS attacks.
As threat actors become increasingly public in announcing their intentions, another cost of DDoS attacks related to diminished productivity is not the attacks themselves, but the preparations for threats that fail to materialize. Hiring incident response experts, DDoS mitigation providers, and reallocating internal staff can all be necessary, but the question is, when do you take action? Do you prepare as though the worst attack you’ve experienced could happen any day, or do you prepare based on your threat level? More importantly, what is your threat level?
While mitigation services such as those mentioned in The Economist are certainly one way to thwart growing DDoS attacks, there are additional strategies and tactics that businesses can and should deploy. One such tool is open source intelligence, or OSINT. Using OSINT to identify where and when attackers may strike, and better understand their motives can enable you to better prepare for such attacks, and plan your defense accordingly before they ever hit your network.
If you’re evaluating DDoS threat intelligence services, here are a few key questions to ask potential vendors:
• How much experience do you have in monitoring sources outside the network for threats such as DDoS?
• How many years have you been providing threat intelligence?
• How many languages do your analysts speak? Are they able to detect potential threats from non-English sources?
• How many sources do you monitor? How often are they monitored?
• Do you provide 24×7 alerts of potential attacks? At what point do you provide them?
• Are alerts automated, or are they first reviewed by trained security analysts to weed out false positives?
• How are alerts provided? Are they ranked by relevance?
With attacks increasing in size and sophistication against businesses in all industries, it’s more critical than ever to detect DDoS attacks as far in advance as possible so that you have days, not hours, of lead time to prepare.