Recognizing and abating distributed denial of service (DDoS attacks) are a major challenge today. Enterprises, be it very big, medium sized or small, all can be a scapegoat when it comes to such attacks. Some definite actions can give a boost to your company’s overall security stance and make it robust enough to defend your business against DDoS attacks.
Acquaint yourself with the website traffic
First, you need to acquaint yourself with the website traffic so that you can notice the alarming signs like the inaccessibility of your website for an extended period or irregular spikes in the website traffic. Keep checking for existing security vulnerabilities in your system. If found, make sure you address them immediately.
Get a decent operator strategy
You need to have a decent network operator strategy. Since it targets the network, you cannot handle volumetric attacks by a software alone. You need reliable operators who can mitigate the attack even before it arrives at the server. There are experienced providers in the market who can reroute and scrub off the problematic part of your traffic before it even strikes your network. They will ensure that only the legitimate part of the traffic comes your way.
Maintain a vast network
Having a vast network and capacity helps by supplying you more bandwidth to contain sudden surges in traffic. Of course, it is not always possible to rent a huge network or scale it up due to high costs, especially with the attacks getting enormous, but at least it will buy you some time to prepare the mitigation response. For example, when the Mirai botnet affected the blog of renowned journalist, Brian Kreb, the lone reason the provider was primarily able to fend off the attack was its significant bandwidth. Cloud based service providers can provide you with this advantage.
Formulate an emergency response plan
Formulate an emergency response plan carefully and in advance. Delegate the responsibilities within your IT security teams and subcontractors to reduce their response time in the wake of an attack. Also, make sure your data center or the one managed by your subcontractors is prepared for such an incident.
Put together multiple security technologies
Operators need to use multiple security technologies, in conjunction, to stop a DDoS attack. Rohde & Schwarz Cybersecurity leverages the innovative technologies of Arbor Networks to detect SYN flood attacks, UDP flood attacks, amplification attacks, spoofed IP addresses etc.
As a last resort, your operator is able to blackhole few target IP addresses, and change the IP addresses on the backend. They could drop the malicious DDoS traffic, putting it out of sight, hence the name “blackhole”. This strategy protects the remaining assets of your infrastructure, which are not directly under attack, but there is a downside to this. Since it blocks both fake and legitimate traffic, blackholing should be used only when the other strategies are not working as expected.
Communicate effectively in case of an attack
Finally, in case of an attack, you need to communicate both internally (hosting provider) and externally (customers) about the attack. So, have a complete list of your contacts ready as well. Prompt communication will reduce the amount of complaints via phone, email, social media etc by flustered customers.
Increase your vigilance with R&S®Cloud Protector’s Anti-DDoS protection architecture
Use Anti-DDoS WAF protection for more security
A SaaS web application firewall (WAF as a service) is one of the best ways to fortify your web applications against a DDoS attack. To set up a WAF, you can use R&S®Cloud Protector, which is a highly scalable SaaS solution that easily adapts to peaks in your web traffic. This scalability aspect is important for countering DDoS. More importantly, you gain from anti DDoS technologies at the operator level, as a first line of defense, even before the WAF. The DDoS protection architecture (Figure 1) of the Enterprise version helps you by providing elasticity and convenience even in the wake of DDoS attacks. The client uses the internet through a DNS in order to access the web server. The DNS responds by redirecting the traffic to R&S®Cloud Protector infrastructure instead. This true SaaS solution is hosted on a provider with anti-DDoS protection against common volumetric and application layer DDoS attacks. It addresses the incoming traffic and allows the client to scale out automatically, whenever they reach a peak in their web traffic.
It supports multi provider deployment based on your requirements. When clients have a peak in their traffic with multitude of requests leading to a DDoS attack, and the first provider is unable to restrain it, then the health monitoring function directly addresses the unwanted DDoS traffic, to provide another layer of DDoS protection with a different provider. And just like that, within a few minutes, an additional layer of defense is created for the client.
The clients can use the graphical user interface (GUI) directly in order to secure their website, configure it and then automate it. They can apply a virtual patching solution (blacklist patterns specific to their applications) to patch newfound common vulnerabilities and exposures (CVEs) with this SaaS WAF solution. They also have visibility on these security incidents via different metrics in the comprehensive dashboards.