Hybrid DDoS Protection is Like a Faulty Airbag

We know that some businesses are the target of constant DDoS attacks, while others face attacks less frequently. If your company falls on the side of less-frequent attacks or having never been attacked at all, you might be wondering, “does the threat still exist?” And “does it exist to the level of risk I’m willing to take by not having DDoS protection? The answer to both questions is an unequivocal “yes”.

Weigh the Risks

Much like with insurance, if the worst happens, the risks and costs of not having it (or of not having the comprehensiveness you need) can greatly outweigh the costs of maintaining DDoS protection. After all, while the scope can of course vary based on industry and company size, Gartner has estimated that just one hour of downtime for an enterprise can translate to $300,000 in costs.

But even if you have insurance, it’s only of use to you if it’s available when you need it, and effectively covers what you need it to cover. The same is true for airbags in your car or smoke alarms in your house – which, by the way, you know you still need to have even if you’ve never been involved in a serious accident or experienced a house fire. The threat exists.

So you know you need these safety mechanisms, but what’s the point of an airbag if it takes 10, 5, or even 1 minute to activate? Or if it doesn’t have the ability to absorb the shock? What’s the point if your smoke alarm doesn’t have sensors that can detect a fire? Protection built with the right components makes all the difference.

For DDoS, it all starts with the type of deployment you have in place.

Cloud-Based Still Trumps Hybrid

With over 50% of DDoS attacks in 2019 of the short, persistent variety, it’s become clear that if you’re targeted, having cloud-based protection in place still trumps hybrid DDoS mitigation deployments. As our DDoS threat experts have recently noted, overcoming the problem of pipe congestion without slowing down mitigation is key, and something that appliance signaling to the cloud is unable to effectively accomplish.

This breakdown in communication and flawed failover can happen in several ways, depending on the particular mitigation configuration. But in the end, it results in unavaiability, and, at best, performance degradation. This is what translates into those catastrophic damages you want to prepare against. Service availability and user experience can undoubtedly, directly impact your ability to generate revenue.

Hybrids Lose Critical Attack Information

One contribution to downtime and performance degradation is the loss of early attack information during mitigation by hybrid deployments. Because with short, persistent assaults – like pulse wave attacks, first discovered by Imperva in 2017 – the line of communication early on is impacted. Therefore, an appliance is unable to communicate all of its collected information to the cloud.

Critical traffic signatures based on samples collected prior to failover are essentially lost, as well as other data from the first minutes of an attack. This means less effective mitigation and no fast creation of a new cloud-based filtering policy. The cloud has to resort to reconstructing an attack signature on its own. And with the ability of attackers to change attack vectors so quickly, every short-lived assault creates even more security complexity.

Attack Trends Dictate Right “Airbag” Components

In our associated whitepaper on pulse wave attacks, we describe how these attacks that can overwhelm hybrids are a product of the times and should be viewed in the context of an enduring, overall trend of shorter-duration, impactful DDoS attacks. Learn about the origins of pulse wave attacks and the history of hybrids as a setup that made business sense for legacy providers to offer, rather than the best mode of defense.

Plus, find out more on how all this translates into identifying the critical components of efficient and effective DDoS mitigation:

  • Real time to mitigation
  • Capacity
  • Automation

Check Your Time to Mitigation Clause

Bottom line: If you want to ensure you’re covered by the best protection possible, check into the actual ‘time to mitigation’ clause in your DDoS mitigation provider’s SLA. Ask questions about the attacks covered. And, if you rely on an ‘appliance first’ hybrid deployment, consider how your configuration might bar you from the mitigation accuracy and speed your organization requires.

The post Hybrid DDoS Protection is Like a Faulty Airbag appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Kim Lambert. Read the original post at: