5 reasons why depending on your ISP for DDoS protection is a bad idea

A distributed denial of service (DDoS) attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. Once thought of as prankish annoyance, DDoS attacks today are often a tool for cybercriminals to earn income. They’re regarded as one of the most powerful weapons on the internet because cybercriminals can launch them at will, impact any part of a website’s operations or resources, and lead to costly, time-consuming service interruptions.

DDoS attacks are distinct from other denial of service (DoS) attacks, in that they use a single Internet-connected device (one network connection) to flood a target with malicious traffic. Attacks can be launched from any number of compromised devices.

To nobody’s surprise, the number and complexity of DDoS attacks are increasing. Imperva Research Labs recently reported DDoS activity increased by 286% between Q4 2020 and Q1 2021. Security teams work hard to mitigate these attacks, but as they thwart them, the hackers adapt their strategies. Many organizations rely on their internet service provider (ISP) for DDoS mitigation because this service often comes as a relatively low-cost add-on to the ISP’s existing bandwidth offerings. Hackers understand this very well so they make ISPs top-priority targets for DDoS attacks.

In May 2021, Belgian ISP BelNet suffered a large-scale DDoS attack that caused service disruptions for more than 200 organizations including government, healthcare, and academic institutions. The massive attack unfolded in consecutive waves, although it was not a sophisticated DDoS attack and seemed designed simply to inundate the network by sending thousands of IP addresses to create a surge in traffic flow. The result was a costly major disruption, but it could have been much worse.

ISPs focus first and foremost on their principal technology services. DDoS attack protection is a feature they can say they offer, but they may only provide low-cost basic protections that are likely to be sufficient to stop only the most basic DDoS attacks. Choosing a security-oriented solution provider that specializes in DDoS protection enables you to mitigate risk in ways your ISP cannot. Here are five reasons why opting for a security-first vendor is smarter than depending on your ISP:

  1. Your organization is not the ISP’s top priority. If an ISP detects large volumes of traffic going after their network, they may block all traffic – including to your site. At some level, the ISP actually helps attackers achieve their aim of shutting down websites.
  2. Your ISP has limited bandwidth. For ISP’s under DDoS attack, the default response, as we mentioned, is to indiscriminately block traffic. A security-first vendor is capable of spreading the traffic over multiple ISPs and leveraging massive amounts of bandwidth using multiple data centers to absorb volumetric attacks.
  3. ISPs do not protect against protocol attacks. As an organization, you are vulnerable to SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS, etc. that consume actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers. ​​ISPs don’t protect against these attacks. They also do not protect against advanced DDoS attacks such as burst attacks, dynamic IP attacks, or multi-vector attacks.
  4. ISPs are not obligated to provide “best efforts” to stop an attack. The downtime that DDoS attacks cause is costly so the faster the response time, the better. ISPs offer no service level agreement (SLA) that articulates attack detection times, mitigation times, or quality of mitigation. The delays alone could cost a small fortune.
  5. DDoS security is not the ISP’s core business. DDoS attacks have distinct characteristics, and developing ways to mitigate them and minimize their impact on customers requires the skills and expertise of a security-first vendor. A good vendor will stay up to date on new attack methods and trends and have tools at their disposal to respond quickly and effectively to attacks.

Want more information about effective DDoS Protection? See what Imperva has to offer.

The post 5 reasons why depending on your ISP for DDoS protection is a bad idea appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Bruce Lynch. Read the original post at: