Distributed denial-of-service attacks have been getting bigger and lasting longer, and for the past few years defenses haven’t kept pace, but that seems to be changing, Gartner analysts explained at the firm’s Security and Risk Management Summit.
Gartner tracks the progress of new technologies as they pass through five stages from the trigger that gets them started to the final stage where they mature and are productive. The continuum is known as the Hype Cycle.
Gartner analyst Lawrence Orans. Credit: Gartner
DDoS defense had reached the so-called Plateau of Productivity – the final stage - in 2012, but then has moved backwards in the Hype Cycle in the past few years into the previous stage - the Slope of Enlightenment - says Gartner analyst Lawrence Orans.
That fall, DDoS attacks were 10 times as large as any then seen hit Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank using botnets of compromised servers to generate high volumes of traffic against not only HTTP and HTTPS but DNS as well. They also went after protocols including TCP, UDP, and ICMP.
That was followed up in 2013 by the use of NTP amplification attacks that used Network Time Protocol servers to swamp networks with responses to requests made from spoofed IP addresses in the target network. “That set DDoS back on its heels,” Orans says.
But security vendors and service providers that offer DDoS protection have caught up, and Gartner’s Hype Cycle rating for DDoS defenses will shift again back toward the maturity end of the scale, he says.
That’s encouraging because the number of DDoS attacks from the first quarter of 2015 to the first quarter of 2016 more than doubled, according to Akamai’s latest State of the Internet Security report, and mega attacks hit hundreds of gigabits per second.
Attacks of 300Gbps and above can be handled by leading DDoS vendors, Orans says, and given the ready availability of DDoS attack kits, it’s important for corporations to pay for this type of protection.
Competition among DDoS mitigation providers is increasing, so prices have dropped, he says. Flat fees per month were the norm for DDoS protection services, but now there are more flexible plans.
Protection can come in three models. Providers sell access to scrubbing centers, where traffic during a DDoS attack is redirected to a provider’s network where the attack traffic is dropped and only good traffic returned to the customer network. This can cost $5,000 per month and up. Some providers he mentioned: Akamai, Arbor, F5, Neustar, Nexusguard, Radware and Verisign.
Some ISPs offer this type of service at a 15% to 20% premium over bandwidth costs, he says. Some ISPs are better at it than others, so customers should check them carefully, particularly newer and regional ones.
Sign up for CIO Asia eNewsletters.