2. Have a dedicated DDoS mitigation appliance to identify, isolate, and remediate attacks.
The complexity of DDoS attacks and the tendency to combine volumetric and application methods require a combination of mitigation methods. The most effective way to cope with the application and "low and slow" elements of these multi-vector attacks is to leverage on-premise dedicated appliances. Firewalls and intrusion-prevention systems are critical to the mitigation effort, and DDoS security devices provide an additional layer of defence through specialised technologies that identify and block advanced DDoS activity in real-time. Administrators can also configure their on-premise solutions to communicate with cloud scrubbing service providers to enable automated route away during attack.
3. Organisations need to tune the firewall to handle large connection rates.
The firewall will also be an important piece of networking equipment during DDoS attacks. Administrators should adjust their firewall settings in order to recognise and handle volumetric and application layer attacks. And, depending on the capabilities of the firewall, protections can also be activated to block DDoS packets and improve firewall performance while under attack.
4. Develop a methodology, or a strategy, to protect applications from DDoS attacks.
Secure technologies can provide robust protections to DDoS activities. But administrators should also think about tuning their web servers, modifying their load balancing and content delivery strategies to ensure the best possible uptime. Also relevant to such efforts are the incorporation of safeguards against multiple log-in attempts.
Another interesting approach is to block machine-led, automated activities by including web pages with offer details, such as opportunities for interest rate reduction or information on new products, so that users must click on "accept" or "no thanks" buttons in order to continue deeper into website content. Additionally, content analysis is important. Such efforts can be as simple as ensuring there are no large PDF files hosted on high-value servers.
The above methods are crucial to any DDoS mitigation strategy. Organisations must also reach out to service providers and ISPs and work with them to identify novel mitigation techniques. ISPs must be involved in mitigation strategies. DDoS attacks use the same Internet as bank customers, and the ISPs carry both forms of traffic.
Of increasing importance is the need to investigate and implement intelligence gathering and distribution strategies. Such efforts should investigate data within company networks and expand to include other companies that operate in the financial services industry.
Getting more information about who the actor is, motivations behind the attack and methods used, helps administrators anticipate and proactively architect around those attacks. Attack profile information can range from the protocols used in the attack (SYN, DNS, HTTP), the sources of attack packets, the command and control networks, and the times of day during which attacks began and ended. While valuable in mitigating attacks, there is no easy way to communicate this data, and regulatory hurdles make it even more difficult to share attack information.
Sign up for CIO Asia eNewsletters.