VeriSign has published a report that is aimed at helping online businesses and other enterprises guard themselves against distributed denial-of-service (DDoS) attacks.
The DDoS Migration report describes how hackers are employing larger and stealthier techniques to outsmart such traditional DDoS defense tactics as bandwidth over-provisioning, firewalls and intrusion prevention systems (IPS).
Ken Silva, CTO of VeriSign, said: If the past year has shown us anything, it’s that DDoS threats represent a moving target – one that is growing more sophisticated and difficult to defend against, even as the attacks themselves grow more frequent.”
VeriSign cited a recent survey from Forrester which shows that 74% of IT decision-makers experience one or more DDoS attacks in the past year. In nearly one out of every three attacks, hackers were successful in disrupting service, even though these organisations had in place security measures designed to thwart DDoS attacks.
The report noted that DDoS methods have evolved in the past year and more hackers are preying on specific targets by dispatching custom bots to directly flood a target site with traffic. In addition, the hackers also amplify their attacks with reflection flood techniques that use recursive Domain Name System (DNS) servers to bounce attacks to their victims.
VeriSign has outlined five best practices to guard against DDoS attacks, while minimising impact on business operations. They include the centralisation of data gathering and understanding the trends; systematic processes and methodologies in place; and filtering traffic in layers, rate-limiting traffic and enhancing rule sets over time.
With DDoS attacks evolving from traffic floods to subtle infiltrations of the application layer, organisations need better insight into application thresholds and vulnerabilities, VeriSign said.
In addition, the company also noted that a scalable and flexible infrastructure helps ensure systems function properly under attack conditions.
