The massive DDoS attack against Dyn last month served as a wakeup call for many businesses. But it’s not just the headline-grabbing, largescale DDoS attacks like it that they – or their service providers – should be concerned with.
There are many small-scale attacks that hit your network on a much more frequent basis, which some of the legacy DDoS mitigation solutions are ill-equipped to mitigate effectively, Corero Network Security COO Dave Larson says.
These “tiny little vectors” – which Larson calls reconnaissance vectors – are often missed by legacy solutions whose thresholds are set much higher for redirection; attackers use these reconnaissance vectors to “determine who is weak, who is vulnerable, and who can be exploited,” Larson says.
Another benefit is that IT security staff can spend less time on processing DDoS security incidents, which is part of the reason why Liquid Web recently deployed Corero’s SmartWall Threat Defense System.
Liquid Web said that it has already seen a “dramatic improvement of service availability” after adding to the Corero solution, which it augments with its existing solution used for detection and reactive mitigation.
According to Corero, the inline protection of its SmartWall Threat Defense System (TDS) is much better at handling small-scale attacks by detecting and mitigating attacks in real-time without disrupting the flow of good traffic. With legacy technology, Larson says, “there is typically a time anywhere from 5-10 minutes to a half an hour to when the attack is launched, when the attack is detected by the system and when the attack is effectively mitigating.”
“In that period of time a website most undoubtedly will be down,” he says. “We don’t think that is something that online properties should tolerate anymore. The technology and the automatic proposition exists to defeat the problem instantaneously.”
Research released by Corero in March showed the increasing trend toward these types of small-scale DDoS attacks. Larson said that these DDoS attacks negatively impact network performance and are often used as a “smokescreen” for more malicious attacks.
“Sometimes we get wrapped around the axel in these big events like Krebs, and it’s not to say it’s not newsworthy,” he says. “But when we deploy the benefits of inline against a data center like Liquid Web we remove all of the DDoS, and 90 percent of the DDoS is below a GB.”
“Even in the case of largescale attacks oversaturating the edge bandwidth, we are seeing networks ride those out if they have inline protection like ours,” Larson says.