Marking its inaugural International DDoS Awareness Day, Neustar has released new research into business awareness of contemporary denial-of-service attacks. IDG Research Services questioned more than 200 IT managers for companies with an online marketing or commercial web presence; 70% of which were involved in e-commerce operations.
The study finds that it takes an average of ten hours before a company can even begin to resolve a DDoS attack. On average, a DDoS attack isn't detected until 4.5 hours after its commencement; and a further 4.9 hours passes before mitigation can commence. With outage costs averaging $100,000 per hour, it means that a DDoS attack can cost an internet-reliant company $1 million before the company even starts to mitigate the attack.
With the year's peak shopping period fast approaching, it is something that cannot be ignored. "If an attack results in an outage lasting days, the economic results could be catastrophic. To some companies, it could even be fatal," warns Neustar.
One problem, suggests Susan Warner, Neustar's market manager for DDoS solutions, is that IT administrators may not be fully aware of the business implications of downtime. “For example," she says, "an administrator may believe that if the system goes down for a few hours it’s not a big deal, but may not realize there is going to be hundreds of thousand of dollars of marketing spend lost for every hour of site downtime.”
A second problem is either a misunderstanding of the nature of modern attacks, or a basic belief that DDoS attacks will always go after someone else. Most companies rely on in-house technology to defend against attacks: 77% have firewalls, 65% have routers and switches, and 59% have intrusion detection. But only 26% use cloud-based mitigation services. Nevertheless, there is a strong belief among these IT managers that they are adequately protected: 86% of the respondents are either somewhat, very or extremely confident in their defenses.
But new DDoS techniques such as DNS amplification/reflection, warns Neustar, "can easily overwhelm on-premise defenses and even congest the presumably vaster resources of an ISP." In fact, in the face of a major attack, in-house defenses can make matters worse. A lot of enterprises, warns Warner, “believe they have some technology already in place that will help them, such as a firewall or a router that can handle some extra traffic, but a high-volume DDoS attack is going to quickly overwhelm those traditional types of defenses and they will rapidly become part of the bottleneck.”
"Responding to this new reality," says the report, "requires actionable continuous monitoring and analysis against realtime threat intelligence, and constantly evolving incident management scenarios." The answer lies in the cloud. “Cloud-based mitigation is achieved either by redirecting your traffic during an assault or having it always go through a cloud service,” says Warner. “An always-on type of approach can also be achieved through a hybrid solution that provides mitigation resources on-site; if they begin to be overwhelmed, a failover to a cloud service is immediately activated.”