CSO QuickPulse * DDoS Protection

Improving DDoS Protection A recent survey reveals a significant disconnect between companies’ concerns and their preparedness when it comes to potential DDoS attacks.

According to a recent IDG Research study of IT security professionals, about three in four respondents are concerned about distributed denial of service (DDoS) attacks, which saturate a network or Website with requests until it’s overwhelmed and shuts down. No doubt they’ve seen news reports of high-profile attacks by hackers target-ing companies for political or financial reasons. The threat of DDoS attacks has also been used to perpetrate cases of electronic extortion.

The survey respondents, who work in a wide variety of industries, certainly understand the negative effects a DDoS attack can have on their business. In fact, 34 percent had experienced an attack in the last 12 months.

The impact of such attacks ranges from the immediate inability to conduct business to the loss of brand value. But the internal effects can be equally damaging. Because a DDoS attack floods the network, it sucks up bandwidth. Employees on a wide-area network can’t access software as a service (SaaS) applications; employees using virtual private networks (VPNs) can’t access e-mail. The attack goes from being a Website problem to being an infrastructure problem.

Concern Versus ConfidenceThe survey showed a high level of concern about the impacts of DDoS attacks, including poor customer experience (74 percent), the negative impact on the brand (73 percent) and the inability to conduct business (72 percent).

However, the survey also reveals that this high level of concern does not necessarily translate into a high level of preparedness. Even though security experts are acutely concerned with the ramifications of an attack, they report low levels of confidence in their preparedness.

What’s preventing security experts from achieving a greater degree of preparedness? The problem may be that there are multiple points of failure, from the Web application firewall to appliances installed in the data center, as well as multiple options for protection.

Options include on-premise protection as well as outsourcing options through ISPs or other service providers. The majority of those indicat-ing they have implemented some form of DDoS protection (45 percent) utilize on-premises DDoS

SponSored by:

prevention through firewalls, routers, or switches. Another 27 percent use cloud-based DDoS pro-tection through an ISP or another third party.

Some 13 percent have outsourced protection such as “scrubbers.” However, even though scrubbers have on-demand, just-in-time pricing, IT professionals have to trigger them immediately upon attack to be most effective and they still degrade network performance and website availability.

Finally, some vendors offer data center DDoS mitigation appliances whose specifications say they can handle a seemingly impressive 40-gigabit-per-second attack. However, the capacity required to ensure a network stays functional during such an attack can cost upwards of $100,000 per month. Add disaster recovery capability to that capacity and the cost can double.

A Different Kind of SolutionIncreasingly, respondents report, they are considering an “always-on” solution for monitoring, identifying and mitigating attacks. According to the survey, nearly 20 percent are already using these solutions, and 62 percent are considering them. An always-on DDoS solution is cloud-based and takes advantage of

scalability and a distributed environment. The fundamental idea of using a cloud-based

provider for specific targeted services—as opposed to going through an ISP for generic services—is increasingly attractive, because it’s difficult for companies to either find security professionals or devote the ones they have to the ongoing challenge of dealing with attacks, malware and other security-related issues.

“Enterprise thinking has evolved in this area,” says John Summers, vice president of security and compliance at Akamai. “Companies recognize that security requires dedicated, 24x7 focus. The kinds of attacks going on now speak to the need for scalability. You can’t scale your infrastructure for a DDoS attack with on-premises equipment.”

Offloading security to a service provider also makes it a predictable operating expense rather than a potentially spiking capital expense. Interestingly, though, only 30 percent of the survey respondents mentioned cost savings as a benefit of always-on DDoS monitoring. A much higher percentage (76 percent) cited the importance of constant protection, and 69 percent cited the ability to be more proactive in preventing DDoS attacks. Other benefits associated with an always-on solution: high-

CSO QuickPulse * DDoS Protection

High level of concern about the impacts of DDoS attacks

Source: IdG research Services, december 2012

extremely concerned Very concerned Somewhat concerned not very concerned not at all concerned

poor customer experiencenegative impact on perception

of your organization or brand

Inability to conduct business

Loss of revenue

Shut down of our commercial websites

delay of other important IT initiatives

35%

42%

49%

39%

38%

13%

39%

31%

24%

25%

26%

37%

17%

18%

18%

16%

23%

35%

7%

7%

6%

15%

10%

3%11%

2%

2%

4%

5%

3%

74%

73%

72%

64%

64%

50%

Extremely/Very Concerned (NET)

performance capabilities (43 percent) and ease of maintenance (35 percent).

One important note: The use of one form of DDoS protection doesn’t preclude the use of others for additional protection. In the case of financial services or other highly secured internal networks, the use of an appliance might be viable in conjunction with a broader, cloud-based solution for the network infrastructure.

How Akamai HelpsAkamai’s cloud-based, always-on DDoS protection service provides the features security executives look for when guarding against attack. Akamai has developed a highly distributed approach to both DDoS attack prevention and other Internet-based security challenges including DNS attacks, application attacks and network layer attacks. Because its resources are distributed across the Internet, Akamai can easily scale them to handle an attack on any given target before the attacker

infiltrates and potentially cripples an enterprise’s network. As a result, enterprises can not only withstand the DDoS attack but also maintain uptime and bandwidth for customers as well as employees.

Akamai’s cloud-based services also provide cost advantages. By using a managed service approach, enterprises get unlimited scalability and protection for a monthly fee (with caps available for bursting) without having to scale their infrastructure to withstand sophisticated DDoS attacks. At the same time, using a managed service provider for security reduces the need for both in-house personnel and on-premise resources.

The result is a win-win situation from both a technical and business standpoint for enterprises concerned about their vulnerability to attacks on the heart of their digital operations.

CSO QuickPulse * DDoS Protection

For more information, visit www.akamai.com/security

Benefits associated with an “always-on” DDoS solution

constant protection for our 24x7 operation

enable us to be more proactive in preventing ddoS attacks

High-performance solution

ease of maintenance

cost savings (staff, overtime, etc.)

76%

69%

43%

30%

35%

Source: IdG research Services, december 2012