Efficient DDoS Protection for a Multi-Site Cloud Provider – ScaleUp Technologies Story
ABOUT ScaleUp Technologies ScaleUp Technologies is a market leader in managed hosting, providing...
A distributed denial-of-service (DDoS) attack is a cybercrime in which the attacker floods a server with internet traffic to disrupt the normal traffic from the legitimate users of a targeted server, service or network.
For cybercriminals to be successful in their goal of disruption, DDoS attacks use multiple compromised computer systems as sources of attack traffic. These can include computers and other networked resources such as Internet of Things (IoT) devices.
There are many different reasons why DDoS attacks are carried out. Some attacks are carried out by displeased individuals and hackers desiring to use flood attacks to take down a company's servers so they can send a message or have fun by exploiting cyber weakness. Frequently DDoS attacks are used to mask other, more targeted cyber-attacks.
DDoS threats are on the rise, and even some of the largest global companies are not immune to being "DDoS'ed". The largest attack in history occurred in February 2020 to none other than Amazon Web Services (AWS), overtaking an earlier attack on GitHub two years prior. DDoS ramifications include a drop in legitimate traffic, lost business, and reputation damage.
DDoS represents a significant threat to business continuity. As organizations have grown more dependent on the Internet and web-based applications and services, availability has become as essential as electricity.
DDoS is not only a cyberthreat to retailers, financial services and gaming companies with an obvious need for availability. DDoS attacks also target the functionality of mission critical business applications that your organization relies on to manage daily operations, such as email, salesforce automation, CRM and many others.
“There’s the common term of DDoS Protection but if you ask ten different people what's in there, you will get ten different answers. That is not just because the types of attacks are very different, but also because the types of applications that customers would like to protect are very different. This is why it needs to be made clear what is included in the protection, and pricing needs to be transparent too.”
Theo Voss
CEO and Co-Founder, Inter.link
Additionally, other industries, such as manufacturing, pharma and healthcare, have internal web properties that the supply chain and other business partners rely on for daily business operations. All of these are targets for today’s sophisticated cyber attackers.
There is no doubt, as evidenced in the alarming rise of DDoS attacks, that DDoS detection and mitigation is an absolute necessity for businesses that rely on internet traffic in order for them to avoid disruption of applications and services, revenue loss, and brand damage.
DDoS attacks are carried out with networks of Internet-connected machines.
These networks consist of computers and other devices (such as IoT devices) which have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet.
Once a botnet has been established, the attacker is able to direct an attack by sending remote instructions to each bot.
When a victim’s server or network is targeted by the botnet, each bot sends requests to the target’s IP address, potentially causing the server or network to become overwhelmed, resulting in a denial-of-service to normal traffic. Because each bot can appear as a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.
A DDoS attack is essentially the use of an online service taken too far. For example, a website may be capable of handling a certain number of requests per minute. If that number is exceeded, then the website’s performance is degraded, or it may be rendered completely inaccessible.
This overload may be caused by an attack or even legitimate use, such as an e-commerce site being overwhelmed on Black Friday or a ticket sales platform going down when sales for a popular event are opened.
DDoS attacks are capable of overwhelming a target at various levels. For example, a web application may have a maximum number of requests that it can handle.
Alternatively, the server that it is running on may have a limit on the amount of simultaneous connections that it can manage. A network likely has bandwidth restrictions that could be overwhelmed by an attacker. Exceeding any of these thresholds will result in a DoS attack (from a single source) — or a DDoS attack if the attack uses multiple IP addresses for amplification— against the system.
The first step in avoiding or stopping a DDoS attack is knowing that an attack is taking place. To detect an attack, one has to gather a sufficient network traffic information, then perform analysis to figure out if the traffic is friend of foe. This process can be performed manually or in an automated fashion. DDoS detection is the key to quickly stopping or mitigating attacks and in order for this to happen, two success criteria need to be met:
So detection methods are a key consideration in formulating a strong DDoS defense, a crucial pillar of cybersecurity overall.
The most obvious symptom of a DDoS attack is a site or service suddenly becoming slow or unavailable. But since a number of causes — such a legitimate spike in traffic — can create similar performance issues, further investigation is usually required. Traffic analytics tools can help you spot some of these telltale signs of a DDoS attack:
There are other, more specific signs that can vary depending on the type of DDoS attack. There are multiple types of DDoS attacks, such as application layer attacks (sometimes called a Layer 7 DDoS attack), protocol attacks, and volumetric attacks.
“It's vital to tell the difference between normal traffic and attack traffic when detecting and preventing an attack. If DDoS protection is switched on ahead of time instead of when a company is already under attack, it gives the protection the chance to become deeply familiar with the usual non-attack traffic.”
Theo Voss
CEO and Co-Founder, Inter.link
Inter.link offers a tight integration between IP connectivity services, and DDoS protection available from within our own network.
This "protected transit" delivers the best performance, and we offer it with transparent pricing so that customers get the best protection with the most pricing predictability.
When experiencing an attack, efficiency is crucial and by receiving DDoS Protection from the same provider as your IP Transit, this superior integration means you have greater control, making it easier and therefore much more efficient to protect your infrastructure. We offer multiple tiers so you can pick the type of protection that suits you best, we provide transparent pricing with no surprises, and we do not bill based on clean traffic.
If you are interested in finding out more about Inter.link DDoS Protection, click here.
Interested in who we have already helped with DDoS Protection?
Check out this customer story.
ABOUT ScaleUp Technologies ScaleUp Technologies is a market leader in managed hosting, providing...
ABOUT partimus partimus is a new data center provider in Limburg, Germany with high security...
Our earlier blog explained that a distributed denial-of-service (DDoS) attack is a cybercrime in...
Comments