In February 2000, a number of high-profile websites were crippled in a spectacular wave of DDoS attacks. eBay, Amazon, Buy.com, Yahoo, CNN.com, ZDNet and online trading sites E*Trade and Datek all reported they were under attack. This outburst of apparently wanton disruption was unprecedented and short-lived. The DDoS threat, for a time, receded a bit as a leading security issue.
Today, the DDoS problem is worse. Much worse. The need to stop DDoS attacks has grown urgent.
Recently, a national government suffered a politically motivated 15Gbps DDoS attack. In another incident, a bank's website was attacked for two days. During this time, its individual customers couldn't access their accounts, and a large merchant was not able to process financial transactions. The Internet's infrastructure has even been targeted when an attack was directed at the DNS root name servers. The DNS function, which translates web and other Internet addresses into their numeric equivalents, is essential to all Internet users, and the loss of availability massively degrades Internet usage. The hacker group Anonymous launched DDoS attacks on MasterCard, VISA and PayPal, and the CIA and the Serious Organized Crime Agency, the United Kingdom's equivalent of the FBI.
The Risk
The stakes are enormous. JP Morgan projected that 2011 eCommerce revenue would reach $680 billion, up 18.9 percent over 2010. MasterCard reported that U.S. online holiday sales totaled $36.4 billion in 2010, with several single day totals, including "Cyber Monday," recording more than $1 billion in revenue (the holiday season alone accounts for up to 40% of online sales revenue).
Companies that do business on the Internet, such as eCommerce, financial services and online gaming - any organization that depends on its websites for all or a large portion of their customer, supplier and/or partner interaction and transactions - depend on absolute, continuous availability and fast response. If a site is unresponsive or, worse, off line, frustrated customers will quickly go to another for goods, services and information.
The Threat
DDoS is designed to disrupt your business with malicious intent. Victim enterprises can lose customers, short-term or even permanently. A slow or down site can cost thousands, even millions of dollars, depending on the duration and the type of business - imagine a DDoS attack that significantly impacts an online trading company that handles billions of dollars in transactions each week. Time is quite literally money.
DDoS is on the rise. Gartner reported that DDoS increased by 30% in 2010 and predicted continued increase in 2011. According to a 2011 report from VeriSign, 63% of midsize to large organizations say they suffered at least one DDoS attack in the past year, and 11% reported six or more attacks. Approximately 70% of respondents said they plan to deploy a DDoS defense solution in the next 12 months.
What is happening?
Attackers routinely recruit tens of thousands or even greater numbers of compromised computers, called bots or zombies, to form botnets, which are remotely controlled to initiate network attacks against a single victim. With the newer application layer variants, the attacker can cause the same damage with a much smaller number of bots and evade detection. Attackers no longer require strong skills: With more sophisticated tools and automated programs for scanning and compromising computers on the Internet, an individual with malicious intent can simply download a DDoS program and then rent a botnet from which to launch it.
Purely malicious DDoS, such as the attacks back in 2000, is still a factor, but criminal activity, competitive advantage and hacktivism have propelled DDoS to prominence as a leading business security threat.
Criminals use the threat of DDoS as an extortion weapon: "You have a nice website; be a shame if something bad was to happen to it." It's a cyber variant of the familiar protection racket. Of course, the protection is from the thugs themselves. So, a business gets an email or a phone call threatening to launch a DDoS attack against the company's website if they don't pay, say, $30,000 in two days. For good measure, the attackers launch a limited attack as proof of concept.
Unscrupulous competitors are another breed of DDoS criminals. A business rival may launch a devastating DDoS attack at your sites at the worst possible time: peak shopping periods or when online gaming activity is heaviest. The aim is to frustrate customers and undermine your company's credibility, to drive people from your site to theirs.
The rise of hacktivism is a major and somewhat disturbing factor in the rising trend of DDoS attacks, because these often loosely knit groups of attackers are motivated by whatever statement, policy or activities has affronted them in some way. These attacks are disturbing because of their unpredictability and apparent cavalier disregard for the consequences of their actions.
The rise of application layer or connection-based attacks has been a major factor in the increased use and effectiveness of DDoS attacks. Unlike more familiar network flooding attacks, such as SYN Floods, application layer attacks fly under the radar, evading most detection techniques. Application layer DDoS overwhelms a web server with legitimate requests. These attacks do not generate the huge volumes of network traffic that signify network layer attacks, yet they are extremely effective at crippling the target site.
The Solution
The DDoS Defense System (DDS) is Corero's newest product family leveraging its award-winning DDoS defense technology, designed to deliver nondisruptive protection against constantly evolving threats. It will stop DDoS attacks and provides maximum protection for critical IT assets while allowing full access to legitimate users and applications.
DDS Benefits
Corero's DDS:
- Automatically detects and mitigates both traditional network layer DDoS attacks and more advanced application layer attacks.
- Protects your network, allowing legitimate communications to pass without delay even while under attack.
- Enables business continuity, allowing your customers to keep receiving quality service.
- Leverages Three Dimensional Protection (3DP) to provide network and application layer DDoS defense, protection against undesired access, and against malicious content.
- Provides lowest latency and high throughput, even while under attack, meaning no network interruption and no service degradation.
- Offers absolute reliability with purpose-built hardware featuring redundant power supply, a rating of 20 to 30 year mean time between failures, no rotating media and no chip fans.
- Advanced clustering capability and dramatically increased performance through Corero's ProtectionClusterTM, which allows scalable transparent deployment in all redundant networks, even those with asymmetric routes.
- Presents an intuitive user interface that facilitates real-time incident response
Superior Technology
Corero's DDS combats DDoS attacks ranging from traditional network floods to newer low-and-slow application-layer attacks that don't show up on bandwidth radar screens.
Based on intelligent behavioral analysis, Corero DDS uses an adaptive, patented DDoS defense algorithm to ensure business continues as usual- blocking malicious incoming requests while passing legitimate traffic to the company's protected servers. This system debits a DDS-maintained credit balance associated with each source IP address and blocks further requests from an IP address when the credits are depleted.
Building on the flexible and powerful Core Platform, Corero has developed DDoS Defense (and IPS) products around a common service suite and architecture.
The ingenuity of the Core Platform lies in an extremely powerful, yet elastic and flexible hardware appliance upon which Corero software developers have tightly integrated a highly optimized network security-specific hypervisor, which performs essential network security processing functions, including deep packet inspection and policy control. The Tilera processors provide the scope for the versatile assignment of one or multiple cores to execute specific security functions. Instead of being constrained by the hardware, the Tilera architecture enables Corero's world-class developers to rapidly create DDS solutions purely in software, delivering rich and complex functionality with high throughput and unparalleled low latency.
Unmatched Service
SecureWatch PLUS is a comprehensive suite of configuration optimization, monitoring and response services for DDoS defense, customized to meet the security policy requirements and business goals of each Corero DDoS Defense System customer who selects this premium service. With SecureWatch PLUS, customers receive expert DDoS defense services including organization-specific implementation, around-the-clock monitoring and immediate and effective response in the event of an attack.
- Dedicated technical account team works closely with the customer
- Monitoring and support of state-of-the art Corero Security Operations Center (SOC)
- Customized DDS configuration to conform to organization's policies and requirements
- Formulation of joint customer-Corero incident response plan
- Around-the-clock monitoring to deliver real-time alerting
- Immediate and continuous engagement through the duration of an attack
- Post-incident analysis and recommended follow-up action
Dedicated to making our customers' success our success, Corero offers an integrated solution of technology, services and support to protect the business in a hostile environment with minimal management overhead and minimal impact on productivity and network performance.