The last couple of years have seen rapid and complex developments in the cyber threat landscape. A significant portion of cyber attacks are now being made up of brute-force, volumetric distributed denial of service (DDoS) attacks, which look to disrupt on-line presence and conceal malicious activity, often with the aim of stealing data. What’s worrying is the fact companies are only now starting to realise their defences might not be ready for these types of attacks.
Adding to this concern is the fact that attackers are becoming increasingly adept at combining tools to their best effect and targeting all sorts of organisations. It’s not solely large companies that are being hit. Businesses large and small, across all industry sectors, public and private, even charities, are being targeted, for a variety of reasons. The rise of ideological hacktivism, the use of DDoS attacks to distract or disguise from other kinds of cyber-crime and the use of DDoS as a “competitive weapon’” in some industry sectors are just some of the key motivations behind those attacks, as shown in Arbor’s 11th annual Worldwide Infrastructure Security Report.
As a consequence there has been a clear increase in the level of interest from businesses in solutions and services to help protect themselves. Executives within a wide variety of businesses are now aware of the severe consequences of a successful DDoS attack – both in terms of financial and reputational damage – and businesses are starting to realise the fact that a one-size-fits-all approach to security is unlikely to be successful in the long term.
Specific threats require, in a lot of cases, specific solutions and DDoS is a good example. On-premise firewalls and intrusion detection system (IDS) products can deal with small, more simple attacks – but they can’t stop the more sophisticated application layer attacks that have become more prevalent over the past five years. As such, firewalls or cloud-only mitigation solutions are no longer comprehensive enough to protect the network. Firewalls can’t deal with volumetric attacks, which saturate Internet connectivity, while cloud-based solutions may not proactively detect more stealthy attacks and take several minutes to activate, by which time significant damage has already been done.
Clearly then, organisational defences, from all kinds of threats, need to be multi-layered. To successfully deal with DDoS attacks, businesses need specialised defences at the network perimeters to proactively protect their networks from attacks and at the same time, cloud-based DDoS protection that can be called upon when an attack saturates the connectivity.
This layered approach is also needed when organisations try and protect themselves from compromise via malware or insider misuse. Organisations can have firewalls, IDS and antivirus systems in place but these aren’t always enough. With modern network and service architectures and the increasing prevalence of obfuscation techniques available to malware, businesses now need to monitor “inside” their network perimeters, as well as “at” the perimeter, to detect suspicious and malicious activities or compromised devices on their networks.
When thinking about enterprise security, it’s important to remember that additional layers of security need not be more complex to operate or deploy. If the right solutions are selected, with the right workflows, then organisations can actually help their operational security teams to become more efficient and effective. This helps IT pros to protect the organisation against the growing number of cyber threats out there. Thinking proactively about security and combining different layers of defences will ultimately help companies keep the front foot in the cyber war over customer data.
* Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks