1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

6/5/2017

0 Comments

5 Things to Consider in Choosing the Right DDoS Protection Service

 
DDoS protection

Choosing the Right DDoS Protection Service

Distributed denial of service (DDoS) attack is rising in scale as well as in sophistication, emerging as one of the top tools used by cybercriminals. Is your business protected from DDoS attacks?

What is a Distributed Denial of Service (DDoS) Attack

​A DDoS attack is an attempt to overwhelm an online service with too much data or damage it in some other way for the purpose of preventing legitimate users’ access. Public and private sectors alike are targets of DDoS attacks.
 
On May 8, 2017, the U.S. Federal Communications Commission (FCC) became a victim of this attack. “These (multiple DDoS attacks) were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” FCC said in a statement. “These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”
 
The 11th Annual Worldwide Infrastructure Security Report of Arbor Networks revealed that from July 2014 to June 2015, an individual or organization calling itself “DD4BC”, which stands for DDoS for Bitcoin, had been bombarding financial institutions like banks, payment acquirers and trading platforms across the United States, Europe, Asia, Australia and New Zealand with DDoS attacks for its extortion attempts.
 
According to Arbor Networks, DD4BC’s victims typically experience an outage on their website. After the initial attack, the attackers then issue an initial extortion email to the victims. If the target doesn’t pay the ransom, a larger DDoS attack causing serious outage is deployed by the attackers.
 
One of the ways that cybercriminals launch their DDoS attack is by using CCTV devices as the source of their attack botnet. In one DDoS attack, Sucuri found that the IP addresses generating the DDoS attack came from compromised or hacked CCTV devices from 105 countries around the world.
 
The top 10 countries targeted by DDoS attackers in 2016, according to Arbor Networks, are the United States (32.2%), China (10.5%), France (6.4%), South Korea (6.3%), Switzerland (4.9%), Great Britain (4.2%), Canada (4%), Germany (3.9%), Malaysia (3.7%) and Australia (2.8%). 

Types of DDoS Attacks

While there are thousands of different ways that cybercriminals carry out DDoS attacks, these attacks fall into three broad categories:
 
1) Volumetric Attack
This is an attempt to consume the bandwidth of a website.
 
2) TCP State-Exhaustion Attack
This is an attempt to consume the connection of infrastructure components such as server, load-balancer and firewall.
 
3) Application Layer Attack
This is an attempt to target the weaknesses of an application with the purpose of exhausting the processes and transactions.
 
Some attackers are combining volumetric, TCP state-exhaustion and application layer attacks into a single, yet sustained attack. Cybercriminals likewise launch DDoS attacks to distract security teams and at the same time introducing a malware into the computer system with the purpose of stealing critical customer or financial information.

5 Things to Consider in Choosing the Right DDoS Protection Service

​According to Frost & Sullivan, because of the growing scale and sophistication of DDoS attacks, the use of a DDoS protection service has gained traction among businesses of all sizes. Frost & Sullivan finds that the Global DDoS mitigation market’s earned revenue in 2013 was $354 million and is estimated to reach $929.5 million by 2018.
 
Given that DDoS attacks have potentially devastating consequences on your business, it’s critical to choose the right DDoS protection service. Here are the  top 5 things to consider in choosing the right DDoS protection service:

1. Capacity to Stop Varied Attack Sizes

​The size of DDoS attacks continues to increase. Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report showed that the largest DDoS attack reported in 2016 was 800 gigabits per second (Gbps), a 60% increase over 2015’s largest attack of 500 Gbps.
 
In choosing a DDoS protection service, find out if it can mitigate or stop large DDoS attacks. In particular, your DDoS protection service should be able to provide protection in the Cloud to stop high-volume attacks, which are exceeding 800 Gbps. Your company’s DDoS protection service should also be able to detect small but continuous attacks as these too can have devastating effects on your business.  

2. Far-reaching DDoS Protection

​In choosing a DDoS protection service, it’s important that such service will be able to protect your business, not just from one type of DDoS attack but from different types of DDoS attacks.

​It’s critical that your DDoS protection service should be able to provide on-premise protection against sneaky application layer attacks, and attacks against existing infrastructure devices like firewall. It should also be able to stop attackers from injecting malwares into your computer system.

3. Non-disruption of Business Operation

​Businesses today rely on the internet and web-based applications and services in the same way as they rely on electricity. Organizations rely on them to manage daily operations and for customer relationship management.
 
Customers have no patience with websites that are down or slow, or web-applications that are unavailable. The effects of the breakdown of your business’ online services are immediate: angry customers, brand damage and loss of revenue.
 
“With the importance of internet access and web services in businesses increasing, high volume network-based attacks, combined with application-layer attacks, represent an effective threat against any online business,” said Frost & Sullivan Network Security Senior Industry Analyst Chris Rodriguez.
 
In choosing a DDoS protection service, it’s important that your company’s usual business operation shouldn’t be disrupted by DDoS attempts.

4. 24/7 Managed Security Service

​In choosing a DDoS protection service, it’s important as well that your company can contact the protection team at any time of the day as attacks don’t have regard to business hours. Always ask for automated DDoS protection based on clearly defined service levels.

5. Affordable Protection

​Hiring a DDoS protection experts saves money. Your company doesn’t need to invest in expensive hardware, software solutions and technical resources for this security measure. Some DDoS protection services, however, are asking for exorbitant fees. Look for a firm that offers not only quality service, but at the same time offers a reasonable price.
Call us today to learn more about truly affordable, Guaranteed DDoS protection.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit