How DDoS attacks have evolved
As with most IT security threats, distributed denial of service attacks have evolved over time. Simple attacks at the network level designed to exhaust target bandwidth capacity have been complemented with more complex and subtle attacks that can bring down websites but leave the network standing, often without triggering DDoS mitigation. It’s fair to say that DDoS mitigation techniques have also evolved. Threat Intelligence services have become more widely available allowing DDoS mitigation platforms to identify and block traffic from malicious sources in real time alongside traditional IP location blocking.
What ISPs are offering
ISP’s are increasingly offering DDoS mitigation as a service but is this all you need to keep your network safe from the DDoS menace? I’m sure by now that you will have guessed the answer is no. Security evolution shows that a “defence in depth” approach is required for most situations. If multiple service providers are used for connection resilience, DDoS mitigation services will need to be procured from all providers to ensure protection, assuming all the ISP’s involved actually offer a DDoS mitigation service!
Furthermore, if traffic enters the network through one ISP and leaves through another, an ISP mitigation platform will only see half of the conversation which could lead to over-mitigation and false positives. It can often take up to 15 minutes for an ISP to become aware of, and then react to, a DDoS attack. Burst attacks are often timed to run for shorter periods to defeat this type of mitigation.
The devil is in the detail
ISP’s are just that – Internet Service Providers, not application specialists. They only see the protocols in use and not the fine details. As a consequence, they cannot profile your specific application that other security tools like Web Application Firewalls can mitigate appropriately, potentially leading to legitimate users being blocked.
It’s hard to imagine a scenario where a property would have a gate across the driveway but no locks on the doors or alarm systems in place. The same is true for ISP DDoS mitigation. It can be an important component of an organisation’s defensive toolkit but needs to work in parallel with other security elements to provide complete protection because it has limits.
Find out how we can help you with DDoS Mitigation and DDoS Testing, Contact Us or give us a call on 0845 625 9025.