We spoke to Jag Bains, CTO of DOSarrest, about how you can protect your business or enterprise against the growing threat of distributed denial of service (DDoS) attacks. Here's what he had to say.
DDoS is still the easiest way to cause havoc and attack an organisation. Nowadays you can go and rent a botnet for a hundred bucks an hour or even less. It's still effective, and it's far easier than learning the skills necessary to pull off a data theft or something similar.
If I'm an organisation, I'd be thinking about how to come up with a layered approach. You have to understand that each security issue needs its own special playbook or plan. DDoS needs to be handled in a different way from data theft, which in turn needs to be handled differently from malware detection.
A lot of the time these guys, the CISOs and strategic decision makers, will say "give me one box that binds them all," but that's a losing strategy.
Nowadays, I'm noticing that end customers are starting to get smarter. They're starting to come up with differentiated plans for security, and all you need to do is get prepared.
Identify your critical services
First of all, identify what needs to be open. Volumetric attacks are really simple to handle, but can be highly effective if you leave everything open. If you've got a hosted IT solution, can you ask your host provider, and say "if I only need port 80, port 43, maybe email – can you block everything else?" That's a great start.
Make sure to identify your critical services. Then make a gameplan. Who could help out if this thing goes wrong? We're biased toward cloud protection services, so we'd recommend that, but some guys would recommend a hardware solution.
Investigate your network
Also take a look at the standard practices of the overarching network. What are they capable of? Don't just look at your web server on its own, look at the environment around it.
That's a good start. And after that it turns into a flowchart – you have conditions and effects. There's certainly no "God box" as some companies would have believe.
Do a cost-benefit
Do a cost-benefit. A lot of people may not realise the danger. They figure "well I'm not losing revenue, it's not an e-transaction site," so it doesn't matter – but can you afford to lose ranking of your website in terms of SEO? Because you will be punished if your site goes down. Google comes by, and even if you're page one today, you might be page three tomorrow. You have to work out what the cost-benefit is of not getting DDoS protection.
The amount of chattiness can also be a problem. Let's say you install a firewall: so if your CISO says "I'm going to spend $50,000 dollars on this Juniper SRX, it's going to save everything." But how do you know it's working?
The amount of data that gets sent through, you need a subject expert to parse that and sift through that. After a while, it just becomes a busy box. It becomes a full time job just managing that box. Can you afford to do that as an organisation?
Jag Bains is chief technology officer (CTO) of DOSarrest, specialists in DDoS attack protection and defence.