Return on Prevention: The Business Value of DDoS Protection

Author: Nick Race, Australian Country Manager at Arbor Networks

DDoS attacks are continuing to evolve and the last 12 months has seen huge growth in the number and size of the attacks going on in Australia. When we couple this with businesses’ increasing reliance on Internet connectivity, for either revenue or access to cloud based data and applications; protection from the DDoS threat should be a top priority.

Looking back at 2014, attackers seem to have refocused on using large traffic floods, known as volumetric attacks, to effectively cut their targets off from the Internet. Volumetric attacks have always been the most common attack type, but in the last year the scale of the problem has changed.

How the Attack Landscape has Changed in Australia and Globally

The use of stealth methods of attack including reflection/amplification techniques to launch massive attacks has increased. The largest reported attack globally in 2014, according to Arbor Networks’ tenth annual Worldwide Infrastructure Security Report was 400Gbps. Other large reported events were 300, 200 and 170Gbps and there were several more over the 100Gbps threshold. Ten years ago, the largest attack was just eight Gbps; the problem has grown significantly for businesses.

Multi-vector and application-layer DDoS attacks are becoming very commonplace, in Arbor’s Infrastructure Security Report, 90 per cent of respondents reported application-layer attacks and 42 per cent experienced multi-vector attacks that combine volumetric, application-layer and state exhaustion techniques within a single sustained attack.

DDoS attack frequency is also on the rise. In 2013, just over a quarter of respondents indicated they had seen more than 21 attacks per month; in 2014, that percentage doubled to 42 per cent. Australia is becoming a more common target for attacks and the first quarter of 2014 saw Australia at the number three position globally as a popular target for DDoS attacks.

How does this Affect Australian Businesses?

DDoS and advanced threats are increasingly common: Nearly half of respondents saw DDoS attacks during the survey period, with almost 40 per cent of those seeing their Internet connectivity saturated.

Firewalls and IPS devices continue to be targets for attackers and over one third of organisations had Firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.

Data Centres and the Cloud are Attack Major Targets

Cloud services are a bull’s-eye for attackers, and over one quarter of respondents indicated that they had seen attacks targeting cloud services.

Security incidents are up, but Australian organisations are not fully prepared to respond: Just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year. Just under a half of respondents felt reasonably or well prepared for a security incident, with 15 per cent indicating that they having no plans or resources in place.

Data Centres are a High-Volume, High-Impact Targets

Read more: App Security- the great unspoken

Over one third of data centre operators saw DDoS attacks which exhausted their Internet bandwidth. This underscores just how critical of an issue this continues to be for data centre operators, because downtime means not just lost business, but the collateral damage extended to customers operating business critical infrastructure in the cloud.

Revenue loss due to DDoS is up sharply and 44 per cent of data centre respondents experienced revenue losses due to DDoS.

Defending Organisations from the DDoS Threat

Everything we have seen over the past year re-affirms layered DDoS protection as the best way to defend organisations from the DDoS threat. Network perimeter defences provide proactive protection from stealthy application-layer attacks (and in fact all kinds of attacks), but they need to be coupled with a cloud or service provider based DDoS protection service to deal with higher magnitude (Volumetric) attacks which simply saturate Internet connectivity.

The security teams across a broad spread of organisations are becoming increasingly aware of the need for these layered DDoS defence solutions, but they have to compete (from a budget perspective) with other business priorities. So, how does the CIO compete for this investment in the boardroom? Well, the key is to compare the financial implications of a prolonged Internet service outage with the cost of appropriate defences. Fundamentally, it’s imperative for CIOs and CISOs to be able to put a monetary value on the cost of an attack when building a case for investment into security products and processes.

The starting point is to estimate the overall impact a DDoS attack is likely to have from a revenue, operational overhead and reputational perspective. These are the elements that can influence the overall cost of a DDoS attack and vary according to the nature of the business in question. Modelling all of these costs is a good way to determine the benefits of DDoS protection, since effective DDoS security can help reduce these costs by 90 per cent or more in the event of an attack.

With DDoS attacks continuing to grow in size, frequency and complexity – and our ever-increasing reliance on the Internet for day-to-day business continuity - putting the most appropriate defences in place is key. The best solutions and services ensure your business is protected from the DDoS threat.

Join the CSO newsletter!

Error: Please check your email address.

Tags firewallsattaxksdata centrescloud securitybusinessInfrastructure Security Report400GbpsVolumetric attacksCSO Australiathreat protectionDDoS defenseDDoS ProtectionCloud

More about Arbor NetworksIPS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nick Race

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place