As we look back over 2016, one of the most obvious stories will be the dramatic rise in the weaponization and size of DDoS attacks. At the beginning of 2016 we noted the largest attack being approximately 500Gbps. In the later months of 2016, we saw the monetization of multiple IoT-based botnet DDoS attacks that were close to breaking the 1 Tbps mark.
As a marketing person, these eye popping numbers are great for collateral. However…the reality is, that the vast majority of DDoS attacks are much, much, smaller in size. For example, according to our 2016 ATLAS statistics 80% of all DDoS attacks are less than 1 Gbps. Odd as it may seem, this reminds me of the saying “You don’t need to be faster than the bear… just faster than your friend.”
So what does this have to do with the size of DDoS attacks?
When it comes to volumetric DDoS attacks; the DDoS attack doesn’t have to be massive to impact you. It only has to be as large as your network pipe.
As stated before, the vast majority of DDoS attacks are under 1 Gbps. In my experience most organizations (obviously not including service providers) have internet facing circuits that are less than 1 Gbps. Which means that they are very vulnerable to DDoS attacks.
Here’s another stat. According to Arbor’s 12th Annual Worldwide Infrastructure Security Report (WISR), 41% Enterprise and Gov’t institutions and 60% of data center operators reported DDoS attacks exceeding their total internet bandwidth.
In these scenarios, it’s an undisputable fact that the only way to protect your organization from volumetric attacks – large enough to saturate your network pipes – is to reach upstream to your ISP or a MSSP (such as Arbor Cloud) for in-cloud DDoS protection.
And since DDoS attacks can occur without warning, automation is a key factor in defense. In fact, according to our 2017 ATLAS statistics, 90% of attacks last less than 1 hour. The faster you can detect and mitigate the less impact these attacks will have on your organization. Arbor’s on premise products such as Arbor APS or Arbor Cloud Flow Based detection, are designed to automatically detect and “cloud signal” to the Arbor Cloud for mitigation of volumetric attacks.
So just as you only need to be faster than your friend when being attacked by a bear, a DDoS attack only needs to be as large as your internet pipe to potentially be impactful. Always on-detection and automated mitigation in the cloud are the best practices to minimize the impact of a majority of DDoS attacks.
To get a rare view into the most critical security challenges facing today’s network operator, download the full 2017 WISR.