The Increasing Need for Orchestrated Mitigation of Complex DDoS Attacks
For ISPs and communications service providers (CSP), network connectivity is about more than performance—it’s the business. And in a world that relies more and more on digital communications, that business is nothing short of vital. From online banking and eCommerce to telehealth, work, and just plain old keeping in touch with family, our lives are lived online, making DDoS attacks a huge threat to customer satisfaction.
Unfortunately, that threat is growing worse, as adversaries sharpen their focus on service availability. Consider the following, from NETSCOUT’s 1H 2020 Threat Intelligence Report:
- There were more than 4.8 million DDoS attacks in the first 6 months of 2020, a 15 increase from the same period in 2019.
- Current projections forecast more than 10 million DDoS attacks in 2020, the most ever seen in a single year.
- The average duration of DDoS attack is down 51 percent from the same period the prior year, shortening the window for mitigation response.
- The number of attack vectors used during a single attack has increased dramatically. Since 2017, we have seen a 2,815 percent increase in DDoS attacks using 15 or more attack vectors. Meanwhile, single-vector attacks dropped 43 percent in the first half of 2020.
All of this equates to increased complexity for DDoS attack mitigation for communication service providers, driving increase risk in the following areas:
- Service downtime
- Customer churn
- Increased transit costs
- Increased mitigation costs
Building a Modern Mitigation Strategy
Protecting services and customers from the quick-hitting but complex multivector DDoS attacks of today’s threat landscape require a strategy built to match these challenges. We recommend that CSPS and ISPs use automated attack detection and intelligent orchestration of multiple methods of mitigation, including their own network infrastructure, dedicated DDoS mitigation products, and even upstream peers. By implementing such an orchestrated mitigation strategy, companies can strategically assign different methods of mitigation to different attack vectors. For example, let’s say a network operator faced a multivector DDoS attack that consisted of the following:
- NTP, CLDAP, and Chargen reflection and amplification attacks
- HTTP Get and TCP SYN flood attacks targeting a specific application server
An intelligently orchestrated mitigation strategy could deploy multiple methods to optimize protection. For example:
- Configure Flowspec rules on the ingress network edges to stop the NTP, CLDAP, and Chargen reflection and amplification attacks.
- Redirect the more sophisticated HTTP Get and TCP SYN flood attack traffic to intelligent, dedicated DDoS mitigation devices.
- If possible, collaborate with an upstream peer to mitigate these attacks using the same or different methods.
Smart DDoS: Intelligent Orchestration of Mitigation
Sentinel orchestrates multiple methods of mitigation
It’s clear that the first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks—a trend that will likely continue. This means that ISPs and CSPs must pivot in response. No matter the target, adversary, or tactic used, it remains imperative that defenders and security professionals remain vigilant to protect the critical infrastructure that connects and enables the modern world.
Listen to this webinar as we discuss the dramatic rise in DDoS attacks during the first half of 2020 that directly impacted communication service providers around the globe and how NETSCOUT’s Arbor smart DDoS protection can automatically detect and intelligently orchestrate multiple mitigation methods.