Revamped Threat Report Reflects Data Analysis, Formatting Improvements

Black background with pink capsules and green circle with black dot

IT and security professionals are no strangers to the importance of data. Handled effectively, data enables teams to make better-informed decisions; increase efficiencies; visualize relationships; determine the cause of problems; and establish baselines, benchmarks, and goals to ensure future success. 

Along the same vein, data also is invaluable when it comes to understanding, preparing for, and protecting against cyberattacks. With the cost of the average data breach at $4.35 million—an increase of 13 percent since 2020—it’s never been more important for organizations to have accurate data for understanding, preparing for, and protecting against the nefarious behavior of cyber attackers.

Since 2018, the NETSCOUT Threat Intelligence Report has featured data analysis on distributed denial-of-service (DDoS) attacks with the goal of empowering organizations to better understand—and protect against—attacker behavior. And because attacker behavior is constantly evolving, we constantly seek ways to improve our analysis and ensure that we’re providing readers with the best analysis of the data we have at our disposal. 

Which is why you will see a number of changes with our next Threat Intelligence Report that’s slated for release in late September. The biggest changes we’ve made are in reconstituting our entire database and restructuring our back-end data analysis to reclassify what we call an attack. 

So why did we make those changes?

Attacks Reclassified

In previous reports, the number of attacks we reported were a conservative estimate that used an old algorithm to classify “spurious” or “invalid” attacks. The result is that many records were excluded, resulting in smaller numbers of DDoS attacks being reported. To reconstruct our database, we applied new algorithms to classify partial and outlier attacks, removing past restrictions that essentially stripped those attacks from the report out of an abundance of caution.

The good news is that we’re now able to better identify attacks. One side effect, however, is that the number of DDoS attacks has increased significantly. For instance, in the 2H 2021 report, we reported 4.7 million DDoS attacks occurred in the second half of the year. With the new algorithm, the number of DDoS attacks that we observed was closer to 6 million for that time period.   

Sections Restructured

In addition to making changes needed to provide readers with the best data possible about DDoS attacks, we also have restructured the way in which the report is distributed. In the past, we’ve issued a single, comprehensive report that included data for all attacks, all areas of the world, and all trends that readers needed to know.

In speaking with stakeholders over the past year about their preferences for the report, we have decided to move away from a single report and, instead, create separate, smaller reports based on geography and trends. As such, the upcoming Threat Intelligence Report will be broken into eight separate vignette reports, including:

  • DDoS attack vectors and methodology
  • Geographic reports broken into North America, EMEA, Latin America, and Asia-Pacific
  • An examination into how sociopolitical factors are impacting attacker behavior
  • The growing problem of DDoS botnets
  • Why adaptive DDoS attacks are increasing, and how organizations can suppress them

As always, our overarching goal is to ensure that organizations understand and can protect against DDoS attacks, and we’re eager for your feedback about these changes and how we can improve upon future reports. We encourage you to look through all eight of the new sections and let us know how we’re doing and what you’d like to see in upcoming reports.

Before our new report comes out in late September, you can review the 2H 2021 DDoS Threat Intelligence Report.