Pharmaceutical Organization Endures Business Losses Due to Lack of DDoS Protection
Organization believed they were not a target of DDoS attacks because they did not transact business through an E-Commerce site and had not been attacked to their knowledge to date.
Through data analysis provided by NETSCOUT® solutions the NETSCOUT Team showed the organization the potential risks of nor having DDoS protection in place and the potential value in using a hybrid solution to gain comprehensive DDoS protection.
A variety of DDoS attacks and indicators of compromise were identified, mitigated, and blocked due to the implementation of AED and Arbor Cloud®.
A US based pharmaceutical company that manufactures prescription pharmaceuticals for a range of therapeutic areas including cancer, HIV/AIDS, cardiovascular disease, diabetes and arthritis was looking for a DDoS Protection Solution. Fortunately, they were already a customer of NETSCOUT for Service Assurance and had a trusted relationship with us and one of our partners.
The organization did not have any DDoS protection going into this year and did not believe they had been attacked that frequently. That said, they were hearing about an increase in DDoS attacks targeting peers within their industry. They were also aware that overall DDoS attacks increased 15% this past year and that the volume and size of DDoS attacks increased during the last six months of 2020. However, they didn’t feel they needed DDoS protection as a pharmaceutical company because they weren’t transacting business on a commercial web site, and they had yet to experience any DDoS extortion attempts against them.
In due time, our shared partner made us aware of a small attack that had occurred against one of their data centers. The NETSCOUT Team requested attack data from our ASERT Team to identify the who, what, where, and when of the attack and correlated that data with additional data from the customers ISNG probes to provide a clear picture of the types of attacks that were currently hitting their systems. This analysis helped the NETSCOUT Team display the potential risk to the customer and the value of having some DDoS protection. They also delivered the message that DDoS protection is not just about protecting an E Commerce site but also protecting infrastructure so that the applications and services that use the internet continue to run and be available so their employees who use those applications continue to be productive for the business.
Due to the analysis provided by the NETSCOUT Team the organization was convinced that a cloud solution would protect what they believed needed protection.
Because of the trusted relationship with the customer and the partner the NETSCOUT Team was allowed to do further deep analysis into other areas where attacks to the availability of services could cause issues soon. Because of the ISNG data the NETSCOUT Team were already aware of the companies’ network traffic and their traffic patterns and which applications could be vulnerable to an attack. The NETSCOUT Team went site by site in conjunction with the organizations and partners engineering teams to map out the applications that were vulnerable to an internet outage and made recommendations for protection up to management. This further analysis showed that specific types of attacks can slip by a cloud solution and take out a variety of critical services. Some of the attacks that were of concern were application layer attacks that do not trigger volumetric countermeasures or, attacks that can be embedded in encrypted traffic that require decryption to be identified, typically not something cloud solutions provide. More importantly, the team showed management potential Indicators of Compromise (IoCs) within their system that could be communicating with malicious Command and Control Servers out on the internet in preparation for a larger DDoS internal attack or some variety of a Ransomware threat. The identification of these attacks again demonstrated potential risk to the customers networks. The in-depth analysis showed the value to the customer of adopting a hybrid approach to DDoS protection where a cloud solution like Arbor Cloud combined with an on-premise solution like AED is a synergetic relationship that can augment both solutions mitigation capabilities to ensure comprehensive DDoS attack protection with the added capability of blocking outbound threats.
By proactively employing information readily available through NETSCOUT solutions, the NETSCOUT Team was able to show the customer and partner the potential risks of not having some level of DDoS protection in place. The team was also able to educate the customer and partner on the pros, cons and value of each mitigation strategy so they could make a decision that would provide them comprehensive DDoS protection.