Protection at the Perimeter
DDoS attacks have expanded in scope and impact. While the more traditional flood-based attacks are still used to deny access, the attack method has shifted from TCP- and UDP-based flooding to HTTP- and HTTPS-based attacks which exploit vulnerabilities. If left to your perimeter devices, they may go unnoticed or completely unprotected.
Firewalls, like most perimeter solutions provide stateful inspection and dynamic traffic filtering of network connections. DDoS attacks can consume the connection state tables in your firewalls, causing them to be bypassed. This maneuver causes your stateful devices to offer no protection from DDoS attacks.
Attackers understand that state tables can be quickly overwhelmed. That’s why these traditional perimeter security devices are often the first targets of a DDoS attack.
Protection from Advanced Threats
More than half of the time a DDoS attack is experienced, more nefarious activities are taking place. One of the more common use cases for a DDoS attack is to act as a smoke screen. By diverting your attention away from network monitoring, hackers can search for alternative ways into your environment or extract data from malware already installed in your network.
While a hacker will exploit any weakness you have for a quick win, most attacks are sophisticated, strategic and patient. You cannot ignore even the most minor threat to your network as it may be part of a larger orchestrated attack.
Work Smarter, Not Harder: Incorporating Threat Intelligence into Security Architecture
IDC Technology Spotlight focused on DDoS protection at the edge.