DDoS protection, mitigation and defense: 8 essential tips

Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. According to Verizon's latest DDoS trends report, the first half of 2018 saw an increase of 111 percent in attack peak sizes, compared to last year.  "The attackers are getting their hands on more and more machines that they can misuse for DDoS attacks," says Candid Wueest, threat researcher with Symantec Security Response at Symantec.

Even with recent high-profile takedowns of international botnet operators, there might be a slight decrease of activity for a couple of months before other botnets take over. "At Symantec, we collaborate with law enforcement and help them take down botnets," he says. "Unfortunately, it's not really feasible to get rid of all of them, with the new Internet of Things -- routers, CCTV cameras, all those devices. Most people don't even know if their IoT devices are being used for attacks."

In February, a 1.35-terabit-per-second attack hit GitHub, the largest ever recorded. Within ten minutes its DDoS mitigation vendor, Akamai Prolexic, was on the job. Eight minutes later, attackers gave up. The record was broken the next month, with a 1.7-Tbps attack reported by Netscout Arbor against a U.S. company, but there were no outages reported because of the mitigation defenses that were in place. These kinds of attacks are too big for any company to deal with on its own, Wueest says.

Attacks are getting more sophisticated, according to Verizon, with 52 percent of attacks now employing multiple attack vectors. "They might start with one attack method, and then when you mitigate against it, switch to another one," says Wueest. "They can do that several times, because there are so many different attack methods they can use."

As soon as someone comes up with a new attack method, criminals immediately look for ways to monetize it, or include it in their botnet kits. "The DDoS market works similar to the other criminal markets we see," says Chet Wisniewski, principal research scientist at Sophos Ltd. "No bad idea gets unrewarded."

With that in mind we’ve assembled some essential advice for protecting against DDoS attacks.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.