Best of Both Worlds: Hybrid Onsite and Cloud-based DDoS Protection

When familiarity breeds complacency, you may have a serious problem countering cyber threats.

istock 543485916 1

When familiarity breeds complacency, you may have a serious problem countering cyber threats. For example, the first denial of service (DoS) attack occurred more than four decades ago. By 1999, this mode of attack morphed into distributed denial of service (DDoS) assaults that enlisted multiple agents to deluge a target with crippling traffic. DDoS attacks and defenses are now standard elements of the cybersecurity landscape.

But don’t be lulled into the mistaken view that the threat of DDoS disruptions is yesterday’s news!

The surge of Internet of Things (IoT) devices and new related exploits makes current DDoS attacks far more powerful and destructive than their predecessors. Fortunately, hybrid DDoS defenses that leverage both on-premises and cloud-based defenses can effectively counter this old, but highly evolved, threat.

The changing nature and severity of DDoS attacks is evident in the results of a new security survey of more than 1,000 IT and business decision makers. Sponsored by Neustar, the early 2017 survey found that 84% of the respondents had experienced at least one DDoS attack in the prior 12 months, up from 73% a year earlier. Of these, 86% had experienced more than one DDoS assault – an 82% jump compared to attacks the year before.

Just as troubling: the incidence of high-bandwidth attacks is increasing. The 2016 survey found that just 8% of DDoS attacks involved traffic volumes of 50 Gbps or more. The new survey reports that high-bandwidth attacks almost doubled to 15% of all DDoS attacks.

In this new age of DDoS, many companies that rely on data center hardware for their DDoS defenses are reaching a tipping point. The growing frequency and bandwidth of DDoS attacks are overwhelming the filtering capacity of on-site defenses. New threats also put undue stress on over-extended security operations center professionals.

New hybrid DDoS solutions that rely on local security systems can provide an immediate response to run-of-the-mill attacks. If necessary, they can quickly switch over to high-capacity cloud-based DDoS mitigation services.

The Neustar SiteProtect Hybrid offering is one example of this best-of-both-worlds approach. The solution includes an on-premises DDoS mitigation appliance for rapid response. If an attack overwhelms the appliance’s capabilities, the debilitating traffic automatically fails over to Neustar’s SiteProtect, a fully managed cloud-based service. Neustar’s security team then takes responsibility for monitoring and countering the DDoS attack, freeing you to focus on other business needs.

The SiteProtect managed service is just one example of cloud-based security services, which, as a class, are becoming popular elements of cybersecurity strategies. Given the “DDoS-on-steroids” trend, you can expect cloud-based DDoS mitigation offerings to become fast-growing members of the security-as-a-service market.

Copyright © 2017 IDG Communications, Inc.