DDoS Attacks: Security Insider Interview Series: Joe Loveless, Director of Security Solutions, Neustar

Distributed Denial of Service (DDoS) attacks continue to plague any organization doing business over the Internet—meaning no one is immune.

joseph loveless showcase image 7 a 10044

Distributed Denial of Service (DDoS) attacks continue to plague any organization doing business over the Internet—meaning no one is immune. Neustar’s Director of Security Solutions Joe Loveless explains how these pernicious attacks have evolved and what organizations need to do to protect themselves.

How have DDoS attacks evolved? Has the quantity increased, has the nature of the attacks changed, have the targets changed?

DDoS attacks used to be just a disruption or nuisance. Now they’re used in concert with other types of attacks, often malware or ransomware. A targeted DDoS attack can distract IT staff or confuse defenses while executing malware. And organizations that don’t think they’re vulnerable or worthy of attack are being used as testing grounds. When attackers have big game in mind, they will rehearse. What better place to do that than unsuspecting targets? If you’re on-line, you’re susceptible. Whether or not you’re vulnerable; that’s in your hands.

What should an enterprise do to protect itself from DDoS attacks?

They need to recognize how they appear as a target. They need an assessment of what needs to be protected and at what level. They need to establish a risk profile. Start with human element, which is often ignored. It’s easy to say there is a need for protection and then just buy a box to check the box. It’s also easy to take the low-cost road that carries high risk due to insufficient (or incomplete but available for additional purchase) capabilities. This is not the effective way to mitigating the DDoS threat problem. That starts with an honest assessment of vulnerabilities, an honest assessment of the risk profile, then align the right defenses so the organization is properly protected.

Is a cloud-based DDoS defense the best choice?

Given the expense and limitations of DDoS hardware, cloud is more effective and can be less expensive – especially given the additional costs that can occur from a devastating attack. Also, hardware can only mitigate so much. The cloud can scale to meet requirements—toward the end of last year, we saw attacks that breached the one terabits-per-second mark. So, the cloud is where organizations are going because even the most advanced and largest capacity hardware can be easily overwhelmed by modern sized attacks.

What type of security set-up would provide the greatest extent of protection from DDoS attacks?

It is different for every organization. These decisions are not only expenditures, they’re investments. The disruption [of an attack] is an expense. It’s one thing to have revenue disrupted; there’s also cost of customer service, marketing campaigns that didn’t launch, damage to reputation, and litigious exposure—you may have violated SLA agreements. Organizations need to think of being always on, because attackers are stepping up their game. They need the right level of protection for their business that’s rooted in the right risk profile; and communicate that across the entire organization.

How do web application firewalls fit into a DDoS protection scheme?

These have become increasingly important. Investments in WAF nearly quadrupled, and there’s reason for that. Web applications are the most targeted elements in today’s enterprise. As cloud technologies and third party service providers are incorporated into business infrastructures, moving and transforming means getting into the web app layer. That interchange and dependencies between applications has obviously attracted attackers. So now organizations have to secure those apps that far too often have many inherent vulnerabilities. Successful attacks can be extremely disruptive and cripple an organization or make them blind while other attacks are happening.

How do you expect DDoS attacks to evolve and adapt?

We continue to see DDoS attacks used in combination with other types of attacks, and those attacks are targeted. Organizations need to do quality assessments because the attackers aren’t just putting down DDoS attacks; they’re keeping them as an active tool as part of combined assaults. DDoS attacks are using more advanced tactics, so organizations are taking a more aggressive stance. You’re susceptible. Whether or not you’re vulnerable is up to you. You need to have the right approach to make the right assessment to put up the right defense.


Copyright © 2017 IDG Communications, Inc.