Written by Darren Anstee, Solutions Architect Team Manager at Arbor Networks
The data center has evolved from what was once primarily a provider of enterprise back-office support services to the public-facing Internet data center (IDC) of today. The IDC provides real-time, business-critical functions such as sales, communications, customer support and so on. And now, a growing threat to IDC availability is distributed denial of service (DDoS).
DDoS attacks are continuing to evolve and the last 12 months have seen huge growth in the number and size of attacks. When coupled with businesses’ increasing reliance on Internet connectivity, for either revenue or access to cloud based data and applications, protection from the DDoS threat should be a top priority.
Looking at the last year, attackers seem to have refocused on using large traffic floods, known as volumetric attacks, to effectively cut their targets off from the Internet. Volumetric attacks have always been the most common attack type, but in the last year the scale of the problem has changed. 2013 saw the number of attacks over 20Gb/sec grow over eight times, based on data from Arbor Networks’ ATLAS monitoring system which receives hourly DDoS statistics from 290+ service providers around the world. And just the first quarter of 2014 saw one and half times 2013’s annual total.
Everything the industry has seen over the past year re-affirms layered DDoS protection as the best way to defend organizations from the DDoS threat. Network perimeter defenses provide proactive protection from stealthy application-layer attacks, but they need to be coupled with a cloud or service provider based DDoS protection service to deal with higher magnitude volumetric attacks which simply saturate Internet connectivity.
The security teams across a broad spread of organizations are becoming increasingly aware of the need for these layered DDoS defense solutions. But they have to compete, from a budget perspective, with other business priorities. So, how does the CIO secure for these investments in the boardroom?
The key is to compare the financial implications of a prolonged Internet service outage to the cost of appropriate defenses. Fundamentally, it is imperative for CIOs and CISOs to be able to put a monetary value on the cost of an attack when building a case for investment into security products and processes. The starting point is to estimate the overall impact a DDoS attack is likely to have from a revenue, operational overhead and reputational perspective.
The specifics of how outages result in financial losses vary with the type of business. Businesses that are transactional in nature, such as ecommerce, suffer loss due to lost sales that are not made up later and lost future business as customers go to alternative suppliers on an ongoing basis. Other service or utility based businesses such as hosting services for Web, email or communications could incur financial losses as a result of having to issue customer credits, non-renewal and early termination of contracts and lost future business. Finally, enterprises with data centers supporting business-critical functions experience financial losses on account of lost productivity, lost sales and recovery costs.
Though the elements which can influence the overall cost of a DDoS attack vary according to the nature of the business in question a generic approach to calculating cost regardless of business type can be based on the annual company revenue and the percent dependence of the business on the maintaining internet-based services.
This cost can then be compared to the alternative of investing in a high quality DDoS defense system, which can be expected to eliminate the extraordinary expenses of dealing with DDoS attacks through traditional methods such as black holing customer traffic or removing domains. The cost of an effective DDoS protection system is generally a function of mitigation capacity- that is, how much attack traffic the device can handle. Choice of the DDoS protection solution also matters. To realize the projected benefits of deploying a DDoS defense solution, due diligence is needed on the part of the technical staff when selecting a solution.
Finally, CIOs and CISOs must take into account the risk factor. The cost of not being able to effectively address DDoS attacks rises very steeply as frequency goes up. Thus, the cost exposure of underestimating attack frequency is very high. In contrast, if the actual frequency is less than expected, the cost exposure of having over-invested in DDoS protection is gradual, bounded by the amount invested and further offset by the benefits of being able to mitigate shorter, non-critical attacks. Thus, DDoS protection replaces a highly uncertain and steep cost curve with a flat, predictable and relatively low cost curve. This is clearly a more desirable operating model for businesses.
Modeling all of these costs is a good way to determine the benefits of DDoS protection, since effective DDoS security can help reduce these expenses by 90% or more in the event of an attack. This can then help present a strong case for investing in sound DDoS protection.
With DDoS attacks continuing to grow in size, frequency and complexity, and with businesses becoming increasingly reliant on the Internet for day-to-day business continuity, putting the most appropriate defenses in place is key. The best solutions and services ensure business is protected from the DDoS threat, keeping them up and running, and most importantly, profitable!
About the Author
Darren Anstee is the Solutions Architect Global Team Manager for Arbor Networks. Darren has over 19 years of experience in the pre-sales, consultancy and support aspects of telecom and security solutions. Currently in his tenth year at Arbor, Darren is involved in both research and operational activities at Arbor in relation to their network threat detection, mitigation and traffic visibility solutions. Prior to joining Arbor, Darren spent eight years working in both pre- and post-sales for core routing and switching product vendors.