Gigabit-level security vs. terabit-level attacks: How can enterprises defend their IT systems?

Radical cyberattacks are mounting as attackers continually harness sophisticated technologies within their Tactics, Techniques, and Procedures (TTPs) against enterprises. Earlier this year, Arbor Networks reported a 1.7 Tbps attack – the biggest Distributed Denial of Service (DDoS) attack that has ever been recorded. In comparison, the average attack bandwidth is estimated to be 11.2 Gbps, according to the Q1 2018 DDoS trend report by Verizon, or 150 times less than the aforementioned Arbor Networks attack.

As enterprises continue to build their cybersecurity framework with gigabit-level security, terabit-level attacks are gradually becoming a norm within the industry. In 2016, a similar attack on DNS provider ‘Dyn’, estimated to have transferred malicious traffic at a bandwidth of 1.2 Tbps, caused service outages of several internet giants including Twitter, Electronic Arts, PlayStation Network, Spotify, and Netflix alongside others.

How then can enterprises defend their IT systems from growing attacks of such magnitude?

Understanding the associated cost: What are the short-term and long-term effects of cyberattacks on a business?

Every DDoS attack is orchestrated for a different reason – this ranges from business vendetta, hacktivism, vengeance, to extortion – and the same goes for the TTPs used by cyberattackers. However, the end-result is usually the same: service outages, negative impact on revenues due to downtime, and customer attrition. According to research conducted by Neustar on 1,010 enterprises last year, businesses incur an average of USD 2.5 million as financial costs, following DDoS attacks. The research also revealed that loss of revenue for about two-third of overall businesses (63 percent) reached as much as USD 100,000 per hour at peak hours. Besides DDoS attacks, web application attackscan be launched to achieve broader network penetration goals - Application Layer Attacks, for example, are known to compromise services and steal sensitive data through the backend.

This is just the tip of the iceberg; businesses often experience greater losses in the long run. According to Limelight Networks’ recent State of Cybersecurity report, 72 percent people develop a negative opinion about a platform that has experienced a cyberattack, and almost 40 percent will not continue to make online transactions on a website that has been previously hacked.

Ensuring effective security: How to prevent your digital services from being compromised?

Though these terabit-level attacks disrupted the services of several technological giants, they were successfully mitigated. This is where Content Delivery Networks (CDNs) come into the picture, proving themselves to be worth their weight in gold.

Today, CDNs not only provide traditional content hosting services via their globally distributed network of data centres and proxy servers, but also offer a comprehensive suite of services that incudes cloud security. Their enormous bandwidth is easily able to manage the incoming traffic experienced during a cyberattack, preventing disruption of the business’ services. Some CDNs have even developed advanced control systems and tools to prevent these attacks from scaling at the most initial level. They protect the in-transit data from man-in-the-middle attacks by using Secure Sockets Layer (SSL) footprints, Internet Protocol (IP) blacklisting for screening compromised devices, and web application firewalling to prevent Application Layer Attacks. They, moreover, integrate dedicated DDoS attack interceptors and provide tokenization-based access to prevent malicious traffic from consuming network bandwidth.

Significant benefits that some CDNs offer to enterprises include on-network regional scrubbing centers with huge capacities in the multi-Tbps range, eliminating having to send DDoS attack traffic off network for scrubbing, and back to the CDN, and restricting the number of server requests per second via a single IP and collation of real-time data of an ongoing attack and to compare it with historic outbreaks. Additionally, they divert all of the incoming traffic to their distributed Points of Presence (PoPs) and keep the traffic flow of the platform intact.

These are some of the ways by which CDNs are helping to enforce more robust cybersecurity frameworks for businesses under the dynamically evolving threat landscape, all while providing them better capacity, coverage, and performance to deliver content globally. Since terabit-level attacks are coming to the forefront and are now more prominently ingrained within the IT paradigm, this development is effectively helping protect businesses from increasingly complex DDoS attacks.

Jaheer Abbas
Senior Regional Director - SEA & India, Limelight Network