With businesses relying so heavily on an internet presence, it’s incredibly crucial to ensure you have the proper DDoS protection from any forms of attack. Distributed Denial of Service (DDoS) invasions are some of the simplest forms of virtual attacks to carry out with an ever growing number of easily accessible tools, but can also bring the biggest threat. DDoS attacks can be carried out by simple web services, yet are capable of bringing down even the most stable servers. Designed to overwhelm services with requests, these attacks prevent public access and halt any potential operations or sales.

Many businesses, especially smaller in size, are unable to establish independent protection against these types of attacks, or obtain DDoS Secure servers. However, as the threat of attack rises, so does the availability of outside help. In their annual worldwide Infrastructure Security Report, Arbor Networks recognized a significant demand from customers for DDoS detection and protection, up to 74% from the previous year’s minuscule 4%.

What exactly are DDoS attacks and how do you protect your business from falling victim to ruthless invasions?

Methods of DDos Attack

Seemingly simple in theory, DDoS attacks can utilize different methods of flooding your servers making it more difficult to determine the source and method of invasion.

  • Volumetric Attacks – Consuming all of your bandwidth is an easy way to shut down services. Send a massive number of requests at the same time, and even the most stable web servers can be taken down. Generally done through a “botnet” – a collection of thousands of malware infested computer’s from around the world controlled by one single hacker. When all of these machines are directed to access one single website, the sheer volume of traffic overloads the sever causing crashes and taking your pages down.
  • Application Layer Attacks – There are seven vertical layers that make up the internet, with each utilizing different protocols to send information. This is known as the Open Systems Interconnection model, and is a representation of how networks operate. The final and seventh layer of this model is known as the Application Layer. The Seventh layer is the one most are familiar with, and processes HTTP and SMTP communications from basic web browsing and email services. DDoS attacks on the application layer mask malicious activities as real human behavior in efforts to overwhelm and consume all resources at this level. Because they attempt to mimic real activity these attacks are much more difficult to identify.
  • Protocol Attacks – Instead of shutting down services through sheer numbers, protocol attacks focus on clogging up resources by sending ping requests from fake IP addresses. These attacks send requests to your server with these false addresses, and when your server tries to respond they sitting waiting endlessly hoping to hear back, or are returned with unnecessarily large requests. This clogs up resources from executing and completing other requests and services.

Why do you need DDoS protection?

In their security report, Arbor Networks determined a significant rise in DDoS attacks from previous years. In 2015, 44% of Service Providers have noted more than 21 attacks per month, an increase from the previous 38%. With a demand for constant connectivity and instant access, customers could be deterred from your service if DDoS attacks are always bringing your website down. In the VOIP industry alone, the report concluded the number of DDoS attacks on providers has risen from only 9% of all attacks in 2014 to 19% in 2015.

Top motivation behind DDoS attacks seems to be “criminals demonstrating attack capabilities,” with “gaming” and “criminal extortion attempts” trailing not too far behind, according to the study. That’s right – criminal extortion. It is not uncommon for hackers to send small, warning DDoS attacks as a threat followed by a ransom email with threat of more intense interruption to services.

Not only can they interrupt your stream of service, but Arbor Networks also noted a rise in DDoS attacks being used more often as a smokescreen, an attempt to mask other malicious activates such as malware infection, information theft or even fraud.

How DDoS Mitigation Works

By their nature, DDoS attacks are very difficult to deal with as they are occurring. The best line of defense is to proactively adopt and setup measures that actively analyze incoming data, and mitigate any false or malicious requests. However, choosing the best DDoS protection can be as overwhelming as the attacks and it is important to note not only the features these protections include, but their methods and support networks. While one service might offer the best features and methods, without a proper supporting network able to handle the sheer volume, the protection will fail.

-Are you under attack?

It is first important to determine if your service is in fact victim of a DDoS attack – the protection must be capable of distinguishing good traffic (your customers) from bad traffic (the attack). If the mitigation service simply detects traffic and shuts out all incoming requests, you have the same issue of legitimate users unable to access your web page or service. This is where Bot Discernment and Deep Packet Inspection services come in, these methods are developed to distinguish between the good and bad traffic.

-Redirect the bad traffic

Once it is recognized, bad traffic must be properly mitigated and rerouted away from your server. This is where the strength and level of a protection network comes into play. All bad pings will be taken away from you, and filtered through the mitigation infrastructure – to the protection service itself. That bad traffic is filtered through your protection service’s Security Operation Centers. With too weak a network and too few centers, the protection service will be unable to cope with the influx of requests. This in essence would void any real protection from attack. Therefore, it is important to compare the number and location of these security operation, or scrubbing, centers when considering protection providers.

-Utilizing your protection

With most protection services being customizable to your business’ needs, how you set up and maintain DDoS protection can vary greatly. Depending on the level of importance your protection can run all the time and always on, intermittent at specific times or even toggled on and off. Different deployment methods also vary on how you want the services to operate, either cloud based, with on-site hardware or a hybrid model utilizing both. Choosing the proper deployment method will vary based on your business size, urgency of protection, and even IT capabilities. On-site hardware might require additional on-site support, and might be too much for small IT teams to handle. Meanwhile most cloud services will be fully maintained by the provider, and will alert you when an attack occurs – instead of toggling protection when you become aware of an attack.

Compare Top 6 DDoS Mitigation Solutions

With a solid understanding of what DDoS attacks are, and how they can be mitigated, it is important to closely analyze the different solution offerings on the market to determine their effectiveness. As discussed previously, it is important for the protection to not only employ proper protection methods, but must have the adequately network support to properly mitigate any attacks. Beyond simple features, it is important to note the amount of security operation centers at the protection’s disposal, as well as the network capacity.

With too few security centers, or too little network capacity, the best mitigation tools would fail to properly prevent an attack because there is no where to send the traffic. An easy way to understand this is to relate it to a toll booth for a bridge crossing. Quick entry points that do not require cars to stop and make toll payments allows for quicker passing, but if the amount of entry points is limited to 2 or 3, when rush hour comes the influx of cars will be funneled into a limited number of entry points. Without proper infrastructure to allow for more entry points, the system becomes overwhelmed and the benefit of quicker payment systems is nullified.

DDoS attacks are difficult to simulate and testing each individual protection service is not entirely feasible. In order to breakdown each provider’s offerings we sourced information from their individual web pages, as well as independent research and contact with the providers. Below you will find a chart outlining the most prominent services and their comparable features.

Arbor-120 cloudflare-120 Dos-120 Incapsula-120
Number of Security Operation Centers 4 42 4 27  3 5
Network Capacity (measured in TB per second) 1 N/A 1 1.5  0.5 1.7
Firewall No Yes Yes Yes  No No
Auto Bot Discernment Yes Yes Yes Yes  Yes Yes
Deep Packet Inspection Yes N/A Yes Yes  Yes Yes
DNS Redirection Yes Yes Yes Yes  Yes Yes
Web Proxy No Yes Yes Yes  Yes Yes
Real Time Monitoring Yes Yes Yes Yes  Yes Yes
IP Blocking Yes Yes Yes Yes  Yes Yes
Always On Yes Yes Yes Yes  Yes Yes
Cloud Based Protection Yes Yes Yes Yes  Yes Yes
Hybrid Protection Yes No No Yes  Yes Yes
On-site monitoring Yes No No Yes  No No
24/7 Customer Service Yes Yes Yes Yes  Yes Yes
Email Support Yes Yes Yes Yes Yes Yes
Phone Support Yes Yes Yes Yes Yes Yes
Live Web Chat No No Yes Yes Yes No
More Info More Details More Details More Details More Details More Details More Details