Why is it so hard to protect organizations from the Distributed Denial of Service (DDoS) attacks that can impact the business continuity of critical online services? How do the recent cybersecurity rulings of the SEC and new Digital Operational Resilience Act (DORA) regulations in Europe impact the decision-making of the C-suite? And for those organizations that have DDoS protections deployed, what is the “Achilles’ heel” – the weak point in protection solutions, that creates increased risk and greater vulnerability to damaging DDoS attacks?
In our recent webinar “The Problem of DDoS and the Vulnerabilities that Won’t Go Away,” cybersecurity experts Dr. Chase Cunningham, author of the Dr.ZeroTrust podcast, and Alon Yaffe, Senior Solutions Architect at MazeBolt, shared their insights on how to meet the SEC and DORA compliance requirements despite the growing risk of DDoS attacks. The conversation focused on why DDoS attacks remain a critical threat and the inability of DDoS protection solutions (even premium solutions) to effectively thwart DDoS attacks automatically, primarily due to DDoS misconfigurations. It touched on effective mitigation strategies, future trends, and regulatory impacts. Here’s some of what was discussed.
1. Impact of the SEC Ruling and DORA Regulations
The discussion touched on looming regulatory impacts, such as new SEC, DORA, and other compliance regulations. These regulations mandate organizations to maintain certain levels of defense against DDoS attacks.
Chase and Alon pointed out that failing to meet the new compliance requirements could lead to significant penalties or even jail time for responsible executives. This shift is significant – and can give cybersecurity officers more leverage when working to secure necessary budgets and resources to maintain robust DDoS protections.
2. Misconfigurations in DDoS Protections Leave Organizations Vulnerable
A key point made in the webinar was the necessity of DDoS Vulnerability Management – i.e., continuous testing and proper configuration of DDoS mitigation solutions. Without continuous testing, organizations are left vulnerable to new and sophisticated attack vectors.
Chase noted that checking and testing how DDoS protection solutions are configured and identifying misconfigurations (so they can be addressed) significantly reduces risk and provides better protection against potential disruptions.
3. Impact of DDoS Attacks
Despite significant advancements in cybersecurity, Chase stated that DDoS attacks are still not being adequately countered. These attacks cause massive disruptions, as evidenced by the recent attack on Google, which saw 400 million requests per second.
Due to their sheer volume and sophistication, DDoS attacks are hitting enterprises across multiple sectors including government institutions, the banking and financial services industry, and more.
4. Best Practices in DDoS Mitigation
Alon warned against relying solely on firewalls for DDoS protection. Firewalls are not designed for this purpose and can lead to organizational-wide failures, if overwhelmed by an attack.
Additionally, he touched on several best practices for DDoS mitigation, including:
- Behavioral and Signature-based Protections, which identify and block malicious traffic patterns effectively
- Challenge-based Systems, which verify human users are accessing services, preventing bot-based attacks
- Geoblocking and Blacklisting, which should be used as last-resort strategies to restore service
Alon discussed the importance of a broad approach to DDoS mitigation, considering diverse technologies like Web Application Firewalls (WAF), Intrusion Prevention Systems (IPSA), and Content Delivery Network (CDN) mitigations. They stressed the need for these systems to work cohesively, with each component playing a crucial role in preventing cascading failures.
5. Greater Number, Greater Complexity
Alon provided an overview of different types of DDoS attacks – including, for example, volumetric attacks, which are meant to overwhelm bandwidth and resources; and application attacks, that target server resources like CPU and RAM. He emphasized that while DDoS protection technologies are designed to provide protection against these attacks, the real challenge lies in their proper configuration and use.
6. AI in DDoS Attacks
Chase predicted the increasing role of AI in DDoS attacks, making it even more critical for organizations to stay ahead of the curve. Attackers using AI can adaptively identify and exploit DDoS mitigation vulnerabilities, allowing them to bypass defenses more effectively. Therefore, employing AI for defense mechanisms to counter such attacks is becoming equally important.
The Solution: Continuous, Non-Disruptive, Proactive Testing of DDoS Protections
Organizations are suffering from the increased risk of DDoS attack, even if they have premium DDoS protection solutions deployed – because DDoS protection solutions tend to have misconfigurations and vulnerabilities. As regulatory scrutiny intensifies and attackers leverage AI, staying proactive with a continuous, non-disruptive, automated approach to testing DDoS protection solutions is more important than ever for organizations to safeguard their critical infrastructures.
For more detailed strategies and insights, watch the webinar on demand.
