What’s the best way to prevent critical online services from going down? Increasing your organization’s investment in Distributed Denial-of-Service (DDoS) protection or switching to a different DDoS protection provider does not necessarily mean better protection from damaging attacks. In our webinar The Inherent Flaw in All DDoS Protections, MazeBolt cybersecurity experts Amit Morson, VP Services, and Brian Kay, Sales Director US, discussed the problem of DDoS vulnerabilities – and how to optimize the DDoS protections that your organization already deployed, to stop services from going down. Here are some of the highlights from the webinar:
Protection Levels are Lower Than Most Realize
Amit started out by explaining that even with the best DDoS protection solutions, most organizations are highly vulnerable to damaging DDoS downtime. “We see customers when they start out – when they do the first, initial test of the mitigation. We see some of our customers that have only 20 percent protection. They made a significant investment – and nonetheless, 8 out of 10 DDoS attacks could penetrate their defenses.”
Why Misconfigurations Are “Inevitable-by-Design”
Brian said that, “In any complex environment, misconfigurations are bound to happen. It is these misconfigurations in the DDoS protections that become that fundamental flaw. Vendors know this – that’s why Service Level Agreement (SLA) guarantees are a big part of the sales pitch. Vendors understand that misconfigurations are going to be there. They say to you, ‘Well, if someone finds one of these misconfigurations and manages to take you down, our Security Operations Center (SOC) team will engage quickly.”
All Nations are Targets
Amit pointed out that, “One of the things that we’ve seen recently – one of the main targets – was Switzerland. In other words, one of the most neutral countries in the world has been a target of attacks. Many of their financial systems were attacked. It doesn’t really matter where you stand in a conflict. Attackers will find a reason.”
Brian underscored that, “We’ve got to make sure that defenses are prepared, just in case one of these groups decides to pick on a particular organization.”
DDoS Defense Is a Complex Puzzle
According to Brian, “DDoS protection is a complex puzzle, as your organization could have multiple layers as well as multiple vendors. And your environment is dynamic.”
He continued, “‘Out of the box’ product setup is a bad thing, generally speaking – even just from a security standpoint, with the default configurations. Testing it requires downtime. If you’re doing something DDoS-related, almost everything requires downtime. There is a fundamental need for a deep knowledge level of networking because it’s complex – and in any complex environment, misconfigurations are bound to happen. It is the misconfigurations in DDoS protections that become the fundamental flaw.”
Not Just WHAT – But WHERE
Amit stated that, “It’s important not just what you stop, but also where you stop it. If you have a mitigation device inside your network but your internet line is overwhelmed and saturated – the device will not help you. If you trust your WAF to protect you from DDoS but the attack already killed your firewall – it doesn’t help you.”
He added, “You really need to understand and calculate where you want to stop the attacks. Do you want to stop them outside of your line? Do you want to stop them inside? Which kind of attacks you want to stop where? Some of the attacks can be stopped by mitigation devices. Some can be stopped by configuring your network and your routers correctly. The main thing that a lot of companies and organizations are missing is visibility into what’s going on. I need to know: If I’m attacked by a specific attack, where and what will stop it?”
Thousands of Attack Paths – and Zero Visibility
Continuous, nondisruptive DDoS Vulnerability Management is a proactive approach involving ongoing attack simulation – which is crucial to obtaining full visibility into DDoS vulnerabilities and misconfigurations. Amit talked about why it is essential.
“An organization can have tens, if not hundreds, of publicly available services. And there are tens of hundreds of types of attacks. Just imagine the number of possibilities that there are. If you have no knowledge of what you’re vulnerable to, of what kind of attack will penetrate – how can you even start to improve what’s going on?”
Interested in learning more about how to prevent damaging DDoS downtime? Watch our full webinar here.
