Downtime of IT Production systems
Has your organization ever experienced DOWNTIME?
Has this ever been displayed on the screen when customers tried to access services?
As the CTO, CIO, CISO, CSO or other Technology Officer, who has gone through this, you know how painful it is to bring the production systems back up after any downtime.
Primary causes of Downtime are
- System design errors or bugs: This is internal to the organization and is continuously addressed or taken care of by the design or dev-ops teams.
- DoS (Denial of Services) or DDoS (Distributed Denial of Service) attacks: Come with malicious intent and need preventive measures to ensure that Downtime doesn’t occur because of DoS or DDoS attacks.
Downtime means a loss of revenue and a loss of customers for any organization that operates online.
DoS vs DDoS Attacks
What is a DoS attack?
DoS attacks are where a few compromised systems, are used to target a single “Internet facing” IT system (It can be servers, devices, services (HTTP/HTTPs), networks, applications), with the intent to make the victim IT services unavailable.
For Example: if a website has a DoS attack launched against it and the DoS attack is successful, that website will not be available for users to connect to.
What is a DDoS attack?
DDoS attacks are the same concept as DoS attacks, however, attack traffic originates from many different sources – potentially thousands or more.
These attacks are nastiest because they come from thousands of sources making it difficult to stop by simply blocking a single source. It is also very difficult to distinguish legitimate user traffic from attack traffic.
How DDoS Attackers Cause Downtime
Attackers Advantage - The Large "DDoS Attack Exposure Surface"!
There are thousands of potential DDoS vulnerabilities to exploit in any IT infrastructure. These potential vulnerabilities are referred to as “DDoS Mitigation Gaps”.
For example: With reference to Figure 1.0, if a company has ~100 IP addresses operating online then the attack surface would be 100 (IP addresses) x 100 (vectors) = 10,000. Hence in this case ~10,000 potential DDoS Mitigation Gaps are to be verified.
Production environments are continuously changing and the DDoS Mitigation Gap is continually expanding and contracting, based on factors like:
- Adding/removing services
- Updating DDoS mitigation policies
- New and improved DDoS attack vectors
Preventing Downtime Caused by DDoS attacks
1. Continually Identify DDoS mitigation Gaps before attackers target them.
- Traditional DDoS Penetration Testing (PT)
- DDoS Radar
2. Continually Mitigate (Fix) all identified DDoS Mitigation Gaps.
- There are several excellent DDoS mitigation providers E.g. Arbor, AKAMAI, A10, F5, Radware, Reblaze, NeuStar and many more.
In order to prevent Downtime from DDoS attacks, you need to know where the DDoS Mitigation Gaps are.
Identifying DDoS Mitigation Gaps
There are 1000’s of potential DDoS Mitigation Gaps in all organizations whose business operations are online.
A single DDoS Mitigation Gap if not mitigated will result in Downtime when attacked by the right DDoS attack vector.
There are currently two options available to identify DDoS mitigation Gaps:
Traditional DDoS Penetration Testing
Traditional DDoS penetration testing simulates attacks in a controlled manner to test DDoS defense readiness.
It typically needs a maintenance window (For expected downtime) of at least 3 hours to test the pre-decided systems. A platform to simulate the multiple DDoS attacks is used with a varied intensity of low, moderate and high rate packets. The spectrum of attack vectors covers HTTP/HTTPS, Application, DNS, IP Floods, UDP Floods, TCP Floods and many more.
Once the testing is complete, a comprehensive report is generated that guides where the vulnerabilities/DDoS Mitigation Gaps are. A team of security professionals is then made aware of these vulnerabilities.
Any kind of Traditional DDoS PT (Penetration Testing/ PenTest) requires
- Predefined attack surface coverage (maximum 5 IPs).
- Maintenance window of at least 3 hours is required.
- Systems can generally only be tested a maximum twice a year as testing demands maintenance window
DDoS Radar (DDR®) is the only Automated & 24x7 Ongoing DDoS Mitigation Gap Detection which is Non-disruptive to IT production systems.
DDR® identifies an organization's entire DDoS attack exposure surface regularly with tens of thousands of attack simulations. DDR® generates reports for those responsible for closing the DDoS Mitigation Gap and friendly KPIs to manage the DDoS Mitigation Gap closing process. In short, DDR® advances the existing mitigation solution to reduce the DDoS mitigation gap exposure surface to as low as 2%.
DDoS Radar® advances your DDoS mitigation significantly by transforming the way you prevent downtime from DDoS attacks
- Complete attack surface coverage, DDR® ensures all your assets (1000's of IPs) are protected against DDoS attacks.
- The only automated and Continuous 24/7 DDoS Mitigation Gap detection.
- The patented DDoS Radar® technology is Non-disruptive to ongoing production system operations
Traditional DDoS Penetration Testing vs DDoS Radar
|Testing Parameters||Traditional DDoS PT||DDoS Radar 24/7|
|Non-Disruptive to IT operations||Requires Maintenance window||Yes|
|Test Frequency||~2 times per year||Continuous & Ongoing|
|DDoS Attack Vectors||< 20||> 100|
|Attack Surface coverage||Small fraction of surface (Under 5 IP’s)||Complete surface coverage (1000’s IPs)|
|Attack simulations per year||< 40||> 50,000|
|Vulnerability Reporting||Per Test||Real Time|
|Ongoing DDoS Mitigation Gap (Average)||> 30%**||< 2%*|