Distributed Denial-of-Service (DDoS) Attacks are on the Rise
Did you know that DDoS attacks have nearly quadrupled in the past year alone?
According to data from Verizon’s 2016 Data Breach Investigations Report (DBIR), the rate of DDoS attacks saw a sharp rise from less than 4 percent in 2014 to 15 percent of attacks in 2015. The number of DDoS attacks also went up, from 2,435 reported incidents in 2014 to 9,630 incidents in 2015, an increase of almost four-fold.
The graphs below show the increase in DDoS attacks over the past few years, both in absolute numbers and relative frequency, based on data from Verizon DBIR reports:
The 2016 DBIR is a comprehensive study by Verizon of more than 100,000 security incidents over the past year, investigating a wide range of technologies and attack vectors.
We recently highlighted some of the key findings with regards to attacks against web applications. However, there are several other key findings in this year’s report that highlight the growing threat of DDoS attacks.
The 2016 DBIR offers a number of key recommendations for protection against DDoS attacks: isolate mission-critical assets with multiple layers of defense, close unnecessary ports, implement a patching process for servers/services, use IDS/IPS and firewalls to block bad traffic, establish well-defined response procedures, leverage cloud security solutions and make sure cloud service providers have DDoS mitigation solutions in place.
Verizon Digital Media Services has implemented a number of key features in our anti-DDoS solution to make sure your website is always available:
- Scalable cloud capacity: Our cloud CDN and security solutions provide massive scalable capacity measured in tens of terabits per second to absorb even the largest DDoS attacks. Our network is globally distributed and fully redundant, meaning you always have the capacity you need, when you need it.
- Multi-layer DDoS defense: Automatic, always-on protection against network level (Layer 3/4) DDoS attacks is built into our core CDN. In addition, we offer HTTP Rate Limiting to protect customer websites against application layer (Layer 7) HTTP floods. We stop DDoS attacks at the edge of the internet before your origin infrastructure is ever impacted.
- Origin protection: Origin Cloaking and Origin Shield functionality protect customer origin servers against direct-to-origin attacks that might otherwise bypass other layers of defense, as well as reduce the load on your origin servers.
- Geo-IP controls: Verizon provides granular geo-location controls through our CDN and Web Application Firewall (WAF), allowing customers to blacklist (or whitelist) traffic based on client IP addresses and country codes.
- IP reputation database: We help protect your network against malicious users with an IP reputation database that identifies and blocks bad actors before they ever reach your website.
- 24 x 7 x 365 staffed NOC: Your security is only as good as the people maintaining it, which is why we provide always-available security assistance via our Network Operations Center (NOC), staffed by actual network engineers, to make sure that our experience and expertise is always at your disposal.
In addition, our DDoS protection is tightly integrated with the rest of our multi-layer security suite, including a sophisticated WAF, secure DNS and fast TLS/SSL encryption of your website content.
Contact us to learn more about how our comprehensive security platform and anti-DDoS features can help you boost your website defenses and improve your ROI.
Vikas Phonsa, Sr. Product Manager, Security Solutions
Eyal Arazi, Product Marketing Manager, Security