Digital businesses depend on constant, uninterrupted connectivity. Websites, applications, and cloud services are potential targets for DDoS attacks. There are many ways attackers may target enterprises; extortion, hacktivism, political motivation, competitive reasons, or as part of a data breach. According to a recent survey, 24% of global enterprises that suffered a data breach over the past 12 months were victims of a DDoS attack. No matter the motivation, DDoS attacks can significantly harm or even cripple digital businesses.  (source Department of Digital, Culture, Media & Sport) 

What is a DDoS attack? 

A volumetric Distributed Denial of Service (DDoS) attack is one of the most common forms of cyberattack. It is a malicious attempt to make an online service unavailable by flooding unwanted internet traffic from multiple sources, therefore making the online service or website unavailable.  

Almost any type of internet-facing connected device could be a potential DDoS resource: Internet of Things (IoT) devices, smartphones, personal computers, and powerful servers. 

Simply put, a DDoS attack is like a traffic jam clogging up the motorway, preventing regular traffic from arriving at its desired destination.  

How does an attack work?  

For a DDoS attack to be successful, an attacker will spread malicious software to vulnerable computers, mainly through infected emails and attachments. This creates a network of infected machines called a botnet. Once the botnet has been established, the attacker is able to instruct and control the machines. Commands would be given to flood a site with traffic, causing the targeted server or network to overflow capacity, resulting in a denial-of-service to normal traffic.  

DDoS Models  

DDoS attacks grow more powerful, more sophisticated and more frequent so choosing the right protection for your business is crucial. DDoS protection is not a one-size fits all approach but more of a multiple choice. Each option has its unique advantages and drawbacks.  Selecting the best option may be based on your business needs, threats and budget.  

DDoS attacks continue to grow in size, complexity and malice. Businesses worldwide are being forced to set up their DDoS attack defence and here’s how MLL can assist.  

On-premises solutions   

Premise-based applications were the first form of DDoS protection in response to the first generation of DDoS attacks.  

Companies with extensive on-premises infrastructure that are in a high-risk industry may choose this DDoS solution where there is sensitive data stored in on- site data centres. On-premise devices are deployed on-site at customer data centres alongside other networking equipment such as firewalls, switches and routers.  

On-premise solutions suit organisations who require control and regulation and have low latency.   

Cloud DDoS mitigation services  

Businesses with very distributed infrastructure, cloud-hosted assets, or a cloud-first strategy may choose cloud-based DDoS mitigation. Malicious inbound traffic is sent to the nearest scrubbing centre, where the DDoS filtering and routing service is applied before reaching your network or cloud-hosted assets. The clean traffic is then routed back to your network without you being aware of the issue.  

There are two mitigation service protection options; on demand or always-on enabling you to choose the right level of protection for your business. 

An“always-on” service sits in-line of the traffic flow, constantly analysing traffic. The advantage of this approach is that any mitigation is implemented almost instantly – drastically reducing the time to remove the unwanted DDoS traffic. The downside is that this approach can be cost prohibitive, and in some instances can add additional latency, as the traffic is permanently routed through the provider service. 

An “on demand” service offers the convenience of DDoS protection but none of the latency or commercial disadvantages of an “always-on” solution.  Typically, a provider will remotely monitor internet traffic for a potential attack. If identified, the provider will reactively route all affected traffic via manipulation of the internet routing table into the provider scrubbing centres. Once the attack has subsided, the provider will re-route traffic back to its intended destination, usually the customer perimeter device. 

Hybrid Solutions 

A hybrid DDoS defense offers a combination of on-premises and cloud-based solution and is an approach chosen by many organisations as it provides the best of both worlds. The cloud-based mitigation handles high volume flood-style DDoS attacks, while application DDoS attacks can be monitored and protected by on-premise devises.  

When attack volumes grow and threaten to overwhelm the on-premise solution, it can signal to the cloud provider to begin mitigation in the cloud.  

The Hybrid Solution suits companies in high risk categories including the financial services and the gaming industry.  

MLL Telecom Mitigation Service 

The MLL DDoS mitigation service is powered by industry leading DDoS and Cyber Threat Protection Specialists Arbor Networks. The base offering is the “on demand” service which means that the service will be invoked as soon as an attack is detected. 

The service constantly baselines traffic to ensure that only “out of baseline” spikes in traffic are classified as attack traffic. Once detected, the mitigation service removes the spurious traffic, sending only legitimate “clean” traffic back to the customer.  

The service protects against standard volumetric attacks, as well as so-called “low and slow” attacks that are designed to slowly deplete network resources and would otherwise go undetected. 

Contact us to find out how we can help defend your services against the growing threat of DDoS attacks….