What's the newest element to a proactive DDoS defense strategy?
By Tina CheeWhen the internal network of a local commodities trading firm was hit by a Distributed Denial of Service (DDoS) attack in early 2018, the network's performance dropped for several hours and lost millions in daily revenue due to the network performance issue as daily trades came to a standstill.
With DDoS attacks set to become more frequent and sophisticated in the coming years, the Singapore government to take measured steps to ensure that both businesses and citizens are adequately protected from future threats.
The Singapore Cybersecurity Act was enacted in parliament on 2 March 2018. Under the act, network owners in the sectors of Energy, Water, Banking, Finance, Healthcare and Transport, termed as Critical Information Infrastructure (CII), are required to report any and all cyber security breaches. These organisations are also obligated to follow strict corporate governance standards; conduct cybersecurity audits, risk assessments and participate in cybersecurity exercises.
However, even with regulations in place, organisations cannot afford to be complacent and need to equip themselves with the latest proactive DDoS defense solution in order to stand-up to DDoS threats.
The proactive DDoS defense solution
In Singapore, businesses have had a long-standing practice of outsourcing their defenses, thus leaving gaps in their DDoS protection strategy.
In the light of today's increasingly sophisticated threats, organisations need to take a layered approach for their DDoS defenses – this means adding on-premise protection that is always-on and can provide real-time detection and mitigation.
Today, a proactive DDoS defense strategy is able to address these key challenges and enable organisations to have actionable intelligence in the face of DDoS attacks. Precision focuses on defending legitimate users first, followed by network infrastructure. It allows organisations to distinguish legitimate users from threat agents and applies behavioural learning to understand the organisation’s environment in both peacetime and wartime.
Scalability allows businesses to fight against various DDoS attack sizes and breadth. It combines an always-on and on-premise solution with cloud scrubbing services to ensure the network can stand up to attacks at any scale.
Automation reduces response time to an attack. It also eliminates the need for a room full of staff to fend off attacks. Traditional DDoS solutions required one person to manually defend against a DDoS attack. Automation based on pre-set policies maximises effectiveness and ensures the solution recognises the difference between peaceful, run-of-the-mill traffic and a full-out DDoS attack and adjusts its mitigations accordingly.
The newest element to a proactive DDoS defense solution
On top of precision, scalability and automation, there is now a new element to a proactive DDoS defense solution – threat intelligence – that helps organisations pre-empt DDoS attacks from happening.
During alleged attacks, organisations with access to threat intelligence portals can thwart unwanted traffic based on source IPs reputation, allowing the DDoS protection solution to automate resources against more sophisticated or newer attacks from the wild.
Today, threat intelligence feed can take the form of IP reputation and indicator of compromise (IOC) to provide security analysts with situational awareness for potential threat detection purposes. Threat intelligence within proactive DDoS solutions leverage the large class-lists to chart newly discovered, existing, frequently used and deprecated DDoS threats, globally. This information enables businesses to stay ahead of DDoS attack by identifying known threat agents and putting the proactive DDoS defense elements – precision, scalability and automation – at the front-line, should the threats appear at their doorstep.
The promise of greater agility through Cloud, digitalisation and next generation DevOps deployments are speeding innovation faster than ever before. However, the specter of cyber threats come fast on the heels of every innovation.
Singapore is unique in that it is often seen as a technology leader and innovator in the region. Leading financial institutions and MNCs have the opportunity to show the way by delivering agility on a promise offered through multi-cloud environments, whilst adopting new approaches to security such as a multi-layered protection strategy for growing DDoS attacks.