Leadership Framework for Building Elite Teams
Four Reasons Why You Need a Third-Party Security Assessment
Information Security Against Cyber Attacks
The Technology Project Life Cycle: Lessons Learned
Application Security Fundamentals and Coaching Basketball
Lee Bailey,Director, Information Security & Compliance, Tupperware Brands
Application Security and its Many Challenges
Kirk Havens, Chief Security Information Officer, GoHealth
Turning AppSec on its head
Derek Fisher, Vice President of Application Security, Envestnet
Implementing a Cybersecurity Program - The Journey of True...
Maurice Edwards, Senior Vice-President Enterprise Risk, Mattress Firm
Thank you for Subscribing to CIO Applications Weekly Brief
For DDoS-Hope is NOT a Strategy!
Jon Murphy, GVP-IT Security, Ocwen Financial Corporation
A 2016 study from Kapersky and B2B International before last year’s infamous DYN attack reported that a single DDoS attack can cost a company between $52,000 and $444,000! These costs are comprised of factors both to stop the DDoS attack, and/or to pay the ransom that is demanded for it to end. However, the cost range estimate above does not include the costs of industry reputation damage and the loss of customer confidence. I mentioned pervasive before and to punch that point home, consider that according to a 2016 statement by the Department of Homeland Security, over the past five years, the scale of these attacks has increased tenfold!
The bad actors are rapidly evolving their techniques and this makes it difficult to identify the best defense against them. For instance, a highly sophisticated Layer 7 (Open Systems Interconnection–OSI Network Layer) DDoS attack may target just specific areas of a website, making it even more difficult to separate from normal traffic. Consider that a Layer 7 DDoS attack might target a specific website element only (e.g., company logo or a unique page graphic) to consume resources every time it is downloaded with the intent to exhaust the server.
While bad actors conducting DDoS attacks often target sites or services hosted on high-profile web servers such as e-tailers, banks, or credit card payment gateways, any organization can be hit. Motivation runs the gamut from activism, revenge, blackmail/ extortion, or terrorism. Worse still, as technology advances so do the many ways to launch a DDoS attack. Out on the dark web there are freely available network stressors and DDoS tools that can be acquired, configured, and controlled via botnets and other command and control tools. More advanced tools include nation state-backed “Internet Cannons” that weaponize valid Internet user traffic by rewriting HTTP requests to flood targeted websites.
Motivation runs the gamut from activism, revenge, blackmail/ extortion, or terrorism
1. Take assessment–objectively and honestly determine your strengths, gaps, vulnerabilities, and threats; hire a qualified 3rd party if necessary
2. Adopt a framework–this is the foundation to your entire enterprise-level security program and DDoS protections within it; NIST, ISO, SANS – pick one
3. Incident response plan–Create and regularly practice an all-hazards plan with a crisis communication plan built-in
4. Solid router and firewall configs– look to expert advice from the OEM and for solid “hardening standards”
5. Traffic threshold monitoring–find out what “normal” amounts of traffic to your sites look like and then create a threshold to alert on
6. Cloud based DDoS defense systems– lots of great vendors; check the think thanks for ratings and ask other colleagues for their experiences
7. Enhanced DNS protection services– same as above; the best spot and stop trouble before it ever gets close to your network
8. IDS/IPS–Use next generation firewalls with built-in intrusion detection and prevention (IDS/IPS) coupled with Border Gateway Protocol (BGP) to stop DDoS attacks.
9. WAF—A web application firewall(WAF) acts like an anti-malware tool that blocks malicious attacks on your website(s). It sits above your application at the network level to provide protection before the attacks reach your server. As a bonus, using a WAF not only protects you against DDoS attacks, but also generally improves application performance and enhances user experience.
10. Upstream filtering–provided by your ISP, includes reputation based blocking - a feature called Unicast Reverse-Path Forwarding to silently drop—or “blackhole”—the bad traffic.
With forethought and planning, you don’t have to rely on hope when it comes to dealing with DDoS.