Cyber security 2015: “still room for improvement”
Commentary from Herve Dhelin, Worldwide Marketing Director at Efficient IP
Neustar’s latest DDoS Attack & Protection report shows that companies are now deploying hybrid security solutions against DDoS attacks (31 percent of respondents); which is a 55 percent increase over previous years, stating that “Firewalls alone are not sufficient; during attacks, they often create bottlenecks and accelerate outages”.
I’m not at all surprised businesses are looking to increase their security solutions. When we released the 2014 DNS Security survey, in conjunction with IDC, we weren’t very surprised about the figures then either. Most of the companies surveyed had experienced DNS attacks with massive business impacts. But IDC noticed that most of the respondents were still using basic protection (i.e. firewalls) to protect their DNS infrastructure, even though this isn’t an adequate solution to DNS Threats.
Most interestingly, the Neustar report shows that 77 percent of respondents detect the attacks in less than two hours, and 68 percent also respond to attacks in less than two hours. However, the financial risk of these attacks is measured at 100K per hour and 64 percent of the respondents need more that six employees to mitigate an attack.
Looking at the statistics, it’s clear that even if though there’s been a big increase in the action taken to address DDoS attacks there’s still a huge problem – as most of the respondents need about four hours to detect and respond to an attack. At 100K per hour, it’s still approximately a 400k risk using at least six employees.
Would your business be happy with those figures?
In the particular situation of a DNS DDoS attack, it means that for at least during four hours, your employees aren’t able to use any business applications: web, email, VoIP etc. We can’t accept that in the best-case scenario your company will need four hours to detect and respond to attacks. It’s crystal clear to me that traditional solutions just aren’t sufficient.
When we released DNS Blast last year, our aim was to ensure an answer to all queries, without valid queries being blocked by security solutions or because the server wasn’t performing as expected. The 17 million queries per second DNS Blast can absorb is enough to mitigate most of the attacks with just one DNS appliance. It also reduces the complexity of the DNS infrastructure. But most importantly, it’s done without any time needed to detect and respond to attacks or downtime for business as usual activities; DNS Blast absorbs the DDoS attack and reports in real-time to the network or security team. No need to deploy several staff and wait around for hours, losing money.
Furthermore, DNS Guardian accurately analyses, in real-time DNS queries to understand what the attack is, and only blocks the bad queries – limiting false-positives which can be dramatic for the business. Just recall the Rackspace story in late 2014; an 11 hour incident blocked a large proportion of legitimate traffic from reaching rackspace.com. In addition, when hackers are using new techniques, such as Sloths or Phantom attacks, legacy security solutions can’t detect anything.
Business continuity is the absolute priority; DNS Servers are supporting ALL business processes in any organisation and deserve the security they need to protect the company.
Businesses cannot accept such poor performances as the best they can get to mitigate DDoS attacks.