NETSCOUT Arbor helps to analyse and reduce the risks of DDoS attacks

Jul 25th, 2018

Established businesses with a significant online presence need to ask themselves if the measures they put in place previously to guard against Distributed Denial of Service (DDoS) attacks are still adequate against an attack that could be launched today. The answer is very likely to be ‘No’.

Maintaining the availability of digital platforms, networks, applications and services is a business risk and a continuity issue. A successful DDoS attack aims to disrupt or cause the denial of an online service by overwhelming it with traffic from multiple sources. Motivations for planning a DDoS attack include extortion, competitive disruption by a business rival and even geo-political protest. Against this background, it makes sense that DDoS attacks have been around for as long as e-commerce itself. But is your e-commerce platform sufficiently protected against a potential DDoS attack – and if you are concerned that the answer is no, then what options are available to you?

Bryan Hamman, territory manager for sub-Saharan Africa at NETSCOUT Arbor, which specialises in advanced DDoS protection solutions, says “DDoS threat capabilities have become more complex, frequently using multi-vector tactics that strike your organisation in different ways. Using a combination of attack methodologies increases the chances that at least one will succeed in penetrating your defences. It’s a typical tactic that warfare has employed for centuries – some of the attack methodologies will divert attention, and therefore defences away, from the tactic that ultimately gets through. The danger is that today’s threat capabilities have now surpassed your organisation’s existing protection capacity.”

NETSCOUT Arbor offers a risk methodology called FAIR (Factor Analysis of Information Risk), which outlines steps that allow your business to take a quantitative, financial approach to analysing the risks of DDoS attacks. In an online document, NETSCOUT Arbor presents an analysis of how using the FAIR processes on a fictitious e-commerce company helps you to re-assess your own business’ risk of a modern-day DDoS attack.

The paper clarifies the types of protection that can be offered, as well as their limitations, and discusses firewalls, on-premise, in-cloud and a combination offering of in-cloud plus on-premise. It offers further guidance in analysing such factors as the threat community, threat type and threat effect, as well as primary and secondary loss factors.

Hamman clarifies, “Primary loss factors could include a loss of productivity, which in the  case example would be defined as the ability of the e-commerce website to take orders and thus produce revenue. Secondary loss factors could include replacement costs of IT infrastructure, as well as fines that could be imposed if the DDoS attack causes a legislative breach on the part of the company that was attacked. Depending on the type of organisation and the industry it is in, even the so-named secondary loss factors could be significant and so shouldn’t be overlooked.”

The FAIR risk analysis process in the paper compares an organisation’s current (as-is) state of security and three proposed (to-be) security states, by following this general sequence of steps:

  1. Describe the risk scenario including asset(s) at risk, threat community, threat type and threat effect.
  2. Analyse the threat event frequency and evaluate the loss event frequency.
  3. Evaluate the primary and secondary loss factors.
  4. Determine the organisation’s vulnerability, including an assessment of threat capability and resistance strength of the as-is state.
  5. Derive risk and produce analysis reports of as-is state.
  6. Repeat step 4, with the to-be states.
  7. Repeat Step 5, for to-be states; ultimately producing reports comparing all as-is and to-be states.

“’Determining the risk of a DDoS attack is one thing. Deciding upon and justifying the need for different methods of DDoS attack protection is the next step. This extremely useful paper shows organisations how to take practical steps to match their DDoS risks to their agreed protection measures, although liaison with experts is preferred. Today, a multi-layered protective strategy is clearly required against multi-vector attacks. NETSCOUT Arbor’s DDoS defence approach incorporates key strategies across the required defence spectrum,” concludes Hamman.

For more information about NETSCOUT Arbor in Africa, please contact Bryan Hamman at [email protected].