Our security and research teams spend a lot of time analyzing traffic on our network. As we reported recently, for the past year, we’ve seen a decrease in the number of network layer assaults. The number of application layer assaults, however, have grown reaching an all-time high of 1,099 per week.
A notable new trend is that DDoS assaults are shorter, but more complex and persistent. The report showed that 80 percent of all attacks lasted less than an hour. Ninety percent of network attacks lasted only under 30 minutes compared to an average attack duration of 100 minutes in the last quarter of 2016, demonstrating the steep increase in short burst attacks.
The rise in multi-vector threats indicates a growing trend in the complexity of the attacks. They increased from 29 percent of all network layer DDoS assaults in the previous quarter to 40.5 percent.
Andy Shoemaker, founder of NimbusDDoS, says the threat of short DDoS bursts poses a significant security threat to most websites. Small, low volume DDoS attacks are easier to deploy and can as easily disrupt online businesses.
Andy hosted a webinar “Small DDoS Attacks Can Lead to Large Outages” on June 21 to demonstrate how an attack is launched and what the affects are.
He’ll look at common misconceptions about DDoS including
- Firewall / IPS / IDS provide sufficient protection
- They are easily detected as large volumes of traffic
- Our site is too small to be targeted by DDoS
- There’s minimal financial impact if I’m attacked
Along with Nabeel Saeed from Incapsula, Andy will discuss Layer 7 protection tips for businesses among which are
- Monitoring applications consistently
- Building network architecture to scale to attacks
- Hiring a reliable mitigation partner
- Being vigilant by testing their networks
You can watch a recording of the webinar where Andy demonstrates how small attacks work and how you can protect your network against them.