distributed denial of service attack: prevention and best practices

Written by Adrian Taylor, VP of EMEA at A10 Networks

As one of the easiest attacks to launch and often devastatingly effective, a distributed denial of service (DDoS) attack is one of the most common threats in today’s cybersecurity landscape. In simple terms, a DDoS attack seeks to disrupt a target’s connectivity or user services by flooding its network with an overwhelming volume of fraudulent traffic, typically through a botnet.

The damage from a DDoS attack can be devastating. In one recent survey, 98% of respondents reported costs of more than $100,000 for each hour of downtime, while over one-third estimated costs in excess of $1 million. The average DDoS attack causes $218,000 in direct damage (around £179,601), in addition to any accompanying extortion, data theft, business disruption, or harm to the victim’s reputation and business and customer relationships.

distributed denial of service attack: prevention and best practices

Without an effective DDoS attack prevention strategy, complemented with DDoS protection solutions and threat intelligence, organisations are at significant risk. To reduce the risk of a devastating DDoS attack, businesses should adhere to the following five steps as the foundation of an effective DDoS attack prevention strategy:

1. Know What to Watch for

To detect whether a DDoS attack is underway before it’s too late, businesses need to know what normal network traffic looks like. By creating a baseline of usual traffic patterns, they can more easily identify the symptoms of a DDoS attack, such as inexplicably slow network performance, spotty connectivity, intermittent web crashes, unusual traffic sources, or a surge of spam.

Vigilant monitoring is critical, including both network and application traffic; even a small anomaly can signal a test by cybercriminals in advance of a larger attack. The sooner an attack is detected, the more quickly and effectively a DDoS attack mitigation plan can be implemented. At the same time, it’s critical to minimise false positives in order to avoid unnecessary operational disruptions.

2. Make a Denial of Service Response Plan

When it has been determined that a likely DDoS attack is underway, organisations need to be able to respond quickly and efficiently. Detailed planning will avoid the need to improvise under pressure. This should include:

  • A checklist of systems, assets, and advanced threat detection tools
  • A defined response team with the DDoS attack mitigation competencies
  • Procedures to maintain business operations for the duration of the attack
  • Protocols for incident notification and escalation
  • A communications plan covering both employees and external stakeholders such as customers and partners and the media

3. Ensure a Resilient Infrastructure

Given the high likelihood of an attempted DDoS attack at some point, organisations should take steps to minimise the impact of a successful denial of service. Designing network and systems to accommodate excess traffic—from 2 – 5x the anticipated baseline need—can help absorb an attack for long enough to mount a response. Distributing resources can limit the reach of an attack, such as by putting servers in different data centres, and putting data centres on different networks and in different physical locations.

Redundant devices and high-availability architecture can increase the speed of system restoration following a DDoS attack (note that they should be launched only after an attack has concluded to avoid exposing them to an ongoing attack). Avoid or harden bottlenecks and single points of failure that can be especially vulnerable to a traffic flood.

4. Take Refuge in the Cloud

The cloud offers a few possibilities to reduce the risk of a DDoS attack. Migrating assets to the cloud is one approach; cloud providers have far more bandwidth than the typical enterprise, and the distributed nature of the cloud can aid resiliency. If one server is crashed by a DDoS attack, others will continue operating; similarly, secure data backups in the cloud can aid rapid recovery in the event of system corruption.

On the other hand, multi-tenant cloud environments can bring risks of their own. A cloud, hosting, or colocation provider who detects a DDoS attack on one customer might shut down all their traffic in order to prevent spill over impacts on other customers, leaving the company unable to make a more surgical response to preserve some services.

At the same time, an attack on another cloud provider customer might impact your company even if you’re not the original target. Therefore, it’s important to work with cloud, hosting, and colocation providers who offer DDoS protection as a service for their customers.

5. Deploy DDoS Protection Solutions and Threat Intelligence

DDoS attack prevention depends on a multi-layered strategy of best practices, tools, and threat intelligence. Anti-DDoS solutions should include capabilities for traffic monitoring, real-time threat detection, anomalous behaviour blocking, zero-day attack pattern recognition, DDoS scrubbing, and automated response.

Threat intelligence is essential to enrich DDoS tools with timely data about current DDoS activity and trends, including the IP addresses of DDoS botnets and vulnerable servers known to be associated with DDoS attacks. Leveraged in conjunction with real-time threat detection, AI/ML capabilities, and automated signature extraction, threat intelligence enables organisations to take a proactive approach to DDoS attack mitigation.

In summary, whilst the threat and potential of DDoS attacks are rising, there are strategies organisations can implement to ensure heightened security. By verifying a baseline of normal activity, any abnormalities can be monitored and addressed. Cloud environments will ensure less downtime with reliable infrastructure acting as a key defence.

Ultimately, organisations should shore-up their overall defences. Strategically deploying DDoS mitigation services, in conjunction with real-time threat detection, can enhance a business’s rapid response to an attack, eliminating downtime and reducing financial loss.

About Post Author


TikTok EU ban on the table if social network doesn’t comply with new laws

TikTok is one of the most popular social networks out there. But TikTok is also a cause of concern for western governments that worry about the company’s ties to the Chinese government. TikTok can’t run on most devices the US government issues, and there has been talk of a ...

View more: TikTok EU ban on the table if social network doesn’t comply with new laws

Don’t Buy a Foldable Until Samsung Brings This Prototype to Life

Samsung Display via The Verge The world of foldable phones is surprisingly stagnant. The Galaxy Z Fold gets a tiny little upgrade every year, and rival phone brands loosely copy Samsung’s homework. But a new Samsung Display prototype called the “Flex In & Out” could turn this narrative on ...

View more: Don’t Buy a Foldable Until Samsung Brings This Prototype to Life

Best free sports streaming apps in 2023

Cutting the cord on cable television is something tons of people have done over the past five years. But that hasn’t proven to be the smartest way to continue to watch sports. Whether it comes from premium sports website subscriptions to keep tabs on your favorite players, or even fantasy ...

View more: Best free sports streaming apps in 2023

Avengers 5 might have Ant-Man in it, Quantumania star teases

The first MCU Phase 5 movie will be Ant-Man and the Wasp: Quantumania, the third installment in the Ant-Man franchise and a film with much higher stakes than the previous episodes. The sequel will deliver the MCU’s first Kang (Jonathan Majors) villain after we met a somewhat good He Who ...

View more: Avengers 5 might have Ant-Man in it, Quantumania star teases

Sharing a Netflix Account? Get Ready to Pay For It

DANIEL CONSTANTE/Shutterstock.com Netflix is about to get serious in its efforts to eliminate freeloaders. If you share a Netflix account with family or friends outside your household, get ready to pay for it. A new “paid sharing” system could roll out starting next month, and you’ll have to pay a ...

View more: Sharing a Netflix Account? Get Ready to Pay For It

‘7 Wonders’ Board Game Gets a New ‘Edifice’ Expansion

Asmodee and Repos Production Board game lovers have a wonderful reason to celebrate today. Board game makers Asmodee and Repos Production announced their latest collaboration: 7 Wonders Edifice, an expansion to the popular board game 7 Wonders. The game launches on February 24th for $29.99. 7 Wonders: Edifice adds ...

View more: ‘7 Wonders’ Board Game Gets a New ‘Edifice’ Expansion

T-Mobile Kicks Off 2023 With Another Data Breach

r.classen / Shutterstock.com In a press release, T-Mobile confirms that it detected a data breach in its systems on January 5th. A “bad actor” managed to steal personal information (but not financial data) from around 37 million customers. This is the eighth T-Mobile data breach since 2018. The hacker ...

View more: T-Mobile Kicks Off 2023 With Another Data Breach

Apple appeals to UK competition watchdog investigation about mobile browser dominance

Apple has filed an appeal against the UK’s competition watchdog regarding its dominance of mobile browsers in the cloud gaming market, reports Reuters. The Competition and Markets Authority started investigating this dominance by the Cupertino firm and Google. Lawyers representing Apple believe the investigation should be reviewed as CMA ...

View more: Apple appeals to UK competition watchdog investigation about mobile browser dominance

Galaxy S23 Ultra release date and specs leak finally reveals everything about the new model

WhatsApp for iOS rolling out the ability to create a chat with yourself

Amazon Prime Music Unlimited changes streaming prices, now matches Apple Music

Deadpool 3 and Secret Wars to feature Fox’s X-Men, according to Marvel insider

Report: OLED iPad Pro still on track for 2024 release, 2026 for MacBook Pro

How to negotiate over practically anything

HomePod 2 praised in exclusive hands-on before launch

M2 Pro MacBook Pro Amazon preorder deal gives you $50 off

What “choice” means for millions of women post-Roe

Singapore FinTech firm Pilon secures $5.2M seed funding led by Wavemaker Partners

Capital Square Partners and Basil Technology team up for $700M tech fund in Asia

This feel-good movie about man’s best friend is dominating Netflix


Top Car News Car News