Freely subscribe to our NEWSLETTER

copyright : Lukiyanova_Natalia_ frenta

Arbor Networks’ recent Tenth Annual Worldwide Infrastructure Security Report (WISR) highlights the key trends in the threat landscape and concerns facing organisations. The report collates the observations and experiences of the operational security community, so it is a useful repository of data on the threats organisations have seen over the past year, what they have done about them and what they are concerned about for the future.

One of the key findings of the research was in relation to Distributed Denial of Service (DDoS) attacks - the number one threat to the availability of the Internet services that many of us now rely on. DDoS attacks have continued to grow in size and frequency, with 2014 being a record-breaking year for large attacks. Over 150 attacks at over 100Gbps were monitored last year by Arbor’s ATLAS system, a 4x increase over 2013, and the ‘largest’ attack record was broken again, now standing at around 400Gbps. But it’s not just the large attacks that have become increasingly common, enterprise organisations involved in the research reported that 29% of attacks were of the stealthier, more complex application layer variety – and these are much harder to stop.

DDoS defence is hugely important for any organisation that has any reliance on Internet services that they either provide or utilise. And service providers are seeing increased awareness of this – with 70% of them seeing increased interest in DDoS protection services. These services can mitigate attacks pretty quickly, 68% of service providers involved in the WISR research now able to mitigate an attack in less than 20 minutes. But we have to remember that service recovery times can be longer than this - especially if infrastructure is exposed to application layer or state-exhaustion attacks. This is why layered DDoS defences are so important; they can proactively block attacks as soon as they begin, and can remove the need to divert traffic if the attack doesn’t escalate above link capacity. The best solutions integrate network perimeter solutions with cloud DDoS protection services so that the perimeter component can ‘call for help’ automatically should an attack escalate.

Looking more generally at the preparedness for all types of security incidents, again based on WISR data, it is interesting to note that despite the increased awareness of breaches and attacks only around a half of enterprise organisations feel well prepared for a cyber-incident, and 10% feel completely unprepared. Technology is one thing, but a bigger issue for many organisations is people and process.

Most organisations suffer from a shortage of security resources, and that can make finding the time to rehearse incident response plans difficult. However, it is hugely important. Familiarity with the tools and people, both internally and externally, that can be called upon during an incident can really help. Using the right tools to facilitate event triage and the investigative process can improve the efficiency of security resources – allowing them to spend more time on higher value activities, such as rehearsing processes and threat hunting.

One thing is certain, as threats continue to evolve and more and more of our businesses become reliant on Internet services for day-to-day business activities, ensuring we invest appropriately in the technologies, people and processes that contribute to the security of our organisations is only going to get more important. Having a good view of the threat landscape, and how it pertains to the businesses we work within, is something everyone needs.