How to Manage Your Q4 Nocember DDoS Risk

For the past 5 years, 1 out of every 4 dollars spent online was spent during the November & December (Nocember) online shopping frenzy. This e-commerce shopping bonanza is clearly illustrated by the jagged teeth rising in the graph below, and on a global scale is expected to grow by over 350% from US$1,300Bn in 2014 to US$4,900Bn in 2021.

US-ecommerce-Sales-growth-chart

For the global e-commerce platforms driving this tremendous momentum, and for the myriad of businesses comprising the ecosystem that supports online shopping, which include: payment & marketing services, shipping, logistics and many others – there’s one axiom – no downtime.

Time is money – BIG MONEY.

One of the major threats to a websites’ online availability, is DDoS attacks. According to the latest Neustar report ,DDoS attacks hit 92% of enterprises once and 76% twice or more. The average cost of an attack to an enterprise was a staggering US$2.5M.Nocember Calander

With a price tag that high, companies are investing in DDoS mitigation solutions such as on premise devices, cloud scrubbing services or hybrid solutions of both that are designed to block DDoS attacks before they reach the target network and wreak havoc.

Barrett Lyon @Neustar: "…it’s clear that companies are buying [DDoS Mitigation] solutions that aren’t working"

The problem most companies are realizing is that DDoS mitigation solutions don’t work “out-of-the-box” as expected and the data reflects this. MazeBolt testing results from over 500 tests strongly supports Neustar’s Barrett Lyon’s assertion. When tested for the first time DDoS mitigation successfully mitigated only 55% of DDoS attacks, on average – regardless of the mitigation solution used.

Taking a broader view, this means that with 92% of enterprises being hit, and DDoS mitigation only working 55% of the time – nearly 1 in two DDoS attacks is successful!

To understand why these solutions don’t work “out-of-the-box”, you can think of DDoS mitigation as a protective glove that’s cut out especially for your network. Only the network you’re protecting is constantly changing with new servers and services being rolled out all the time – adding new thumbs and growing existing fingers longer, so to speak. This means that in order for your DDoS mitigation glove to fit perfectly you need to match each network change with a respective fine tuning of your DDoS mitigation posture.

In reality, companies do not constantly re-configure and fine-tune their DDoS mitigation postures and this is precisely where DDoS Gaps emerge.

The most effective way of identifying DDoS Gaps proactively is DDoS Testing. DDoS Testing is an iterative process of simulating a wide variety of real DDoS attacks in a highly controlled manner to help companies identify their DDoS Gaps and systematically close them.

MazeBolt’s BaseLine DDoS Testing Methodology reduces DDoS risk by over 60% on average and has become the de-facto industry DDoS Testing standard.

With Nocember's e-commerce bonanza on the horizon, this is this time of year we start working with enterprises to plan their DDoS Testing program and help them ensure that come Nocember their customers have a reliable shopping experience no matter what threat actors have in store.
 

What can I do to prepare?

Picture of Yair Melmed

About Yair Melmed

Yair is Vice President of Business Development & Operations at MazeBolt. He brings more than 20 years of Account Management, Business Development & Finance experience and excels in rapid growth environments. Most recently, Yair spent five years in the homeland security industry where he established and led the Account Management team for multi-billion dollar projects. Yair holds an MBA from INSEAD, Fontainebleau and a B.A in Philosophy & Economics from the University of Haifa, and enjoys early morning open water swimming.