Five reasons why your DDoS Mitigation might fail

DDoS Attacks on the Rise

There have been multiple incidents in the past few months reported about online security.

A recent one was related to retailer Travelex being held to ransom by hackers. The ripple effect of this attack did not spare banks such as HSBC and Barclays.

In another incident, researchers from a leading organization discovered a vulnerability in enterprise software offerings from Citrix that would put 80,000 companies at risk across approximately 160 countries

In October 2019, a major DDoS attack, approximately eight hours long, struck Amazon Web Services (AWS). This made it impossible for users to connect, because AWS mis-categorized their legitimate customer queries as malicious.shutterstock_369332108

Forrester estimates that a DDoS attack could cost an enterprise an estimated US$2.1 million dollars lost, for every four hours of downtime. This equates to US$27 million for a 24-hour outage.

Kaspersky reveals that the number of DDoS attacks have grown by 18% last year. The application layer attacks have also shown significant growth of over 30% in 2019. If these numbers are alarming, so is the fact that the efforts by threat actors are only growing and gathering momentum with every passing year.

Read the blog about Techniques to build a strong DDoS mitigation defense.

Below, is an assessment of major DDoS Mitigation Postures, that have been relied upon by several enterprises. This assessment takes a closer look at why DDoS Mitigation Technologies Fail.

Assessment of Major DDoS Mitigation Postures

  • Cloud Scrubbing may not always work
    A cloud scrubbing center’s advantage is analyzing large volumes of traffic. However, it is generally less able to recognize application-layer attacks. This is because most Application Layers (Layer 7) traffic are encrypted.
    Therefore, scrubbing centers are cautious of applying incorrect settings which would result in false positives. This limits the ability of a scrubbing service to effectively mitigate malicious Application Layer traffic. It is highly dependent on whether it has the relevant decryption keys. “SSL Visibility” is required, as well as an engagement of professional services.

  • Customer Premise Equipment (CPE) may fail in the face of Internet Pipe Saturation
    It is a fact that with the increasing use of AI, vendors are including more specialized detection software based on behavioral analysis. However, CPEs’ without a scrubbing center will not stand against large volumetric attacks, even if the CPE equipment is well configured. CPEs require manual fine tuning as well as ongoing costs related to infrastructure management. This makes it expensive and frequently unreliable.

  • Intrusion Prevention Systems (IPS) Are Not for DDoS Attacks
    IPS inspect incoming traffic to weed out malicious requests by using advanced filters. Customized filters may also be created on the fly. IPS does block additional cyber threats but is not thought of as a DDoS mitigation mechanism or component.
    This is because the underlying design is focused on blocking security breaches and is not set to stop a DDoS attack. These systems generally have some layer 3, 4 and 7 protection capabilities, but can only be used to help filter out leakage from components up stream.

  • Web Application Firewalls – Vulnerable to High Load
    WAFs depend on whitelisting and backlisting, which need to be updated continuously.
    If updated regularly, legitimate user traffic will be allowed through, while suspicious traffic will be routed elsewhere for further inspection. Alternatively, it will simply be blocked. When it comes to protection against DDoS, application firewalls require proxy applications for each protocol.
    This is cumbersome and difficult to create and manage. Proxy agents are often used to support undefined protocols and applications, but the fact that they are undefined makes them a vulnerability. They are also vulnerable to high load. Because of their stateful nature, DDoS and other high load situations may create downtime with WAF’s.

Data shows that for enterprises of all sizes, DDoS mitigation is a serious business. Relying on one, or a combination of mitigation postures, will not be enough to manage vulnerabilities.
It is not uncommon for enterprises to believe that their legacy DDoS Mitigation such as Content Delivery Networks keeps their network safe, or that the firewalls and WAFs are protecting their organizations from attacks. Cloud service providers offer cloud scrubbing and enterprises that have migrated to the cloud are clothed in a feeling of false security.
The truth, however, is that DDoS mitigation technologies are only effective when their configuration perfectly maps the networks they’re protecting.


Even with the best DDoS mitigation postures, chances of successful DDoS attacks are as high as 48%

The `Beginner’s Guide to DDoS Mitigation Technology’ whitepaper, analyzes the advantages as well as disadvantages of the different mitigation postures and components. This whitepaper also identifies the weaknesses and guides on the best way forward.

Read this blog to knock down DDoS vulnerabilities from 48% to under 2% continuously.


Beginner's Guide to DDoS Mitigation

About MazeBolt

MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.


Picture of Yotam Alon
About Yotam Alon

Yotam is Head - R&D at MazeBolt and is in charge of all R&D activities, infrastructure and security. With five years in the security industry, Yotam brings fresh perspectives and insights into current technologies and development flows. He holds a BSc. in mathematics and philosophy and enjoys hitting the archery range in his spare time.