Reasons Why Your DDoS Protection System Doesn't Work.
No, I’m not psychic. I simply know this for a fact. After completing hundreds of BaseLine DDoS tests, we see, on average, a 40% vulnerability gap across the industry and DDoS vendor spectrum. Whether you’re a stock exchange or a large e-commerce platform, you most likely have this gap in your DDoS defenses. This gap consists of the most common attack vectors you are likely to face in the wild.
While there are thousands of types of DDoS attacks, they generally fall within three general categories – volumetric, protocol, and application attacks. No matter how much money you have
spent on the system or on MSSP or DDoS vendor support, your system is going to fail against at least one of them.
Let me count the ways...
1) You believed the salesperson. The latest and greatest DDoS protection widget is supposed to integrate with every device from A-Z. Unfortunately, you have some devices on your network that are $, %, and *, and these just don’t work with their brand.
2) Your system is configured incorrectly for your environment. You’ve paid anywhere from $50,000-$1,000,000 for your DDoS protection plus all the ongoing service costs. So have thousands of other organizations. The companies from which you’ve purchased your equipment need to install those devices while also maintaining a lean organization. Therefore, the system is configured for the most common environments–which isn’t yours.
3) Someone on your team forgot to put something back. This is more common than you think. Let’s say you are adding a new system inside the network and don’t want the DDoS appliance to block it. You put the appliance onto report mode instead of block mode–and left it there.
4) Unprotected service. A server is added to your environment and not configured as part of your DDoS profile or policy. If your networking team hasn’t told your security team that this has been done, they won’t know they have to secure it at all. Remember any new service is a receptor to traffic and should be protected by a DDoS mitigation policy.
5) Incomplete risk analysis. More protection devices are not always better. Where do they meet? Where do they duplicate? Where do they leave gaping holes? Do you know how to control your equipment during an attack? Do you know it works?
6) You don’t have visibility. If you cannot correlate and connect all your devices, attackers have a lot of time to find the weakest link. During a DDoS attack, not having visibility in real time will extend your downtime significantly. How long will it take you to understand the effects on the firewall, router, application servers and DB in your organization during a DDoS attack?
7) Outdated technology. Some CPE DDoS equipment providing network protection are just too old to be effective. The complexity of technology and attacks have increased–but these devices are just not keeping up.
8) The system is too complex to use. Your company is cutting edge. It's spent a few million on a very strong cyber defense - but no one knows how to use it and there's no time to learn. This is especially true with DDoS mitigation.
9) You have human employees. We're the weakest link. We need to be trained all the time to use the DDoS technology that's protecting our organizational infrastructure. If you avoid drilling the team in DDoS attack response, you do so at your own peril.
Hey, look on the bright side. If you test your system on a regular basis, you can find these problems and fix them pretty quickly. MazeBolt can help.
To get a clearer picture of the types of testing you need to consider, please register so you can download the CISO DDoS Handbook.