If you were investing in a home security system, it’s likely you would not choose the one that requires you to alert the security company yourself when you notice an intrusion or threat. The reason for this is obvious: if an intruder breaks in while you’re not paying attention, you won’t be able to activate your security until it’s already too late. In short, this would be completely unacceptable.
So, why is it that self-reporting is considered standard for many DDoS protection services when the damage incurred by a website during a DDoS attack? This simply should not be the case.
The price tag attached to one minute
There are many consequences when it comes to DDoS attacks, but the ones that tend to make the biggest impact are the financial consequences, and to this degree, there are plenty.
An unmitigated DDoS attack can cost the owners of a website, on average, $40,000 per hour. That means that for each extra minute it takes your DDoS protection to kick in, your organization could be paying an appropriately evil-looking $666.66. That’s roughly $11 per second.
DDoS attacks can also cause damage that can’t immediately be estimated. This includes damage to hardware, software or both. The downtime caused by a DDoS attack can also have a profoundly negative impact on consumer loyalty, causing consumers to wonder if your site is going to be reliable in the future, as well as whether or not your site is truly equipped to protect their financial information.
This is a valid concern, as many DDoS attacks are used as a smokescreen while attackers either install malware or hack into a website in order to steal financial information, other confidential data, or intellectual property.
BGP-based DDoS protection
BGP is border gateway protocol, which is the protocol that allows for the transfer of routing information between most major internet service providers. BGP also allows for the transfer of routing information between large client sites and their own ISPs. In terms of DDoS attacks, think of BGP as a dam all traffic passes through in order to get to a website.
There’s a reason many DDoS protection services are BGP-based: when these services are on, they’re incredibly effective. When a website with this type of protection is hit with a DDoS attack, the client sends out a BGP announcement, which then redirects all traffic to a scrubbing server which deals with attack traffic while allowing legitimate traffic through to the site unimpeded. With this safeguard in place, malicious attack traffic doesn’t even touch the target site.
Time to mitigation limitations
As stated, when BGP-based DDoS protection services are on, they’re incredibly effective. The issue is that BGP-based protection is on-demand, meaning that when your website is targeted by a DDoS attack, you or your security personnel will need to manually activate these services. That means the time to mitigation depends on how quickly a person can recognize a DDoS attack.
Recognizing a DDoS attack is complicated by the fact that just because attack traffic is malicious doesn’t necessarily mean it will look the part. On the surface, DDoS attack traffic may look like legitimate traffic, it just eventually builds into an amount that overwhelms your server or other resources. DDoS attacks also tend to start slowly, ramping up into an onslaught, making it hard for security personnel to determine whether an increase in traffic is due to something like a public relations blitz or product release, or if it is in fact coming from a malicious attack.
Businesses or websites that are big enough to have their own always-operating network operations centers (NOC) will have an easier time spotting these attacks and activating protection services. For sites without an NOC, oftentimes they will go unaware of an attack until a user contacts them about connectivity issues.
What you can do to reduce those $666.66 minutes to mitigation
To begin with, you can take a three-pronged approach to getting faster DDoS protection service response time. The first thing you need to look at is how quickly your organization can identify an attack. You can look into improving the real-time monitoring of your traffic, or if that isn’t feasible, check to see if your DDoS protection service provider offers supplemental alerts monitoring.
You also need to look into the steps you’ll have to take to activate your services in the event of an attack. A self-activation option is ideal because it eliminates the time you’ll have to spend contacting your service provider. Failing a self-activation option, you need a service provider that has 24/7 support and provides guarantees for how quickly they will respond to your call for help.
The last factor, your time to mitigation, will depend on is how quickly your DDoS protection provider can analyze and start filtering your traffic. How long this takes will depend on how good the service’s mitigation hardware and filtering capabilities are.
In short, the better your DDoS protection service provider is, the faster an attack will be mitigated.
Optimal time to mitigation (source: Incapsula)
Looking to the future of DDoS protection
If you’re thinking to yourself that there has to be a better way than relying on DDoS protection services that are relying on you to notice you’re under attack, then rest assured that leading DDoS protection service providers are thinking the same thing.
Imperva Incapsula, for one, is developing a DDoS protection service that can be configured to be always-on without impacting a server’s performance and can be deployed to protect individual IPs. This solution is already in advanced beta testing and in use by dozens of its clients.
Let the machines take over
No one would expect you to be able to protect your home 24/7, so don’t make it necessary for you to protect your website 24/7. By choosing a leading DDoS protection service provider, you can offload as much of that monitoring work as possible and greatly reduce your time to mitigation.
