Security and network managers are reporting more distributed denial-of-service (DDoS) attacks, and new attack vectors include resource starvation attacks that cripple Web site performance. As the sophistication of brute force and application-specific attacks grows, enterprises are not adequately prepared to deal with the problem.
According to a 2014 survey conducted by SANS, many organizations are not updating their on-premises tools to deal with sophisticated DDoS attacks, and 40% of those surveyed did not have DDoS response plans in place.
While it's getting harder to detect and defend against DDoS attacks, there are strategies that you can use against attackers that combine multiple attack techniques. In this edition of Beyond the Page, John Pescatore explores new DDoS attack vectors and discusses incident response planning (tools and processes) you need to plan for in 2015.
Video: Strategies for DDoS defense and recovery
DDoS attacks are increasing in both frequency and sophistication and enterprises need an approach to mitigating them. In this video, Pescatore discusses local and cloud-based DDoS mitigation strategies and the value of preparedness.
Watch the video: Strategies for DDoS defense and recovery
Feature: DDoS defense planning falls short
Denial-of-service attacks represent a high risk for almost all enterprises. Having a response plan to an attack is a start but failing to regularly test DDoS mitigation processes can lead to inadvertently amplifying an attack. Learn why proper planning for DDoS mitigation requires cooperation between IT, network operations and security groups.
Continue reading DDoS defense planning falls short
Tech Tip: Denying denial-of-service attacks
There's no question DDoS attacks that use compromised systems or Web services can cause tremendous damage to businesses. Most organizations will need a mix of external services and on-premises DDoS mitigation controls to combat these attacks. Pescatore explains why.
Continue reading Denying denial-of-service attacks
About the author: John Pescatore is director of emerging trends at SANs Institute. A former vice president and distinguished analyst at Gartner, Pescatore has over 30 years of experience in computer, network and information security. Prior to Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems and a security engineer for the U.S. Secret Service and the National Security Agency.
Read the full February edition of Information Security magazine
New research shows that average DDoS attacks are growing larger and more prevalent
How to respond to the latest distributed denial-of-service attacks