Don’t rely on your firewall & IPS when it comes to preventing DDoS attacks

By Tim Murphy, Country Manager, Arbor Networks

Security teams are having to defend their organisations from larger, more complex and more frequent DDoS attacks. The most significant challenges they’re facing is the emergence of botnets that exploit the Internet of Things (IoT) devices. The huge growth of these devices brings enormous benefits to businesses and consumers, but for attackers, they are easy targets as their poor security is often non-existent or poor at best.

Sadly, the days of relying on firewalls and Intrusion Protection Systems (IPS) to stop DDoS attacks are long gone, as these devices themselves are as vulnerable to any other to a DDoS attack. The results of an attack can be extremely costly and despite twenty years of headlines about DDoS attacks, many Australian organisations are still ill-prepared to handle today’s threats.

IDC recently published the IDC IT Security MaturityScape report for Australia and while it says that we are more advanced than our APAC neighbours, the report highlights that over half of the organisations in Australia are what IDC refers to as "Reactive Responders" when it comes to their security preparedness. While ten per cent still use an ad-hoc approach to security and are labelled “Naïve Novices”, and only employ basic operational security measures.

Limited Defences

I’m not saying firewalls don’t stop DDoS attacks, I am saying they don’t stop them all and relying on firewalls and IPS, or a single layer of protection from their ISP or their CDN leaves businesses exposed and only partially protected. Firewalls and IPS are stateful devices, which often means they become targets of DDoS attacks themselves, while cloud-only or CDN protection does not provide adequate protection for critical business applications.

Firewalls have improved the ability to integrate threat defence and intelligence to protect against a range of threats including botnets, command and control servers, advanced persistent threats (APTs) and zero-day threats. They are also effective in dealing with network integrity and confidentiality. However, with DDoS protection, they provide a false sense of security, because they fail to address the fundamental concern regarding DDoS attacks, which is network availability.

Many businesses wrongly believe they are not being targeted by DDoS attacks and attribute outages to equipment failures or operational errors, as they don’t have visibility of what is really happening. This can lead to repeated investments that don’t solve the problem.

According to Arbor’s 12th Annual Worldwide Infrastructure Security Report (WISR): (

  • Nearly half of Enterprise, Government and Education (EGE) respondents had firewall or IPS device experience a failure or contribute to an outage during an attack
  • Firewalls, load balancers, and CDNs all tied for last place in effectiveness at mitigating DDoS attacks
  • Sixty percent of EGE organisations estimate that their downtime costs more than $500/minute.

Industry analysts are united in their belief that purpose-built intelligent DDoS mitigation systems serving as part of a layered defence is the best way to mitigate today’s complex DDoS attacks. EGE organisations indicated an increasing understanding of this reality, but many still deploy traditional security technologies for DDoS defence.

The good news is that across the board, there is more appreciation and understanding of the risk of relying on only firewalls. This year’s survey results show a better understanding of the brand damage and operational expense of successful DDoS attacks and a growing focus on best-practice defensive strategies. In every industry, there has been an increase in the use of purpose-built DDoS protection solutions and best practice methods.

  • 77 per cent of service provider respondents are capable of mitigating attacks in less than 20 minutes
  • Nearly 55 per cent of EGE respondents now carry out DDoS defence simulations, with approximately 40 per cent carrying them out at least quarterly
  • The proportion of data centre and cloud provider respondents that are using firewalls for DDoS defence has fallen from 71 per cent to 40 per cent.

Defending your organisation from DDoS

To combat DDoS attacks today organisations must implement layered DDoS defence. Businesses need specialised defences at the network perimeter to proactively protect themselves from the most stealthy, sophisticated application layer attacks and they need cloud-based DDoS protection that can be called upon when an attack escalates.

In today’s digital landscape, layered defence has never been more important. Having the right solutions and processes in place will allow security teams to become more efficient and effective, protecting their organisations from becoming the next DDoS victim!

By Tim Murphy, Country Manager, Arbor Networks