It's one thing to have security vendors email me suggesting that cyber attacks are getting worse. It's another thing altogether when a vendor comes to me with hard metrics. Such is the case with Arbor Networks, the security division of NETSCOUT.
Given Arbor is all about helping to protect enterprise and service provider networks from distributed denial-of-service (DDoS) attacks, it is fair to suggest that any mention of increasing attack numbers is a little self-serving. But ulterior motives notwithstanding, it's worth hearing what they found.
+ Also on Network World: DDoS attacks are more than disruptions to service +
The data from the survey was gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor. ATLAS provides the data for the Digital Attack Map, a visualization of global attack traffic created in collaboration with Google Ideas. ATLAS data has also been utilized recently in Cisco’s Visual Networking Index Report and the Verizon Data Breach Incident Report. Anyway, enough of that, what were Arbor's findings?
At a high level, and as might be expected, there is a continuing escalation in both the size and frequency of attacks. ATLAS has observed an average of 124,000 events per week over the last 18 months and a 73 percent increase in peak attack size over 2015, to 579 Gbps. In contrasting these results versus previous ones, the results show:
- 274 attacks over 100 Gbps monitored in the first half of 2016 versus 223 in all of 2015.
- 46 attacks over 200 Gbps monitored in the first half of 2016 versus 16 in all of 2015.
- The United States, France and Great Britain are the top targets for attacks over 10 Gbps.
To give some context, a 1 Gbps DDoS attack is large enough to take most organizations completely offline. And given results for the first half of 2016 were only about 1 Gbps (a 30 percent increase over 2015), Arbor predicts average attack size to increase to 1.15 Gbps by the end of the year. This is where Arbor comes in, or at least Arbor's solutions:
“The data demonstrates the need for hybrid or multi-layer DDoS defense,” said Darren Anstee, Arbor Networks' chief security technologist. “High bandwidth attacks can only be mitigated in the cloud, away from the intended target. However, despite massive growth in attack size at the top end, 80 percent of all attacks are still less than 1 Gbps and 90 percent last less than one hour. On-premise protection provides the rapid reaction needed and is key against 'low and slow' application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and [intrusion prevention systems] (IPS).”
Clearly, DDoS attacks are an ongoing issue and one that cannot be ignored. The findings from this survey certainly play into the hands of vendors selling solutions and, as such, could be seen to be self-serving. But for IT security teams looking for empirical evidence to justify budget increases, this will be valuable data.
This article is published as part of the IDG Contributor Network. Want to Join?