Application SecurityDDoS AttacksSecurity

Distinguish between legitimate users and attackers – The secret sauce of DDoS protection

June 18, 2013 — by Ronen Kenig2

Distributed Denial of Service (DDoS) is unique in the sense that these attacks actually consist of many legitimate individual requests. It is only the large volume of simultaneous requests that turns those legitimate requests into an attack. Consequently, one of the biggest challenges in mitigating DDoS attacks is distinguishing between malicious and legitimate traffic.

Application SecurityAttack MitigationDDoS AttacksSecurity

Why Low & Slow DDoS Application Attacks are Difficult to Mitigate

June 10, 2013 — by Ronen Kenig5

The naïve and still common perception of DoS/DDoS attacks is that to be destructive, attacks must use brute force and generate massive traffic. Low & Slow DDoS application attacks prove otherwise. Similar to guerilla warfare tactics, Low & Slow application attacks create significant damage with minimal resources. What’s more? Detecting and preventing these attacks presents a significant challenge. The following post goes in-depth to break down why Low & Slow application level attacks are difficult to detect and mitigate.

Attack MitigationDDoS AttacksSecurity

Can your firewall and IPS block DDoS attacks?

May 21, 2013 — by Ronen Kenig10

More and more organizations realize that DDoS threats should receive higher priority in their security planning. However, many still believe that the traditional security tools such as firewalls and Intrusion Prevention Systems (IPS) can help them deal with the DDoS threat. This post explains why organizations should not count on their firewall and IPS when it comes to mitigating DDoS attacks.

Attack MitigationDDoS AttacksSecurity

How Much Can a DDoS Attack Cost Your Business?

May 14, 2013 — by Ronen Kenig6

Quite a lot, it seems. The Ponemon Institute study estimates that the average cost of one minute of downtime due to a DDoS attack is $22,000. With an average downtime of 54 minutes per DDoS attack, this amounts to a heavy toll. Obviously, the costs depend on several variables, such as your business segment, the volume of online business, competitors, and your brand.

Attack MitigationDDoS AttacksSecurity

What It’s Like to Get Hit With a DDoS Attack – An Inside View

May 2, 2013 — by Ronen Kenig5

It’s not always obvious to a network or system administrator that their company’s infrastructure is under attack. In fact, an attack usually starts slowly and it’s only as the attack progresses that someone takes notice. But what does a DDoS attack look like from the inside? What are the early warning signs? Who are the principle players? What steps are taken to mitigate an attack? What tensions and emotional responses does an attack produce at the various levels of an enterprise? In the following post, a system administrator of a bank provides an hour-by-hour break down of the early stages of a DDoS attack as experienced in real time.

Attack MitigationDDoS AttacksSecurity

Mitigating Attacks in 2013: The Year Companies Push Hackers Back

January 2, 2013 — by Ronen Kenig4

In 2012, DDoS attacks revealed a new cyber security trend: attack campaigns that last for days and sometimes even weeks. Unfortunately, many organizations that find themselves under attack don’t know how to change the attack dynamics. Instead of working to halt attacks, many just wait passively for them to conclude.

But what about stopping the attack? Why can’t organizations become more proactive and implement counter measures that can halt the attackers from sending additional malicious traffic? Why not push the hackers back as far as possible from critical applications?

Attack MitigationDDoS AttacksSecurity

Anonymous Launches #OpIsrael – Attacking Israeli Websites in Conjunction with Gaza Missile Attack

November 16, 2012 — by Ronen Kenig1

As you have likely have read in the news today, the hacktivist group Anonymous launched #OpIsrael – an online attack of Israeli websites in retaliation for recent missiles attacks from Gaza. Through efforts on social media outlets, IRCs and Pastebin, Anonymous called for its tens of thousands of supporters from around the world to join this attack.

This morning, Radware’s Emergency Response Team (ERT) released a new threat alert regarding an upcoming DDoS attack on Israeli websites including the IDF website, the Prime Minister Office website, Israeli banks, airlines and infrastructure sites. The attack started at 10AM Israel time on 11/15 and is expected to last for many hours.

Attack MitigationDDoS AttacksSecurity

At the Precipice of an IT Security Tipping Point: Radware & Ponemon Institute Unveil New Survey of Security Experts

November 13, 2012 — by Ronen Kenig0

At Radware, we feel strongly that 2012 has been the year of the DDoS attack – and it doesn’t look like it’s going to change any time soon. Over the past few months, we’ve seen strong evidence that cyber attacks, including DDoS and DoS attacks, will only continue to become more intense and more powerful. With little chance these attacks will slow down in the new year, it is essential for organizations to act now to protect themselves. That’s why we commissioned a new in-depth research report, “Cyber Security on the Offense: A study of IT Security Experts.” Co-authored with the Ponemon Institute, this survey of 705 senior IT security practitioners explores the current cyber threat landscape and how well prepared organizations are to deal with today’s large-scale DDoS and DoS attacks.

The results are telling.

DDoS AttacksSecurity

Can Hackers Ruin America’s Election Day?

November 5, 2012 — by Ronen Kenig0

While the majority of American’s will cast their vote for the next President of the United States by going to the polls this Tuesday, there are a growing number of Americans for whom the option of voting via email is now available. Currently, 32 States, and the District of Columbia, allow military personnel and registered voters living overseas to cast their ballots using email, fax or an Internet portal. However, in light of the recent damage wrought by Hurricane Sandy, New Jersey election officials are allowing voters displaced by the storm to cast their ballots via email as well.