4 Massive Myths of DDoS


Myth #1: DDoS can be Solved by Adding Bandwidth

Truth: As illustrated in the graph below, attacks in 2011 were quite varied and over 76% of application-level attacks were non-volumetric in nature (that is bandwidth was not an attribute of the service disruption). Thus adding bandwidth would not have remedied the problem, and in some cases, would have made the attack worse!

Attack Types and Bandwidth have Varied!

Myth #2: DDoS Attacks are Based on Network Attacks – Mostly SYN Floods

Truth: 2011 was a watershed year not only logging more application-layer attacks then network, but also, the network level attacks were varied across UPD / TCP and IPv4 & IPv6 (as illustrated in the graph below)!

Radware Security Survey: Attack Count by Type and Bandwidth

Myth #3: DDoS Attacks Can be Mitigated by Internet / Cloud “Scrubbers”

Truth: DDoS “Cleaning” requires a layered approach (almost like all other security approaches). Cloud scrubbers have value, however premise-based devices are required for application-layer, encrypted and advanced anti-CDN attacks (as illustrated in the graph below).

Myth #4: My firewall and IPS devices protect me from DDoS Attacks

Truth: In 2011, IPS’ and Firewalls contributed to 1/3 of all originating service disruptions (see graph below).

Firewall and IPS Security Devices Accounted for 1/3 of Availability Outage/Bottleneck Problems in 2011


Please enter your comment!
Please enter your name here