“You get what you pay for.” This is true for many areas in life and it also applies to IT security.
In the news again! – “123456host hacked, 13M customers exposed.”
Why does this happen again and again? Many security service providers offer a low cost, always-on cyber-attack and DDoS protection solution and many customers think that this is “good enough” for them.
Hacked customers are in the news all the time and we see many customers that have improved their current protection because they either depended on the carrier only or just didn’t have a solution in place and after they were hacked – they reviewed their decision.
Distributed-Denial-of-Service (DDoS) attacks cause far-ranging damage, but they also open the door to secondary attacks. Multiple DDoS hits can result in network breaches that can lead into additional damage like the loss or theft of sensitive data. Therefore, when you have plans to invest in a solution to protect you from cyber-attacks, you need to thoroughly assess options in the market to avoid costly mistakes.
To find the right solution for your requirements and needs and to get the right protection there are many questions you may ask:
Will this be the right solution? Will it be able to protect all of your assets in the case of multi-vector and continuous attacks? Will attacks on the application layer or SSL-based attacks be covered? How private is your data when it runs through the data center of a service provider should they be compromised?
There’s a lot to consider.
After considering all of this, evaluate how and if you are covering the cyber-attack threats facing your unique environment. This checklist can help you find out and identify the different types of DDoS attacks, threats, targets and techniques.
Choosing the Right Vendor and Solution For You
It is crucial to verify a vendor’s experience and reputation. Is their technology market proven? Who are their clients and do they have MSSP clients? Have their clients made headlines for being attacked? In addition, I also highly recommend that you evaluate a single vendor that is able to provide comprehensive attack detection AND mitigation.
Emerging threats bring with them new attack vectors. It is important to make sure that known attack vectors are mitigated by the offered solution and that protection against SSL encryption attacks and various web-stealth attacks are also included. Be certain to verify that the solution is a hybrid one in order to effectively handle pipe saturation risks with no disturbance to your users’ experience. Ensure the solution provides layered protection that covers attacks against the network, servers and applications.
Real-Time and Post-Attack Analysis
Visibility is critical in layered security architecture. Having a Security Information and Event Management system (SIEM) integrated as part of a DDoS protection solution is extremely important. The fact that the IT staff can have full visibility and receive information in real-time, from all detection tools protecting the enterprise assets is crucial. Advanced anti-DDoS solutions must be well integrated with SIEM systems that are able to aggregate, normalize, and correlate data from multiple sources. Real-time information, reports, automated analysis and processes provide visibility and insight during attacks and for post-attack analysis and forensics.
Support When Under Attack
Verify in advance the vendor assistance that is available when you are under attack. There are vendors that offer a team of experts to support clients. Be sure this assistance lasts throughout the whole attack campaign and the team provides post-attack analysis. Some vendors keep a team of researches that provide periodical updates on the market and the new threats.