Each year brings with it new DDoS attack trends. 2015 was characterized by multi-vectors attacks (Radware). 2016 introduced major disruptions in terms of technology and attack scale (SecureList). And Q1 2017 saw a decrease in amplification-type attacks and an increase in encryption-based attacks (SecureList). These are all interesting trends, but how can you use such data to improve and tighten your organization’s protection? One of the first steps that comes to mind is evaluating which type and scale of DDoS attacks can your organization currently endure with your existing security systems. While your business may not need to be ready for the most massive, state-sponsored attack type, you’d like to evaluate whether you’re protected against complex, encrypted attacks.
Know Where You Stand - The DDoS Resiliency Score
The DDoS Resiliency Score (DRS) is a measurement standard designed to objectively evaluate the ability to withstand different types of DDoS attacks. This is achieved by defining seven different attack levels that increase in traffic volume, vector types and sophistication. The standard is dynamic and changes over time to reflect the introduction of new attack vectors and evasion techniques, increases in volume, etc.
Using the DDoS Resiliency Score, you can:
- Evaluate your DDoS attack readiness
- Make better technology decisions
- Facilitate communication between technical teams and management
Updates to the DDoS Resiliency Score 2017
To reflect attack trends, several changes were introduced to the DRS measurement standard, as described below. You can read the full updated standard document here.
Attack Rates Increased
2016 included large attacks peaking over 1 Tbps (Tera-bits-second). As a result, the attack rates of each of the seven levels were increase, as illustrated below.
In a similar manner, packets-per-second (PPS) was raised up to 500 million, and transactions-per-second (TPS) was raised up to 25 million.
Direct Network Attacks
DDoS mitigation often uses an architecture in which a CDN or large reverse proxies are placed in front of the web services as a protection layer. However, sophisticated attackers will attempt to reveal the origin network or IP address and attack directly, making the mitigation layer completely useless.
The attack vectors in ‘Level 6’ and ‘Level 7’ now include this sophisticated technique. In this case the evaluator will attempt to reveal the origin IP or network and then attack it directly. This challenges an organization to either hide its sources (which is not always feasible), or mitigate the direct attack.
For more information visit www.ddosresiliencyscore.org.
ARE YOU READY ?
Answer seven online questions and get a free report assessing your protection status with recommendations for improvement