2015 Ddos Impact Response Study PDF 6 H 62

2015 DDoS Impact
& Response Study

Findings of the 2015 Survey by Information Security Media Group
INSIDE:
• Complete Survey Results
• In-Depth Analysis
• Expert Commentary
Sponsored by
From the Editor
About the 2015 DDoS Impact & Response Study
DDoS attacks may be out of the headlines, but they have hardly disappeared as a significant
business concern.
In this new 2015 DDoS Impact & Response Study of organizations in the U.S. and UK, we find:
»» 55% of respondents say they have experienced as many or more attacks as in the past year;
»» 60% say the attacks were equal or more powerful than previous attacks.
Tom Field Some clear messages emerge in the survey results ahead, and I’m eager to share them with you.
VP - Editorial
Among those messages:
Information Security
Media Group
»» DDoS attacks are frequent and powerful;
»» They are having significant business impacts;
»» Current tools and staff are insufficient;
»» Organizations are turning to new investments in tools and services.
Now, it’s important to point out: This survey, although sponsored by Neustar, is distinct from Neustar’s own
annual DDoS Attacks & Protection Reports. This past April, in fact, Neustar released two such reports –
one for the U.S. and one for EMEA. You will find links to these studies at the end of this report.
Our DDoS Impact & Response Study is meant to complement Neustar’s DDoS Attacks & Protection
Reports, taking a deeper dive into trends specifically in financial services.
Please enjoy this snapshot of today’s DDoS activity and defenses in financial services, and pay close
attention to survey analysis provided at the end by Joseph Loveless of Neustar.
Do our findings match your experience with DDoS? Please share your feedback with me.
Best,
Tom Field
Vice President, Editorial
Information Security Media Group
tfield@ismgcorp.com
2 2015 DDoS Impact & Response Study © 2015 Information Security Media Group
Contents
2015 DDoS Impact & Response Study

About This Survey
This survey was conducted online by ISMG in the spring of 2015, with 300+
respondents primarily from financial service organizations in the U.S. and UK.
Survey Results
»» DDoS Today .......................................................... 5
»» Detection and Response ...................................
»» DDoS Defense .....................................................
11
19
23
2016 DDoS Defense Agenda
»» 2016 DDoS Defense Agenda ........................... 23
Conclusions ................................................................. 27
Survey Analysis from Neustar’s Joseph Loveless .. 28
Resources ..................................................................... 32
28
Survey Analysis from Neustar’s
Joseph Loveless
Sponsored by
Neustar is a trusted, neutral provider of real-time information and analytics with expertise in DNS management, DDoS mitigation, IP intel
and much more. We protect your online presence, safeguarding your websites, customer experience and reputation.
Learn more at www.neustar.biz.
2015 DDoS Impact & Response Study © 2015 Information Security Media Group 3
Message From the Sponsor, Neustar
Neustar’s focus is on bringing powerful data insights to help drive high-value business decisions. As a respected
provider of DDoS mitigation services, we make continual investments, not only in our network capacity, but also in
our knowledge-base.
To that end, every year, Neustar conducts a survey about DDoS activity and defenses with organizations across
the world. This year, we conducted two surveys:
»» April 2015 Neustar DDoS Attacks & Protection Report: North America
https://www.neustar.biz/resources/whitepapers/ddos-attacks-protection-report-us-2015
»» March 2015 Neustar DDoS Attacks & Protection Report: EMEA

https://www.neustar.biz/resources/whitepapers/ddos-attacks-protection-report-emea-2015
Intrigued by the trends specifically from the financial services industry, we partnered with ISMG to sponsor a
DDOS report focused on that segment. The result is this 2015 DDoS Impact & Response Study, which is meant to
complement our two other reports.
At Neustar, our focus is on keeping companies online. That is why we invest in research year after year. We serve
over 14,000 customers worldwide, and our world-class facilities include a global Network Operations Center, two
secure data centers and points of presence in 112 cities across 37 countries. We provide real-time information and
analytics for almost 7 billion physical and virtual device addresses (including telephone numbers, IP addresses,
global domain names and U.S. business listings).
So, whether it’s managing traffic, defending against cyber threats, ensuring website performance, or all of the
above, Neustar has you covered.
DDoS Today
This report offers an overview of how today’s DDoS

attacks impact financial service organizations. How
frequent are the attacks, and are they truly more
powerful than ever before?
To summarize the key findings:
»» 56 percent of respondents saw as many or more attacks in the past year than in the
previous;
»» 60 percent say attacks were equal or more powerful.
Following is a review of findings from each of the questions.
How do you self-assess your organization’s ability to successfully

mitigate distributed-denial-of-service attacks?
B - above average 41%
C - average 35
A - superior 12
D - below average 11
F - failing 2
0 10 20 30 40 50
More than As is common in surveys such as this one, broad self-assessment questions lead to
50 percent of
answers that reflect general corporate optimism. It’s only when the questions dig
deeper that they uncover the truth – which isn’t always as rosy as general opinion
respondents would portray it.
rate themselves In this case, the study finds that organizations generally feel good about their abilities
above average to successfully mitigate DDoS attacks. More than 50 percent of respondents rate
themselves above average or superior.
or superior
when mitigating But pay attention to the remainder who rate themselves at average or lower. Later in this
report, subsequent findings will unveil greater insight into organizations’ pain points in
DDoS attacks. their fight against DDoS attacks.
Has your organization experienced at least one DDoS attack in

the past year?
Yes 35%
No 50
I don’t know 16
0 10 20 30 40 50
Although 50 percent say they have not
been attacked in the past year, note
that just as many either have evidence
they were attacked, or are not sure.
If your organization did experience DDoS in the past year, were
the attacks more or less frequent than in the previous year?
There was no measurable change in

DDoS frequency
40%
I don't know
30
We experienced more DDoS attacks
in the past year
17
We experienced fewer DDoS attacks
in the past year
14
0 5 10 15 20 25 30 35 40
Of those organizations that know they experienced DDoS in the past year, more than half
saw attacks that were at least as frequent, if not more so, than in previous years. Only 14
percent say they experienced fewer attacks.
Of those who If your organization did experience DDoS in the past year, were
the attacks more or less powerful than in the previous year?
acknowledge
attacks, 60 There was no measurable change in
strength of DDoS attacks
percent say either 41%
that there was I don't know
32
no measurable We experienced more powerful
change in the DDoS attacks in the past year
19
strength of We experienced less powerful DDoS
attacks in the past year
the attacks, 13
or they were 0 5 10 15 20 25 30 35 40
more powerful
than those
experienced
And, again, reviewing responses from those who acknowledge attacks, 60 percent say
either that there was no measurable change in the strength of the attacks, or they were
previously. more powerful than those experienced previously.
Fewer than 15 percent report seeing less powerful attacks.
In the past year, where have you seen your organization’s biggest
increases in DDoS defense and mitigation?
Technology solutions 66%
Third-party vendor relationships 33
Staff 31
0 10 20 30 40 50 60 70 80
As a preview to the following sections on detection, response and general defenses,

this question measured how organizations have responded to increased frequency and
intensity of DDoS attacks.
In short, the strong majority has increased investment in technology solutions. Later in this
report, the findings will get into the specific solutions.
But respondents also have hiked their investments in internal staff, as well as third-party
vendor relationships with organizations that specialize in DDoS mitigation.
The next section identifies survey responses to questions on DDoS detection

and response.
Detection & Response
How well are companies able to detect attacks? Here’s

what organizations are doing to minimize site outages and
the resultant fallout.
Some key points to start the discussion:
»» 57 percent say their organizations are above average or superior at detecting

DDoS attacks;
»» 52 percent say they are above average or superior at response.
A review of the individual questions explores what these numbers mean.
How do you self-assess your organization’s ability to detect

DDoS attacks?
C - average 34
A - superior 14
D - below average 7
F - failing 1
0 10 20 30 40 50
Another self-assessment question, and in this instance a majority of respondents have

confidence in their organizations’ abilities to detect attacks. Fifty-seven percent give
themselves an A or a B.
But look at the 34 percent who give themselves a C. More than one-third of respondents
rate themselves average at best when it comes to detecting DDoS attacks.
In your opinion, where do the most damaging DDoS attacks
against your organization originate?
Cyber-criminal gangs 30%
Cyber-vandals 26
Hacktivist groups 16
Nation-states 10
Competitors 5
0 5 10 15 20 25 30
Understanding where attacks are coming from is important to defining a defense plan. In
recent years, the world has seen strings of high-profile attacks attributed to nation-states
and hacktivist groups, and those trends persist.
Among the key threat-actors identified by the respondents are criminal gangs, cyber-
vandals, hacktivists, nation states and even competitors.
When it comes to detecting an attack
that can take down a site and impact
business, is “average” good enough?
In the event of DDoS, how long does it typically take your
organization to detect the attack?
Between 5 and 10 minutes 26%
Between 1 and 5 minutes 25
Between 30 seconds and 1 minute 19
More than 10 minutes 15
Under 30 seconds 13
0 5 10 15 20 25 30
Returning to the topic of detection, how long does it typically take an organization to
realize it’s under attack?
According to survey respondents, more than half can spot these incidents in under
10 minutes.
What do they do once they detect a DDoS attack in progress?
How do you self-assess your organization’s ability to respond to
and mitigate DDoS attacks?
C - average 39
A - superior 13
D - below average 8
F - failing 2
0 5 10 15 20 25 30 35 40
When asked to self-assess, organizations are not quite as optimistic about their abilities
to respond to DDoS – despite feedback offered previously about general detection
and response.
Only 52 percent rate themselves at above average or superior, while 39 percent grade
themselves at just average.
Where are the deficiencies? The next section helps answer this question.
More than half the respondents say they are
mitigating these attacks in under an hour.
In the event of DDoS, how long does it typically take your

organization to respond to and mitigate the attack?
Under 30 minutes 32%
Between 30 minutes and 1 hour 27
Between 1 and 2 hours 17
Between 2 and 5 hours 7

0 5 10 15 20 25 30 35
More than half the respondents say they are mitigating these attacks in under an hour.
When considering detection and response,
it is important to know how many
individuals an organization dedicates
to mitigating a DDoS attack.
The simple answer for financial
services is: Not many.
How many people in your organization typically are involved with
DDoS mitigation and response?
2-5 53%
More than 10 16
6-10 15
1 11
0 10 20 30 40 50 60
The majority of respondent organizations have fewer than six individuals typically involved
with DDoS response and mitigation. Considering the potential impact of these attacks on
the business, this is a modest personnel investment, indeed.
DDoS Defense
So, what defenses are organizations currently deploying to

fight DDoS attacks?
In this section, the report reviews specific deployments. What the findings
generally reveal is:
»» 30 percent do not believe their tools, staff and skills are adequate to defend against
DDoS;
»» 50 percent say their biggest deficiencies are either technology & tools or staff
expertise.
The following charts review the responses to specific questions.
What are the current security elements you deploy for
Web Application Firewalls 61%
Traditional Firewall ISP based prevention (blackholing) 51
Switches and routers 49
DDoS mitigation service 30
Content Delivery Network 23
On-premise DDoS appliance + DDoS mitigation service (hybrid solution) 23
DDoS mitigation appliance 23
0 10 20 30 40 50 60 70 80
DDoS defense?
There are many layers of DDoS defense – as many as there are types of attacks.
The most common current security tools: web application firewalls, traditional ISP-based
firewalls, switches and routers.
But the findings also reveal a mix of on-premise appliances and third-party services,
which supports the market move toward hybrid DDoS solutions.
Do you believe your organization’s current tools, staff and

skills are adequate to defend against today’s larger and more
sophisticated DDoS attacks?
Yes 47%
No 30
I don’t know 24
0 10 20 30 40 50
Fewer than half the survey respondents believe their current defenses and skills are
adequate to respond to the strength and frequency of today’s attacks.
What do you believe is your organization’s biggest advantage
when it comes to defending against today’s larger and more
Technology and tools 35%
Third-party support services from

DDoS defense vendors
26
Staff expertise 23
Technical skills 10
0 5 10 15 20 25 30 35
Organizations cite technology and tools as their biggest advantage over their adversaries.
Third-party support and staff expertise rank second and third.
But …
Organizations cite technology and tools as their

biggest advantage over their adversaries.
What do you believe is your organization’s biggest deficiency
when it comes to defending against today’s larger and more
Insufficient technology tools 25%
Insufficient staff 25
Lack of skills 20
Third-party support from DDoS defense vendors 17

0 5 10 15 20 25 30 35
When asked to name their biggest deficiency, organizations also name their technology
tools, as well as their current staff.
So, what do organizations have planned for the year ahead?
2016 DDoS Defense Agenda
Survey respondents say they will increase their anti-DDoS

investments.
Key takeaways:
»» 99 percent expect equal or greater budget in 2016;
»» Top investment plans:

• DDoS mitigation service – 29 percent
• Hybrid solution – 22 percent
These topics will be expanded upon next.
How will your organization’s budget for DDoS defense change in

the coming year?
No change 54%
Increase of 1-5 percent 27
Increase of 6-10 percent 10
Increase of more than 10 percent 8
Decrease 1
0 10 20 30 40 50 60
Significant numbers of organizations expect sizeable increases in their DDoS defense
resources.
And subsequent responses present a look at their specific deployment plans.
What specific new security elements will your organization invest

in and deploy for DDoS defense in the coming year?
Web Application Firewalls 32%
DDoS mitigation service 29
On-premise DDoS appliance + DDoS 22

mitigation service (hybrid solution)
Content Delivery Network 20
DDoS mitigation appliance 19
Switches and routers 19
0 5 10 15 20 25 30 35
In terms of technology, organizations are increasing their spend in web application

firewalls, as well as third-party services and hybrid solutions – the combination of on-
premise appliances, cloud services and DDoS security vendors.
How will your organization in the coming year counter the growth,
proliferation and strength of DDoS attacks?
Improve processes and best practices

52%
Invest in new technology solutions
designed to counter the attacks
44
Invest more in third-party vendors who
specialize in DDoS defense
23
Hire additional trained staff
18
Invest in 'defense-in-depth' in an attempt
to overwhelm the attackers
11
0 10 20 30 40 50 60
To counter the DDoS expansion and growth, organizations show strong desire to invest
more in specific tools, as well as in third-party relationships. Again, greater support for the
notion of a hybrid solution.
How will your organization calculate return on investment in these
new measures in the coming year?
Improvement in detection and

response times
50%
Decrease in outages associated
with DDoS attacks
35
Decrease in successful DDoS attacks
35
Decrease in fraud and data loss
associated with DDoS attacks
22
Improvement in brand reputation
and customer trust
20
0 10 20 30 40 50
These respondents calculate ROI based on:
»» Improving detection and response;
»» Decreasing the number of successful attacks;
»» Decreasing outages associated with these attacks.
Conclusions
To conclude the overview of the survey results, these next

statements come back to the points made at the very
beginning of the report – with facts about what the survey
results have revealed.
»» Attacks Bigger, Stronger – No question, organizations are seeing

larger and more sustained attacks – and they are coming from all
sorts of threat actors. Nothing can be done to minimize the attempts
– attacks are going to be launched. The question becomes: How
quickly can organizations detect and respond?
»» Business Impacts are Felt – Whether it’s a short outage,

sustained downtime or just customers grumbling via social media,
organizations are seeing material damage from DDoS.
»» Current Tools and Staff are Insufficient – Organizations aren’t

currently doing enough. Tools and staff are insufficient, and
traditional defenses haven’t been successful by themselves. It’s time
for security leaders to invest more in DDoS experts and leading-edge
solutions.
»» Explore Hybrid Solutions – It’s not on-premise or in the cloud;

it’s both. This is the clear message from survey respondents.
Organizations increasingly are adopting hybrid DDoS solutions.
Next, Neustar’s Joseph Loveless will offer his unique take on the survey results, what
they mean, how they correspond with other research Neustar has conducted, and most
importantly … how can security leaders apply these findings in their own organizations?
Analysis
The 2016 DDoS Defense Agenda

Survey Analysis from Neustar’s Joseph Loveless
EDITOR’S NOTE: As part of the results webinar tied to this survey,

ISMG’s Tom Field sat down with Neustar’s Joseph Loveless to
discuss the survey results and – most importantly – how security
leaders can put them to work to improve DDoS defenses.
In this excerpt of that interview, Loveless discusses:
»» DDoS attack trends and business impacts;
»» Current DDoS security gaps;
»» The move to hybrid solutions.
Loveless is part of Neustar’s Product Management team with

a focus on developing strategies to help the world’s leading
back from the market has continued to affirm that the activity
companies better protect their digital presence to better
is growing, that it is changing, it’s becoming more complex and
serve their customers. He has a 25-year career in information
sophisticated. We are seeing - and certainly the results show us -
technologies and services marketing working for and on behalf
an ongoing corresponding level of investment in the acceptance
of companies including Computer Associates, Avery Dennison,
of DDoS as a legitimate cyberthreat, and organizations have
Entex Information Services, and Countrywide Home Loans with
moved seriously into protecting their [assets].
extensive experience in solutions marketing, management
consulting, service implementations, and systems operations,
Strength, Frequency of Attacks
particularly in enterprise management and information systems.
FIELD: We hear a lot in the marketplace about attacks being
The DDoS Threat stronger, about being more frequent, and I think we found some
validation. Among the respondents, 60% said that recent DDoS
TOM FIELD: Joseph, what was your initial reaction to the
attacks are more frequent, more powerful than what they’d
survey findings?
experienced in the previous year. What does that suggest to you?
JOSEPH LOVELESS: We have continued to see a steady trend in

LOVELESS: There are some organizations with whom we work
DDoS activity, and we’re going to get into a little bit about how
that are attacked three or four times a week. The thing is that
that activity has actually changed, morphed and evolved over
there is a huge payoff for the attackers, once they get in. That
the last few years. But, you know, as Neustar has been providing
comes under what we’ve come to term “smoke screening.” The
services for DDoS protection and mitigation, we actually get
DDoS attack is laid down as a distraction to consume resources,
to see it from the inside, as well. And the reflection that we got
“Attacks and the impact organizations are tied up much longer. In fact, some of the recent
work that we had done last year showed that organizations that
can not only be real, have customer service departments are hit with, basically, four to
six times the length of the attack in terms of cleaning up customer
but they can prove to complaints and so on, which makes a two-day attack a two-week
be a real detriment to
problem. So when I look at the 40% in this particular study that talk
about direct impact, it is very clear that the impact is real.
customer retention.” The threats are unrelenting, and there’s just significant fall-
out from being put on the news, from having the organization
disrupted, from having mobile applications not working. And
to consume IT attention, while actually different activity is going customers within financial institutions can be quite unforgiving,
on, whether it be the insertion of malware, or an open breach to right? If you lose trust in your organization, then it’s really a tough
steal financial assets. road to gain that trust back. When you think about the behavior
of the customers – look, this is an online world. Now they can’t
So when I look at the 60% of respondents that talk about the trust you to keep your website up? How can I possibly trust you to
frequency and the [intensity] of the attacks, what’s really driving be able to guard and safeguard my personal private information,
that is the payoff to the attackers, and the fact that there is a much less my financial assets and the sanctity and the security of
constant effort to not just simply disrupt website operations all of the financial tools that keep my family and my business in
and infrastructure operations; they actually breach deep into good order? So attacks and the impact can not only be real, but
the organizations. they can prove to be a real detriment to customer retention.
And it is very easy to be able to launch attacks. There are many Staffing Needs
tools, and there are even companies that will do it cheaply from
FIELD: It’s clear from the results that the number of staffers trained
$5 an hour to $200 an hour, where they’ll create attacks for you.
to handle DDoS attacks is relatively small, six or fewer, and there
There’s an industry that’s risen around creating DDoS attacks, and
are questions among our respondents about the skill levels of
… it was no surprise to see that those that were attacked were
their staffing. How much of a concern do you find appropriate
experiencing this level of threat and this level of activity.
staffing to be in the organizations that you frequently see?
Direct Business Impacts

LOVELESS: This picture has changed quite a bit, as we look
FIELD: Another stat that jumped out: Roughly 40% say that they over the last couple of years. We see a shifting of the skill. The
see direct business impact from DDoS. How do you read these attacks have changed. The DDoS attacks of two years ago are not
responses? necessarily the DDoS attacks of today. And what that means is
that as the attacks have changed, the skills have had to change.
LOVELESS: That doesn’t include those that talk about indirect So what you knew two years ago is only going to get you so far
business impact. An example of indirect business impact would today.
be some of the things that we’ve seen where customer service
We see new attacks, where attackers will take advantage of
“You’ve got to invest not simply in getting the
right skill sets in, but the investments in being
able to work with third-party providers.”
home-based cable modems. And those modems become, organizations is we see about $100,000 an hour at stake [during
unknowingly to the homeowners, part of large botnets. And that a DDoS attack]. Well at that time, 10 hours times $100,000 is a
was something we didn’t see a lot a couple of years ago. So when million-dollar problem, right?
we talk about staffing, it’s really about being able to find folks that
have contemporary skills and experience within the organization. Today, in the study that we see here, organizations are detecting
in less than an hour. And that means sharper skills; it means
But there’s also the problem of being able to find that [person]. much stronger defenses; it means the incorporation of third-party
One of the things that we know is there are many, many, many defenders who are actually constantly looking and screening
open security positions. We are largely understaffed. We have a traffic; it means always-on configurations where traffic is
tremendous skills gap in terms of being able to cover all of the constantly moving through mitigation to make sure that no DDoS
defensive needs of organizations. So when you look at staff, and is actually occurring.
you look at something like DDoS, it is tough to find the right type
of staff. That’s great news for businesses and our industry; it’s bad news
for the attackers.
When organizations are really seeking out those types of people,
what we are seeing is much more of a move to third parties. Traditional Defenses
And by moving into third parties, this alleviates that burden a bit
FIELD: How do you read our respondents’ investment in what we
on organizations. It’s allowed the contemporary current, highly
might consider traditional solutions, and how can they leverage
skilled, highly expert talent to be on the third party to help your
these investments going forward?
organization, while you have someone of competent skill to be
able to effectively manage that third party. That is becoming a very
LOVELESS: Again, we’re really looking at the institutionalization
successful combination within an organization.
of DDoS as one of the credible cyberthreats … these are
tremendous, powerful threats that exist to these organizations,
Detection & Response
and the investments in traditional solutions is perfectly reasonable.
FIELD: Do you see organizations getting both faster and more
effective when it comes to detecting and responding to attacks? You want to make sure that you got strong endpoints and you’ve
got the up-to-date hardware. You want to make sure that you’ve
LOVELESS: We do, and it’s a good sign. A couple of years ago, we got strong firewalls and a good relationship with your ISP. But
had run a massive study, and the typical timeframe of being able what you don’t want to do is just leave it there. And we do see still
to detect an attack was about 4.9 hours. Then it was another five a lot of organizations that are leaving it there, meaning that they’ll
to actually start responding to it. That’s a 10-hour problem. rely on the ISP to basically blackhole traffic.
One of the things that remains consistent within financial
The problem is, to a lot of organizations, you just can’t do that. cleansing mechanisms to be able to then run that clean traffic
There’s so much bad traffic that’s being thrown out with the back to the organization, and do it quickly. And hybrid is what’s
good traffic as well. And so blackholing, just from a hardware filling that gap, and that’s why you’re seeing it.
perspective, will only get you so far. That actually ends up hurting
the business somewhat. Put the Study to Work
FIELD: How would you encourage people to look at our survey
But nevertheless, you want to make sure that that investment
results and, more importantly, put them to work for themselves?
is current and up-to-date relevant to the hardware aspect. But
you’ve got to invest in the people that process this. You’ve
LOVELESS: The first thing is to accept that you are going to be
got to invest not simply in getting the right skill sets in, but the
attacked. It’s very clear that organizations have done that. But it
investments in being able to work with third-party providers, and
also means to move forward and have a plan. If we got hit now,
more importantly, be able to run and work the processes internally
what does that look like? Walk through the scenarios, do that
to make sure that you have a plan, to make sure that you are
scenario building. Make sure that you’re assessing the risk within
executing according to that plan when those attacks occur.
your organization. Know what is potentially a significant problem
Because in the midst of the attack, that’s the last place you want
and understand how you currently are mitigating those risks. And
to actually come up with a plan.
make sure that you’ve got a plan that evolves to be able to protect
rightfully what’s important. And then, test. Just test, test, test. Run
Hybrid Solutions
exercises internally, run simulated DDoS attacks.
FIELD: The message is clear that organizations aren’t investing in
any one area; they’re investing in hybrid solutions. Your thoughts And if you’re working with a third-party provider, first of all,
on this trend? evaluate them with care. Make sure you’re looking through the
hype, and what they’re offering is going to fit and be flexible
LOVELESS: It is important to be able to have your hardware into the defensive plan that you have. No two defensive plans
working for you. But the attacks that we are seeing are much are the same. They’re like snowflakes; they are different. Taking
larger. We are seeing attacks now that, quite honestly, had not a box of what you get off the shelf and shoehorning it into your
been comprehended just a few years ago. I mean, we’re seeing organization is not necessarily going to be a pleasant experience.
attacks in excess of 300 gigabits. And what is interesting about What you want to make sure is that you got the right options that
the size of the attacks … those end points and that hardware can are being applied to that strategy that your organization has put
absolutely be overwhelmed. together. Then work together with that partner, and then execute.
Run through exercises; make sure everyone’s comfortable. Have
Why hybrid is getting actually some clear traction is that it’s the a communications plan with the executives so that you know
cloud’s failover. You’ve got to be able to have a place to go to who you’re informing in all the different business units, who
move this traffic and scrub it. So to keep those endpoints running, you’re informing upstairs. And more importantly, [know] how your
to keep them from getting saturated and leaving you in a position customer groups are communicating with your customers, your
to where you’re down, you get this cloud failover to where you’re shareholders, your account holders, and make sure that you’re
able to actually route this traffic through the cloud, and then apply clear so that when these attacks happen, you’re executing, you’re
countermeasures to it and scrub it - not just move it. mitigating, you’re getting that trouble out of the way quickly and
you’re just keeping your business on course. n
It’s not about having enough network capacity – it’s about having
enough scrubbing capacity to be able to move traffic through the
Resources
2015 Neustar DDoS Attacks & Protection Reports

Neustar’s focus is on bringing powerful data insights to help drive high-value business decisions. As a respected provider of DDoS
mitigation services, Neustar makes continual investments, not only in network capacity, but also in its knowledge-base. To that end,
every year, Neustar conducts a survey about DDoS activity and defenses with organizations across the world. This year, Neustar
conducted two surveys:
April 2015 Neustar DDoS Attacks & Protection Report: North America
https://www.neustar.biz/resources/whitepapers/ddos-attacks-protection-report-us-2015
March 2015 Neustar DDoS Attacks & Protection Report: EMEA

https://www.neustar.biz/resources/whitepapers/ddos-attacks-protection-report-emea-2015
2015 DDoS Impact & Response Study: Survey Results

Distributed-denial-of-service attacks may be out of the headlines, but they have hardly
disappeared as a significant business concern. Register for this session to see the results of
the new 2015 DDoS Impact & Response Study and learn: What are the frequency and scale of
today’s DDoS attacks?
http://www.bankinfosecurity.com/webinars/2015-ddos-impact-response-study-survey-results-w-677
New Strategies for Fighting DDoS

Neustar has just released its State of DDoS report. What are the highlights? Margee Abrams of
Neustar offers insights into the key findings and how organizations are successfully defending
against attacks.
http://www.bankinfosecurity.com/new-strategies-for-fighting-ddos-a-8144
FFIEC on DDoS: What Are Expectations?

The FFIEC just issued new guidelines on DDoS risks to U.S. banking institutions. What is the
substance of these guidelines, and how must banks and credit unions respond? Rodney Joffe
of Neustar offers advice.
http://www.bankinfosecurity.com/interviews/ffiec-on-ddos-what-are-expectations-i-2248
WEBINAR
2015 DDoS Impact & Response

Study: Survey Results
Findings from the ISMG Survey Sponsored by Neustar
Distributed-denial-of-service attacks may be out of the headlines,

but they have hardly disappeared as a significant business concern.
Register for this session to see the results of the new 2015 DDoS
Impact & Response Study and learn:
• What are the frequency and scale of today’s DDoS attacks?
• What are the true business impacts, including damage to brand reputation
and customer trust?
• What are the most effective strategies and solutions for DDoS defense?
REGISTER NOW
http://www.inforisktoday.com/webinars/2015-ddos-impact-response-study-survey-results-w-677
Sponsored by
About ISMG Contact
Headquartered in Princeton, New Jersey, Information Security Media Group, Corp. (800) 944-0401
(ISMG) is a media company focusing on Information Technology Risk Management for sales@ismgcorp.com
vertical industries. The company provides news, training, education and other related
content for risk management professionals in their respective industries.
This information is used by ISMG’s subscribers in a variety of ways—researching

for a specific information security compliance issue, learning from their peers in the
industry, gaining insights into compliance related regulatory guidance and simply
keeping up with the Information Technology Risk Management landscape.
902 Carnegie Center • Princeton, NJ • 08540 • www.ismgcorp.com

2015 Ddos Impact Response Study PDF 6 H 62

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

2015 Ddos Impact Response Study PDF 6 H 62

Загружено:

Авторское право:

Доступные форматы

2015 DDoS Impact

& Response Study

About the 2015 DDoS Impact & Response Study

»» DDoS attacks are frequent and powerful;

»» They are having significant business impacts;

»» Current tools and staff are insufficient;

»» Organizations are turning to new investments in tools and services.

2015 DDoS Impact & Response Study

»» March 2015 Neustar DDoS Attacks & Protection Report: EMEA

This report offers an overview of how today’s DDoS

To summarize the key findings:

»» 60 percent say attacks were equal or more powerful.

Following is a review of findings from each of the questions.

How do you self-assess your organization’s ability to successfully

B - above average 41%

respondents would portray it.

Has your organization experienced at least one DDoS attack in

There was no measurable change in

previously. more powerful than those experienced previously.

Fewer than 15 percent report seeing less powerful attacks.

Technology solutions 66%

Third-party vendor relationships 33

As a preview to the following sections on detection, response and general defenses,

The next section identifies survey responses to questions on DDoS detection

How well are companies able to detect attacks? Here’s

Some key points to start the discussion:

»» 57 percent say their organizations are above average or superior at detecting

»» 52 percent say they are above average or superior at response.

A review of the individual questions explores what these numbers mean.

How do you self-assess your organization’s ability to detect

B - above average 43%

Another self-assessment question, and in this instance a majority of respondents have

Cyber-criminal gangs 30%

Between 5 and 10 minutes 26%

Between 1 and 5 minutes 25

Between 30 seconds and 1 minute 19

More than 10 minutes 15

What do they do once they detect a DDoS attack in progress?

B - above average 39%

In the event of DDoS, how long does it typically take your

Under 30 minutes 32%

Between 30 minutes and 1 hour 27

Between 1 and 2 hours 17

Between 2 and 5 hours 7

So, what defenses are organizations currently deploying to

The following charts review the responses to specific questions.

What are the current security elements you deploy for

Web Application Firewalls 61%

Traditional Firewall ISP based prevention (blackholing) 51

Switches and routers 49

DDoS mitigation service 30

Content Delivery Network 23

On-premise DDoS appliance + DDoS mitigation service (hybrid solution) 23

DDoS mitigation appliance 23

Do you believe your organization’s current tools, staff and

Technology and tools 35%

Third-party support services from

Organizations cite technology and tools as their

Insufficient technology tools 25%

Third-party support from DDoS defense vendors 17

So, what do organizations have planned for the year ahead?

Survey respondents say they will increase their anti-DDoS

»» 99 percent expect equal or greater budget in 2016;

This information is used by ISMG’s subscribers in a variety of ways—researching