"You can't fully protect yourself from DDoS attacks" – 1 on 1 with website security specialist, Igal Zeifman, from Incapsula.
DDoS attacks are constantly starring in the tech news world. For those of you who have been living on a different planet – Distributed Denial of Service Attack, or DDoS attacks are malicious attempts to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.
We sat down with website security expert, Igal Zeifman, to learn a bit more on this rapidly growing phenomenon and how and if you can protect yourself from it.
Q : We are hearing a lot about DDoS attacks recently. Can you explain why they’re becoming so common?
Zeifman : There are several reasons that come to mind. Most prominently, DDoS attacks are becoming more common due to the simple reason that they became much easier to carry out. As strange as it may sound, today you can actually rent a medium-sized DDoS botnet for as low as $30-50. With the availability of such services, some of which are openly advertised on YouTube and appear in Google search, anyone can become an attacker.
Unlike a few years ago when you needed some kind of technological expertise and a pretty substantial budget to execute a significant DDoS attack, today the bar of entry has been lowered to the point where just about anyone can potentially execute a mid-scale DDoS attack, almost on a whim. So it should come as no surprise that DDoS is turning into the “weapon of choice” for attackers out to do some cyber-mischief. This is exactly what we recently saw with the recent DerpTrolling DDoS campaign .
On the high end, we also see that large-scale DDoS events are becoming more common, due to the constant growth and evolution of network resources. As servers and personal computers become more powerful, so does the scale of network DDoS attacks. This trend will only continue to grow and we are likely to see more and more large-scale events in the foreseeable future.
Q : What recent DDoS attacks has Incapsula stopped?
Zeifman : That’s a loaded question. The simple reality is that there is always some kind of attack going on, so our network is blocking DDoS 24/7. Having said that, most of these events are not noteworthy, peaking at 20-30Gbps, which means that we hardly even notice them.
However, we do find ourselves surprised by the increasing sophistication of today’s attackers from time to time. For example, a few months ago we blocked a 100Gbps DDoS attack on the world’s largest bitcoin exchange. A few weeks later we saw an extremely complex Layer 7 DDoS attack, which employed 180,000 different machines to generate over 690 million hits a day for over a week. Most alarmingly, the attackers were using a new technology, employing headless browsers to try and bypass our defenses.
Q : What’s the best way to prepare a site against DDoS attacks?
Zeifman : Honestly, you can’t. Granted, you can take some steps to protect yourself from low-level network attacks, but what can you do against 690 million human-like bot visitors? To mitigate such an attack, you would need a robust Bot Classification solution and an on-premises security team. We had those in place, but I can’t think of many private sites that have access to such capabilities. The target, in that case, was a very large financial site and they had all types of IT resources that most website owners could only dream of… Still, when the attack hit, they knew they were outclassed and sought professional help.
You see, DDoS mitigation is not a hobby. It’s not a “do-it-yourself” type of thing. If you are running a serious business-oriented website, you can’t afford to do a poor job and risk downtime, loss of revenue and – most importantly – your users’ trust.
Q : Do you see DDoS as a temporary phenomenon? Will it soon be replaced by the next cyber-threat or will we see such attacks increasing over time?
Zeifman : Unfortunately, it’s hard to see any short-term scenario in which DDoS attacks will stop being an issue and services for DDoS protection like Incapsulas will be in demand. Hopefully, somewhere down the road, we will see some ISP level solutions that will be able to block many of the attacks on the backbone level. At that point, Layer 7 DDoS will continue to be an issue but at least part of the problem will be solved. But until that day comes, DDoS is here to stay.
Q: Where can we learn about Incapsula's DDoS Protection?
Zeifman: You can always visit our DDos Protection section, where we explain more about our solution architecture, our SLA and other aspects of our anti-DDoS services.