A recent study by Verisign found that, although more than 80% of U.S. organizations have some sort of DDOS protection, either on-premise or through a service provider, nearly two-thirds experienced DDoS attacks. A majority (63%) of the respondents said that they had experienced at least one DDoS attack in the past year, and one in nine said their organizations had suffered six or more attacks. Nearly half of those attacked said that their website was down for five or more hours, and just under a quarter of the victim organizations said their sites were down for 12 hours or more.
According to Trustwave's semiannual Web Hacking Incident Database report, DDoS attacks were up 22% in the second half of 2010, and were successful in disrupting commerce and bringing down websites of large businesses and associations. Attacks against government agencies resulted in defacement in 26% of attacks, while the finance sector experienced monetary loss in 64% of attacks and retail was most affected by credit card leakage at 27%. The report found that most businesses were not equipped to handle such an attack because they had not tested, nor properly implemented, anti-automation defenses for their Web application architecture.
Preventing DDoS attacks can be very expensive, Rachwald says, and the traditional premises-based security vendors don't offer the flexibility and scalability of Imperva. He says the overwhelming majority of attacks tend to be in the 10M to 200 Mbit per second range, with Imperva's service starting at 1 Gbps, bursting to 2 Gbps. For customers requiring more protection, there is a 2 Gbps bursting to 4 Gbps option. Higher capacities will be brought out in the near future to address the most demanding customers, such as ISPs.
As part of the service, customers will benefit from Imperva's Security Operations Center, a 24-by-7 operation that tunes policies based on existing, new and emerging attack methods and known malicious users. In addition to its SOC capabilities, Imperva also monitors hacker forums, where the biggest topic (at 22%) is DDoS, says Rachwald. According to Imperva, these forums are the cornerstone of DDoS attacks, used by malicious hackers for technical training, communications, collaboration, recruitment, commerce and even social interaction. They contain technical tutorials, chat rooms whose subject matter included advice on technical issues, attack planning, attack anatomies, and the buying and selling of stolen data and attack software. One of these forums had 250,000 members.
See more on this topic by subscribing to Network Computing Pro Reports Security That Never Sleeps (subscription required).