Network and security teams are dealing with bigger, more complex and more frequent DDoS attacks. Among the biggest challenges they’re facing is the emergence of Internet of Things (IoT) botnets. The proliferation of IoT devices brings tremendous benefits to businesses and consumers, but to attackers they represent a new set of opportunities. The days of relying on firewalls to stop DDoS attacks are long gone.
While firewalls do stop some DDoS attacks – they don’t stop them all and they often become the targets of attacks themselves. They are effective tools in addressing network integrity and confidentiality, but with DDoS protection, they provide a false sense of security because they fail to address the fundamental concern regarding DDoS attacks—network availability.
According to Arbor’s 12th Annual Worldwide Infrastructure Security Report (WISR):
- Nearly half of Enterprise, Government and Education (EGE) respondents had firewall or IPS device experience a failure or contribute to an outage during an attack, similar to last year.
- Firewalls, load balancers, and CDNs all tied for last place in effectiveness at mitigating DDoS attacks.
- Sixty percent of EGE organizations estimate that their downtime costs more than $500/minute.
It’s clear that relying on firewalls alone can be extremely costly.
Industry analysts are united in their belief that purpose-built intelligent DDoS mitigation systems serving as part of a layered defense is the best way to mitigate today’s complex DDoS attacks. EGE organizations indicated an increasing understanding of this reality, but many still deploy traditional security technologies for DDoS defense.
The good news is that across the board, there is more appreciation and understanding of the risk of relying on only firewalls. This year’s survey results show a better understanding of the brand damage and operational expense of successful DDoS attacks and a growing focus on best-practice defensive strategies. In every industry, there has been an increase in the use of purpose-built DDoS protection solutions and best practice methods.
- 77% of service provider respondents are capable of mitigating attacks in less than 20 minutes.
- Nearly 55% of EGE respondents now carry out DDoS defense simulations, with approximately 40% carrying them out at least quarterly.
- The proportion of data center and cloud provider respondents that are using firewalls for DDoS defense has fallen from 71% to 40%.
More appreciation of risk results in better behavior. Enterprises are getting it and are making changes to secure their networks against modern-day DDoS attacks.
For more details on the state of today’s threat landscape, download the full 2017 WISR.
For more information on Arbor’s purpose built on-premise DDoS solution, check out the NSS Labs test report.
The post DDoS Attacks: The Stakes Have Changed, Your Firewall Hasn’t appeared first on Arbor Insights - Our people, products and ideas.
Article Link: https://www.arbornetworks.com/blog/insight/ddos-attacks-stakes-changed-firewall-hasnt/