Distributed Denial of Service (DDoS) attacks have become larger and more prevalent today than a couple of years ago. And while such attacks were once launched against businesses such as gambling websites and financial organizations for extortion in the past, the proliferation of DDoS tools and botnets have seen them filtering down to the SMBs.
I spoke with Ted Swearingen, director of security operations at Neustar to get a better idea about what SMBs can do to preempt against such devastating online attacks. Among other services, Neustar offers a SiteProtect service designed to repel DDoS.
When asked point blank if DDoS mitigation is even possible given the devastating scale of a typical attack today, Swearingen assured me that it is possible to defend against DDoS. He qualified, however, that it would take "a lot of resources" to do that. This includes the use of better technology, a modern infrastructure and better expertise than the attackers.
Though I did not inquire further, his last point hinted clearly at the darker possibility that a DDoS may be initiated by more than script-kiddies with more time than sense. So while most SMBs need not be concerned about government-led actions, DDoS attacks helmed by competitors and social activists are another matter entirely. And given how infrastructure is typically designed to meet immediate needs, the infrastructure of the average small and mid-sized business is unlikely to have the spare capacity to cope with a DDoS.
So what does an SMB need to do as a first step towards protecting their business? Swearingen recommends putting monitoring in place to detect ongoing attacks. Swearingen was candid about the need for this seemingly mundane requirement, noting that: "If you don't have monitoring in place to understand the network traffic, if you don't have expertise in house, you may think the servers is down."
Monitoring can be achieved by means of free or low-cost tools to obtain a good overall picture of the attacked components; SOHOs or SMBs that may not have the necessary IT skills for this step may want to consider using the services of an outside provider for DDoS monitoring.
The next step would be to enlist the assistance of a DDoS service provider to put together a customized solution. Swearingen stated his belief in a custom solution versus a one-size-fits-all approach. Indeed, he noted that some businesses may not even need DDoS protection - and could probably afford to ride out an attack.
And when choosing a vendor, Swearingen cautioned against going for an ISP-centric service. "You may be stuck with a provider if you go for ISP-based protection," he told me. Of course, it helps that NeuStar offers a cloud-based, platform-agonistic service, though what he says still makes sense.
In closing, Swearingen advises companies to first weigh the risk of what a DDoS can do to their business and brand image. This presumably helps them determine a budget that is tied to anticipated business losses should their online services be unavailable. From there, they should work with a provider to set up the appropriate defenses in the face of a DDoS attack.