White PaPer

DistributeD Denial Of service (DDos):

finally GettinG the attentiOn it Deserves

CONTENTS

Why DDos, Why nOW? results WhO currently has DDos PrOtectiOns in Place? WhO has been iMPacteD by DDos? cOsts Of DDos PrOtectiOn verisiGn DDos PrOtectiOn services cOnclusiOn learn MOre abOut verisiGn

3 4 4 5 7 7 9 11 11

Verisign Public | DDoS: Finally Getting the Attention it Deserves

As more And more businesses Are moving their operAtions online, the internet hAs become A very AttrActive plAce to conduct criminAl And miscreAnt Activities, And the tool of choice is increAsingly distributed deniAl of service (ddos) AttAcks. ddos AttAcks direct lArge Amounts of mAlicious trAffic At online properties with the intent of cAusing the depletion or complete consumption of system- or process-criticAl resources, rendering services unreAchAble or unusAble to their users. essentiAlly, An orgAnized group of people come together through A vAriety of methods such As sociAl mediA networks or one individuAl uses botnets to send An overwhelming Amount of trAffic to A website or network impeding the Ability of legitimAte visitors to Access the site. it is the internet equivAlent of A deliberAte trAffic jAm And the business impAct cAn be tremendous.

Why DDos, Why nOW? malicious actors have employed ddos attacks for more than two decades to undermine websites and services. however, in the last few years, they have significantly increased in size, frequency and complexity, and are wreaking havoc on businesses of all sizes and industries. Analyst firm Gartner says there has been a significant increase in targeted DDoS attacks during the past two years, with attacks growing in brute force and in sophistication.1 in fact, some ddos attacks as high as the 100+ gbps range have been observed, (to put that into context, 400 Mbps was an impressive attack back in 2002).
1 Gartner. Cool Vendors in Infrastructure Protection, April, 2011

Verisign Public | DDoS: Finally Getting the Attention it Deserves

mitigation of these high end attacks can be a challenge for those charged with protecting the critical infrastructures that keep business operations running. While most major e-retailers expect to be targets of DDoS on a regular basis, companies of all sizes and types should be prepared to handle DDoS attacks, or suffer the consequences of lost revenue, employee productivity, customer satisfaction, etc. ddos attacks have long been a weapon of choice for cyber criminals, but the rapid growth in frequency, size and complexity of attacks over the last few years has elevated this to a business-critical issue that can no longer be ignored, said ben petro, senior vice president of verisigns network intelligence and Availability business. Add to this the increasing sophistication and ease with which ddos attacks can be organized and launched and we are witnessing a recipe for disaster for those businesses unprepared to handle an attack.

verisign commissioned a market research study to investigate just how concerned it decision makers are with the threat of DDos attacks and what if anything they are doing to prepare for the increased threats in todays ever evolving cyber landscape. The following results are very revealing.

results An online survey of 225 IT executives and decision-makers in the U.S. from large and medium-sized businesses spanning several industries was conducted in March 2011. The data collected was examined across numerous variables including: industry, business size, IT budget, title of respondent, average number of website visitors, website dependency and whether or not they have a current DDoS protection solution. No significant differences across the data were identified based on these variables. results show that nearly nine in 10 respondents (87 percent) view ddos protection as very important for maintaining availability of websites and services. Additionally, 78 percent reported being extremely or very concerned about DDoS attacks and more than two-thirds expect the frequency and strength of DDoS attacks to increase or stay the same over the next two years. the top three web infrastructure challenges indicated by respondents were security, performance, and availability, all of which tie in directly with impacts from ddos attacks.

WhO currently has DDos PrOtectiOns in Place? Sixteen percent of respondents said they do not have a DDoS protection solution in place, while the other 84 percent with DDoS solutions were split evenly between in-house management and third-party managed services. those with a ddos solution managed in-house were more likely to say that their website contributed a significant percentage of revenue. Of those using a third-party DDoS solution, the majority are relying upon over-provisioning of bandwidth from their isp, which is not an ideal solution for handling ddos attacks, as many attacks could be successful with minimal bandwidth increases.

Verisign Public | DDoS: Finally Getting the Attention it Deserves

Of those respondents without a DDoS protection solution, nearly 3 in 4 (71 percent) plan to implement one in the next 12 months, with 40 percent planning to outsource to a managed service provider, and 31 percent planning to implement an in-house solution. However, 29 percent are still undecided on their approach for protection. when asked what is the primary reason their business maintains a web presence, 25 percent said to enable online account access for customers, 24 percent said ecommerce, 21 percent said for information sharing about a brand, products and/or services, 19 percent said content sharing and services for consumers, 11 percent said content sharing and services for businesses. There were no significant differences across these reasons with regard to ddos protections in place. fiGure 1: What is the PriMary reasOn fOr yOur Business WeB Presence?

information Purposes Only 21%

ecommerce 24%

account activity (no ecomm.) 25% business content/ services 11%

consumer content/ services 19%

WhO has been iMPacteD by DDos? Nearly two-thirds (63 percent) of all respondents experienced at least one DDoS attack in the past year. Eleven percent said their businesses were hit six or more times. Of those who reported experiencing a DDoS attack in the last 12 months, 46 percent said their site was down for 5 or more hours, with almost a quarter (23 percent) saying their site was down for more than 12 hours.

Verisign Public | DDoS: Finally Getting the Attention it Deserves

More than half (53 percent) of all respondents said they experienced Web infrastructure downtime in the past year, with ddos attacks accounting for onethird (33 percent) of all downtime incidents (see Figure 2). those with larger it budgets, more website visitors and were dependent on their Websites for more than 50 percent of their annual revenue were more likely to say they had a dns failure, an attack from hackers and/or dos/ddos. its worth noting that 65 percent of all respondents experienced all three of these downtime reasons in the last 12 months and that they may have some overlap, i.e., ddos attacks can cause dns failures or sometimes be attributed as attacks from hackers. fiGure 2: reasOns fOr Web infrastructure DOWntiMe Over the last 12 MOnths

fiGure 3: cOnsequences Of DOWntiMe

network Outage Dns Failure hacker attack Dos/DDos attack Power Failure

65% 41% 37% 33% 51%

0 10 20 30 40 50 60 70 80

customer impact

67% 70% 57% 60% 51% 54%

employee Productivity impact

revenue loss

10

20

30

40

50

60

70

80

Of the 76 percent of respondents with an ecommerce platform, a surprising 15 percent reported having no ddos solution in place, while 33 percent reported they had experienced three DDoS attacks in the past 12 months that lasted 7 hours, on average. Of those who experienced DDoS attacks, three-quarters reported that impact on their customers was the most common consequence, followed by impact on brand (68 percent) and revenue loss (65 percent) (see Figure 3).
2 The Yankee Group. DDoS Attacks Are Bigger and Badder Than Ever. March 2011.

Verisign Public | DDoS: Finally Getting the Attention it Deserves

cOsts Of DDos PrOtectiOn internally Managed DDos solutions of those respondents with an internally managed ddos solution, almost half (48 percent) reported that the cost of their initial solution was $100K or more. In addition, more than half (52 percent) reported that their businesses employs 11 or more it professionals to manage its internal ddos infrastructure. Assuming the average it persons annual salary is in the $70K range, it s easy to see how on-going costs for maintenance and management of internal ddos protection solutions can become very high. Third-Party Managed DDos Protection solution A recent report from the yankee group2 shows that services and fees for managed ddos protection services vary based on customers needs. pricing is typically dictated by a combination of how often a customer is likely to be attacked and the type of attacks against which customers want protection. Attacks targeted at specific customer applications (e.g., an API or specific steps in a purchase flow for an e-commerce site, etc.) are usually more difficult to protect and much more expensive. Furthermore, many providers may not have the expertise to analyze and mitigate application-level attacks. some service providers also offer other services that may be included in the monthly fee, such as ongoing monitoring of the customers network and dns infrastructure, and access to security intelligence information. these added features can be a key differentiator as this study also found that nine in 10 respondents rate access to threat and vulnerability data as very important and nearly three-fourths (73 percent) are concerned with dns failures.

verisiGn DDos PrOtectiOn services while there are many issues that can cause network downtime, ddos attacks are one of the most significant and unpredictable. With the extraordinary and rapid changes in ddos attacks today, traditional mitigation tactics such as bandwidth over-provisioning, firewalls, and intrusion prevention system (IPS) devices are no longer solely sufficient to protect networks, applications, and services. To fully protect an organization, network administrators need the ability to quickly detect and mitigate attacks in the cloud before they ever reach their networks. Keeping bad traffic from reaching your doorstep requires a cloudbased service like verisigns ddos protection service. by outsourcing ddos monitoring and mitigation to verisign, companies can let their it staff focus on their core responsibilities and know that their networks and web operations are protected by the same solutions verisign has used to keep .com and .net up and running at 100 percent for over a decade.

Often, the first line of defense is over-provisioning, or building additional network bandwidth to help withstand the exponential spikes in volume experienced during a DDos attack. Many over provision their bandwidth by as much as 75 percent to account for unexpected traffic, including DDos. This is a costly and ineffective method for DDos protection, and creates a false sense of security - especially for those organizations that are likely targets for attacks.

Verisign Public | DDoS: Finally Getting the Attention it Deserves

fiGure 4: reasOns fOr Web infrastructure DOWntiMe Over the last 12 MOnths

fiGure 5: reliance On Website fOr revenue

experienced a DDos attack (n= 30*) impact on customers impact on employee productivity loss of revenue impact on brand sLA violation

100% of revenue: 2%

0% of revenue: 1%

Total 75% 63% 65% 68% 48%

7699% of revenue: 8% 110% of revenue: 9% 5175% of revenue: 17% 1125% of revenue: 30% 2650% of revenue: 33%

fiGure 6: frequency Of DDOs attacks Over the last 12 MOnths

fiGure 7: lenGth Of DOWntiMe

6: 13% 12+ hours 23% 3-5: 25% 1: 38% 5 hours to < 12 hours 23% 2: 25% < 1 hour 28%

1 hour to < 5 hours 28%

Verisign Public | DDoS: Finally Getting the Attention it Deserves

fiGure 8: rOuGhly hOW Many it PeOPLe MAnAge YOur Business DDos infrastructure?

fiGure 9: What DiD yOur Business iniTiALLY sPenD On iTs in-hOuse DDos sOlutiOn?

Dont Know 2%

Dont Know 2%

> 20 22%

15 16%

$250k+ 18%

<$25k 15%

610 30% 1120 30%

$100k to <$250k 30%

$25k to <$100k 35%

As a trusted partner, verisign helps companies stay online and eliminates the need to make significant investments in infrastructure or establish internal DDoS expertise. As a cloud-based service, network administrators can deploy it quickly and easily, with no customer premise equipment required. This saves time and money through operational efficiencies, support cost and economies of scale to provide detection and protection against the largest ddos attacks. cOnclusiOn While historically motivations for DDoS attacks have varied from financial to political and criminal, recently, there has been a dramatic increase in the use of ddos as a form of protest or hacktivism, made increasingly more effective through the ease of acquiring botnets or using social networks to organize large groups of like-minded individuals to launch an attack. standing outside of a building holding signs does not get the attention it once did, but taking down important websites and denying access to legitimate business use of those sites almost guarantees news coverage. this research shows that the heightened public awareness of this cyber threat coupled with the increasing scale and sophistication of attacks over the last year has brought ddos protection to the forefront of it decision makers agendas.

Verisign Public | DDoS: Finally Getting the Attention it Deserves

According to the yankee group,3 while ddos attacks used to primarily target household names and other obvious targets, today, any organization with money to lose, political interests or activist enemieseffectively anyoneis a potential target and should consider protection. this study shows that it decision makers have gotten this message, as seven in 10 (71 percent) who reported a lack of ddos protection say they plan on implementing a solution in the next 12 months. yet, the yankee group also notes that attackers today are a lot more sophisticated, requiring increased resourcefulness in countermeasures. Consequently, the analyst firm recommends that DDoS protection is one of the few security requirements organizations can only address via a managed service, as these services specialize in the expertise and intelligence needed to mitigate these types of attacks effectively.
3 The Yankee Group. DDoS Attacks Are Bigger and Badder Than Ever. March 2011

as more companies are becoming reliant on their Websites to meet revenue goals and provide customer support, implementing managed DDos mitigation services from specialized experts is vital to keep pace with the dynamic nature of attacks and ensure network availability, says Ben Petro, senior vice President of Verisigns network intelligence and Availability business.

10

Verisign Public | DDoS: Finally Getting the Attention it Deserves

learn MOre for more information about verisign ddos protection services, please contact a Verisign representative by phone at 1-866-367-0095 or 1-703-948-4140, by email at insidesales@verisign.com, or visit us at www.verisigninc.com. abOut verisiGn verisign is the trusted provider of internet infrastructure services for the digital world. billions of times each day, companies and consumers rely on our internet infrastructure to communicate and conduct commerce with confidence.

Verisign Public | DDoS: Finally Getting the Attention it Deserves

11

VerisignInc.com
2012 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners. Verisign Public 201205