We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

US firms over-reliant on firewalls to defend against DDoS attacks

But no 'magic box' can beat DDoS, says Neustar

More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found.

The survey of 1,000 US-based IT professionals across a range of industries found that only 3 percent were using DDoS mitigation systems or services, with a quarter claiming they had no protection whatsoever against the threat.

Eleven percent used intrusion detection/prevention systems even though such technology is (in common with firewalls, routers and switches) widely seen as an inadequate defence against contemporary DDoS bombardment, Neustar said.

"Experts point out that during DDoS attacks these 'defences' become part of the problem. They quickly become bottlenecks, helping achieve an attacker's goal of slowing or shutting you down. Moreover, firewalls won't repel attacks on the application layer, an increasingly popular DDoS vector," the authors note.

A third of those questioned said DDoS attacks lasted for a day or more with 11 percent mentioning over a week.

There didn't appear to be any clear pattern that related attack length to industry segment, except that the travel industry appeared slightly more vulnerable to attacks lasting longer than 24 hours.

Two thirds said the direct cost of all this DDoS was about $10,000 (£6,200) per hour or $240,000 per day, with 13 percent reckoning it as being $100,000 per hour.

The most vulnerable to high costs was retail, a sector that depends on online sales to generate cashflow, followed by finance.

The main anxiety in advance of DDoS attacks was the negative impact on customers, ahead of brand reputation damage and even direct costs.

Companies such as Neustar have a vested interest in talking up the difficulty of dealing with DDoS the better to market protection services.

However, the company said it accepted that there was no simple answer to countering DDoS attacks; even the best protection systems available still required trained, skilled staff to deploy and manage them.

"With attacks becoming more sophisticated - mixing brute-force bandwidth assaults and surgical strikes on applications - in-depth knowledge and experience make a huge difference. There is no 'magic box' that can out-think attackers on its own."

The company markets its own cloud-based mitigation service, SiteProtect. Three years ago its UltraDNS service was itself the victim of a DDoS attack.


IDG UK Sites

Windows 10 release date, price, features. The next version of Windows will run on everything:....

IDG UK Sites

Windows 9 and the death of the OS as a must-have product

IDG UK Sites

Video trends: 4K is here – HDR video, VR and 3D audio is coming

IDG UK Sites

How Windows 10 is even more like Mac OS X, and not just because it's another OS Ten