The battle is heating up and the costs are staggering. In a recent Information Week article entitled Banks Hit Downtime Milestone in DDoS Attacks, it was reported that U.S. banks and financial services institutions have reported double the downtime of their websites compared to a year ago. And, with the much publicized accusations against the Iranian Government for sponsoring DDoS attacks on U.S. Banks, the impact may be felt for some time. It’s not just banks and financial institutions at risk, anyone with a web presence can be impacted. So, if you aren’t protected you may end of paying a stiff price in terms of business interruption and possibly lost customers, revenue and reputation.
Simply put, Distributed Denial-of-Service (DDoS) is an attempt to make a machine or network resource unavailable to its intended users. There are many ways to do this and they all have the same effect of generating an overwhelming amount of traffic to web servers so that they become unresponsive to their intended users. This is not to be confused with a security breach where hackers gain access to an organizations IT infrastructure to capture sensitive information and cause damage. However, a DDoS attack could be a starting point for those intent on causing harm.
Protection starts with recognition that you are vulnerable. Once you have that you can create a plan to do something about it. Start with DDoS mitigation that uses advanced technology to distinguish between good and bad traffic, permitting the good “clean” traffic through, and dropping the “dirty” bad traffic. Without DDoS mitigation, you have two basic options. Option 1: Wait for the attack to end. Keep in mind that during the attack your customers can’t access your website, and perhaps there are other problems, like your staff not being able to manage your servers or access corporate information, clearly not a great option. Option 2: Take down the attacked web server(s). This actually completes the intention of the attack, but the benefit is that your employees are no longer prevented from managing the other servers or accessing other corporate information. Clearly your options aren’t great without DDoS mitigation that will permit your website to continue serving customers as if the attack weren’t happening at all (depending on the type of DDoS attack and the type of mitigation used, your mileage may vary).
The Bottom Line
DDoS protection is no longer a nice-to-have, if your business depends on the availability and performance of Internet based applications you have to be protected or risk losing customers, revenues and reputation. DDoS protection is now a cost of doing business, just like paying for any other part of your IT infrastructure. Here’s a little something to think about, not having DDoS protection is like building a world-class IT infrastructure that runs your mission-critical applications over dialup. You may not be old enough to remember dialup so let’s put it another way, imagine your customers trying to login to your website and it taking 5 minutes just to enter their username…any questions? If you’d like to learn how Data Foundry can help you, please contact us for more information.