Security Overlooked: Weathering the DDoS Storm

Last year was a very high profile year for companies being attacked with distributed denial of service (DDoS) and this year doesn’t look any better. While there are some network layer based products, services and techniques available to companies, many of these are missing part of the solution.

The problem is that network layer approaches are really only applicable to network connections and perimeter equipment. The reality is that an exponential increase in attacks is targeting the application layer, particularly ones that require utilizing back-end database services. This clever tactic specifically targets web pages that make database queries such as an account login page for customers, as an example. The end results are bogged down servers that cannot keep up with the attack, let alone legitimate customers.

Tune and analyze

This type of attack typically goes unnoticed to most system and security administrators unfortunately. There are two approaches that I’d recommend utilizing to help weather the DDoS storm when it arrives.  First, performance tuning web servers, database servers and web applications is your first line of defense. If you consider that a denial of service attack only depletes the system resources you have making it impossible to serve legitimate customers, it makes perfect sense that tuning your operations for maximum performance will help reduce the threats DDoS pose to our companies.

The second tactic I’d recommend is routinely conducting web and database log analytic analysis. This is a task not only for web administrators, but security administrators alike. When you find log file anomalies indicating excessive connection requests by just a few source addresses or certain web pages with an inordinate amount of usage, these are likely signs of cyber-attacks and should be investigated.

Our take-away is that effective mitigation means diverse mitigation techniques involving governance processes, technology and vigilance by not only the security team, but the web administration team as well.

Stay secure my friends!

If you are interested in contacting us for more information about the content and services offered by Your Personal CXO, LLC or for media interview inquiries or aggregation requests, please use the following contact methods:

By phone: 1-762-822-4174
By email: retainme@yourpersonalcxo.com