What is the value of a single minute? What is sixty seconds worth, precisely? While these may sound like existential questions, the kind that have answers relating to sunsets or a baby’s gap-toothed smile, for many business owners and cyber-security professionals the answer is decidedly less heart-warming, as the value of a single minute can boil down to the damage incurred during a DDoS attack. Considering the cost of one hour of a successful DDoS attack can ring up to anywhere from $20,000 to $100,000, the value of a single minute works out to between $333 and $1,666.
The need for professional DDoS protection hasn’t been lost on many organizations, especially with the onslaught of attacks that have occurred in the last five years. What hasn’t been emphasized nearly enough, however, is time to mitigation.
Damage in the downtime
A DDoS or distributed denial of service attack is a form of cyberassault that uses a network of malware-infected devices being remotely controlled by attackers to take aim at a website or internet service with a blast of malicious traffic. The goal of this influx of traffic is to clog the network in the case of network-layer attacks or consume server-side resources in the case of application layer attacks, leaving the site or service unable to serve legitimate users.
A DDoS attack is considered successful if users are unable to use a site or service. This is most typically caused by DDoS-induced downtime, though DDoS attacks can also stymy users by slowing down a site so much that it’s not worth using – for online gaming, for example, this could be a lag of as little as half a second.
One of the biggest impacts DDoS-caused downtime can have lies in eroded user loyalty. Downtime of any variety is frustrating for users, and with endless options for almost any type of site or service, users can always click away to a competitor. Successful DDoS attacks also raise questions about an organization’s security. If such a well-known attack type can’t be prevented, how seriously is that organization taking security? Additionally, with many DDoS attacks used as red herrings for intrusions and data theft attempts, how safe is the sensitive data users have entrusted to organizations?
While distributed denial of service attacks that last for hours or even days are obviously a major issue for the affected organization and its users, you might be wondering if just a few minutes of downtime really matters. The answer is that it can really, really matter.
Up against the clock
First you have the industries for which those few minutes of downtime can negatively affect users and certainly by extension the organizations suffering the attack. Cryptocurrency exchanges going down for minutes can cost margin traders thousands of dollars, and the same goes for forex trading and other fintech platforms, for example. Short bursts of downtime can also be disastrous for software as a service providers and internet service providers whose services falter for end clients.
Beyond that is the reality that a DDoS attack lasts much longer than the downtime it causes as an organization struggles to deal with it. Sales, marketing and communications staff are tasked with the unenviable job of keeping customers and potentially the media informed on the situation. IT and cybersecurity employees will also have to go into overdrive to not just stop the attack but search for signs of intrusions or other related attacks. Back-end networks and systems may have also gone down in the attack, impacting operations and business processes. In rare cases, software and hardware can also be damaged by a DDoS attack. An attack that publicly succeeds for minutes can cause untold havoc behind the curtain.
A timely concern
What this all adds up to is a crucial need for DDoS mitigation that can stop an attack before it takes hold and causes any downtime. This requires immediate detection of attack traffic, analysis of traffic flow that can create scrubbing directives in a matter of milliseconds, and an instant response to those directives from scrubbing servers so they can begin bouncing malicious traffic while allowing legitimate traffic through without impediment.
If this were easy, all DDoS protection providers would offer it. It’s not easy. This level of response requires always-on detection, incredible processing capabilities, and the ability to exchange traffic data in real-time. Only the best of the best mitigation services can boast this, so for many organizations, only the best of the best will do.
Time to mitigation should be specified in the service level agreement a client has with its provider. For organizations in competitive industries, anything over 30 seconds could mean playing with fire. For reference, the leading TTM is currently 10 seconds for both network-layer and application-layer attacks.
With the non-stop crush of distributed denial of service attacks plaguing organizations it may feel like the requirements for mitigation solutions is growing long and complicated. However, the great thing about TTM is that if you have a provider with an excellent TTM, you can be sure you’re working with a leader in the industry and every other aspect of protection will be top-notch. You can go back to measuring the value of a minute by flaps of a butterfly’s wings or laughs from a curly-haired toddler rather than the piles of money figuratively lit on fire.
By Debbie Fletcher
[…] by /u/ymelmed to r/cybersecurity [link] […]