You and your data center are a target. Once that concept sinks in, organizations can plan around proper security methodologies to ensure optimal uptime and resiliency. Modern connectivity requirements have given organizations many new services and challenges. This launches our article series on DDoS protection in a connected world.
With the increase in cloud and colocation utilization comes a real increase in security threats. There’s little doubt that as the size, frequency, and complexity of distributed denial of service (DDoS) attacks continue to rise, data center and cloud service providers must have solutions in place to protect the availability of their infrastructure and services. Now, there are three specific types of attacks that attackers can utilize to bring a system to a halt:
- Volumetric Attacks
- TCP State-Exhaustion Attacks
- Application-Layer Attacks
Just how extensive are some of these attacks? Microsoft recently mitigated a 3.47 Tbps attack and two more attacks above 2.5 Tbps. This was five times larger than the record-breaking 623 Gbps attack from the Mirai botnet attack in 2016.
This article series will dive into the challenges of managing and securing a modern digital infrastructure against emerging DDoS attacks. We will also explore how DDoS has evolved, the monetization of the data, and using new tools to fight back against some of the largest DDoS attacks.
First, look at the data center industry and its rapid expansion. A new report from Fortune Business Insights indicates that the global demand for more efficient IT technologies combined with the economic advantages of modern, consolidated connectivity applications has contributed to the exponential rise in the scale and power of data centers. As the report points out, the global data center infrastructure market size is projected to reach $142.31 billion by 2027, compared to 2019, when the global market value stood at $94.56 billion.
That’s quite a bit of growth. Coupled with this expansion of digital infrastructure are emerging threats against critical systems. Distributed Denial of Service (DDoS) attacks aren’t anything new. The first known distributed denial of service attack occurred in 1996 when Panix, now one of the oldest internet service providers, was knocked offline for several days by a SYN flood. This technique has become a classic DDoS attack. Over the next few years, DDoS attacks have become common, and Cisco predicts that the total number of DDoS attacks will double from the 7.9 million seen in 2018 to something over 15 million by 2023.
So, what happens when it all goes down? According to Uptime Institute’s 2022 Data Center Resiliency Survey, the vast majority (80%) of data center managers and operators experienced at least one outage in the last three years. And Forrester’s Costs of Planned and Unplanned Downtime Report found that 41% were hit with unexpected downtime every week or month. How much does this ultimately cost you? Uptime Institute’s 2022 Outage Analysis Report found that downtime costs continue to rise:
- Over 60% of outages cost more than $100,000, an increase from 39% in 2019.
- 15% of outages cost more than $1 million, an increase from 11% in 2019.
This is why it’s essential to have direct visibility into all assets and aspects of your data center operations. It becomes even more critical as your cloud, edge, and data center systems become further distributed.
Remember, an outage due to a DDoS attack doesn’t just impact the bottom line; there are also reputational and legal ramifications. So, how scary are DDoS attacks for the data center and colocation industry? The latest AFCOM State of the Data Center report states that DDoS attacks have grown in size and ferocity. For example, the FBI is alerting healthcare data center technology leaders to the rise in DDoS attacks against their most critical health service systems. As the report points out, DDoS attacks are in the Top 6 Security Threats for data center leaders, with 34% calling it a direct threat against their digital infrastructure.
But how many leaders have a plan and the technology to protect against DDoS? A recent A10 blog post published the results from the Gatepoint Survey of Data Center providers in North America which found that 42% don’t have any DDoS protection offerings for their customers, and only 26% have an enhanced solution capable of mitigating the largest types of DDoS threats. In these situations, providers usually have some DDoS protection for their infrastructure. However, they don’t offer it as a separate service for their customers or tenants. We’ll discuss this further, but in these situations, providers could provide customers with a robust DDoS mitigation offering as a managed service by upgrading their DDoS protection.
And it’s not just the number of DDoS attacks that is increasing. Threat actors are creating ever larger botnets — the armies of hacked devices used to generate DDoS traffic. As the botnets get bigger, the scale of DDoS attacks is also increasing. A distributed denial of service attack of one gigabit per second is enough to knock most organizations off the internet. Today, we’re seeing peak attack sizes in excess of one terabit per second generated by thousands of devices recruited from the millions of available suborned devices.
A final important point. It’s critical to look at DDoS attacks not just in size but also in their persistence. Most DDoS attacks are not large volumetric attacks; many are less than 10 Gbps. While these are not a threat to data center availability because these attacks fly “under the radar” due to their small size, they still threaten the individual tenants of the data center provider. Here’s what you can expect from these smaller but persistent attacks:
- They continually annoy data center providers and tenants alike — even if they don’t threaten availability, they chew up resources.
- Persistent DDoS attacks are becoming more prevalent due to the easy availability of DDoS-for-Hire resources that encourages anyone to launch a DDoS attack for any reason.
- With these persistent threats, there is a cost or consequence for DDoS attacks, even if they don’t “take the data center down.”
Let’s take a pause here and take this all in. We know that the number of connected points we use every day continues to increase, and we also understand that the threat footprint against these connected points is also growing. That said, it’s time for some reflective questions. How prepared are you against a Layer 7 DDoS attack? What about a volumetric attack that takes down your network entirely? Do you have the tools to mitigate some of the most significant DDoS attacks to date? It’s time to review modern DDoS threats and the tools you use to protect your business and customers.
Download the entire special report, The Security Gap: DDoS Protection in a Connected World, featuring A10, to learn more. In our next article, we'll outline the state of cybersecurity and DDos.