Data & Analytics

A first step as DDoS surges: Know your network

Understand what your usual network activity looks like, a former FBI pro tells IT Brew.
article cover

Nicoelnino/Getty Images

3 min read

On Nov. 8, ChatGPT experienced periodic outages from abnormal traffic spikes. One day later, Russian financial org Sberbank announced it was hit by the most powerful distributed denial-of-service (DDoS) attack in its history. And days earlier, Synapxe, an IT operations provider for Singapore healthcare facilities, shared details of a disruptive attack.

Another day, another DDoS. The overwhelming traffic floods can make security pros feel a bit defeated.

“DDoS attacks cannot be prevented, and the defences against DDoS attacks will have to constantly evolve to keep up with advancements,” a statement from the Singapore health-tech agency Synapxe read.

Though the attacks impacting today’s popular services are difficult to stop, IT pros who spoke with IT Brew recommended one important step in the DDoS chaos: Understand your network.

“Knowing what normal traffic is, on a daily basis, on your system is critical. Because if you don’t know what normal is, then you’ll never know that you’re under attack…It’ll be too late,” James Turgal, VP at Optiv and a former investigator of cyberattacks at the FBI, told us.

What’s a DDoS, boss? With the help of compromised computers, a distributed DDoS attack overwhelms a server with traffic, enough to take systems and services down.

“You kind of get caught in this fog of war. You start trying to block each individual IP address, and of course, you can’t just do it by region, because you can block entire swaths of customer base,” according to Tony Lauro, director of security technology and strategy at Akamai Technologies, which offers DDoS-attack support.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Turgal has seen a range of motives for DDoS attacks during his years at the FBI: “to create chaos,” to gain “a tactical advantage,” or to even just get revenge on a specific business.

In October, Google noted a DDoS that led to a peak of 398 million requests per second.

“By contrast, last year’s largest-recorded DDoS attack peaked at 46 million rps,” the post from Google team members read.

A third-quarter report from network-security company Cloudflare found an overall quarterly increase of 65% in HTTP DDoS attack traffic.

DDoS dos and don’ts. Cindi Carter, a CISO at Check Point Software Technologies and former security officer in the healthcare space, recommends a combination of intrusion-detection and intrusion-prevention systems, careful firewall configuration consideration (default deny, not default allow!), and an external party that tests both.

“Now I feel like organizations are really simulating certain types of threats, becoming actionable, and adding that incident-response activity around it so that we know how quickly we’re able to stop something from penetrating through into our network,” Carter told IT Brew.

Tools like content delivery networks can help users understand network traffic and distribute the service efficiently. Web application firewalls also allow IT teams to filter and investigate network traffic.

Those capabilities can turn downtime from hours to minutes, according to Turgal, and that’s how DDoS is being measured these days.

“We used to measure them in gigabytes…Now we’re measuring them in how long they’re actually occurring,” Turgal said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B