Redundant SD-WAN Links Can Help Mitigate DDoS Attacks

Redundant SD-WAN Links Can Help Mitigate DDoS Attacks

Distributed denial-of-service (DDoS) attacks are becoming easier to launch, harder to stop and larger than ever, according to a new report from Deloitte Global. The consulting firm anticipates that more than 10 million such attacks will occur in 2017.

Gone are the days when low-level hackers used DDoS attacks to make a political statement or simply for their personal amusement. Today, DDoS attacks are often launched for extortion, blackmail or revenge.

In a DDoS attack, an organization’s systems and network are flooded with fake traffic in order to take it down or prevent legitimate users from gaining access. According to a research by Arbor Networks, the average DDoS in the first half of 2016 was just under 1Gbps — large enough to take most organizations completely offline.

A DDoS attack can last from several hours to several days and bring operations to a grinding halt. The threat is very real, and any organization is a potential victim, either through direct attack or as “collateral damage” when a service provider’s network is taken down.

The current rise in DDoS attacks is being driven in part by the spread of insecure Internet of Things (IoT) devices that lack adequate built-in security. These devices are being hijacked to create massive botnets that make it easier to disguise the source of the traffic and evade security measures.

In fact, security experts now believe an October 2016 attack that crippled a big chunk of the Internet was launched by a giant botnet comprising hijacked cameras, DVRs and other IoT devices. Considered the largest single DDoS attack in history, the assault on Dyn’s Domain Name Servers rendered hundreds of thousands of websites unreachable for a day.

The Dyn attack illustrates the importance of IT redundancy in the face of cyber threats, accidents or any number of other possible failure scenarios. While high-profile sites such as Twitter, Netflix and CNN were among those offline all day, many other Dyn customers with redundant DNS services maintained 100 percent uptime throughout the attack.

Redundancy is a simple engineering principle — you duplicate critical services and components as a fail-safe measure in case something stops working. The problem is that many organizations see such duplication as an unnecessary cost. That is unfortunate, given the demonstrated costs of IT downtime.

The use of software-defined WAN (SD-WAN) technology to create redundant WAN connections is one cost-effective way organizations can protect themselves from the risk of network downtime. As we explained in our last post, an SD-WAN makes it possible to aggregate WAN links from multiple service providers with all connections active simultaneously. In the event of a DDoS attack or some other network failure, SD-WAN solutions can detect the outage and automatically reroute traffic to an alternate path with no downtime.

As DDoS attacks become more frequent, organizations of all sizes must develop strategies for mitigating those threats. SD-WAN solutions offer an effective way to introduce redundant WAN links that will allow you to keep operating in the face of attacks or any other potential network failures.


Just released our free eBook, 20 Signs That Your Business is Ready for Managed ServicesDownload
+