The Risk vs. Cost of Enterprise DDoS Protection

Similar documents
Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Service Description DDoS Mitigation Service

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

Arbor s Solution for ISP

Security Solutions for the New Threads

SecurityDAM On-demand, Cloud-based DDoS Mitigation

WHITE PAPER Hybrid Approach to DDoS Mitigation

Safeguard Your Internet Presence with Sophisticated DDoS Mitigation

Cloud Security In Your Contingency Plans

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

DDoS Attack Mitigation Report. Media & Entertainment Finance, Banking & Insurance. Retail

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Cutting the Cost of Application Security

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

Practical Steps To Securing Process Control Networks

CHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Advanced Threat Protection with Dell SecureWorks Security Services

Unknown threats in Sweden. Study publication August 27, 2014

Managing IT Security with Penetration Testing

Securing Your Business with DNS Servers That Protect Themselves

First Line of Defense to Protect Critical Infrastructure

September 20, 2013 Senior IT Examiner Gene Lilienthal

Securing Your Business with DNS Servers That Protect Themselves

How To Protect A Dns Authority Server From A Flood Attack

On-Premises DDoS Mitigation for the Enterprise

DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES

DDoS Attack and Its Defense

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

DNS Server Security Survey

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Advanced Threats: The New World Order

Stop DDoS Attacks in Minutes

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Security strategies to stay off the Børsen front page

Next Generation IPS and Reputation Services

DDoS Attacks Advancing and Enduring: A SANS Survey

Hope is Not a Strategy

Protecting against cyber threats and security breaches

Five keys to a more secure data environment

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

TLP WHITE. Denial of service attacks: what you need to know

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Stop DDoS Attacks in Minutes

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

How To Mitigate A Ddos Attack

Four Steps to Defeat a DDoS Attack

Distributed Denial of Service protection

Being Ready to Face DDoS Challenge. Vodafone Power to you. DDoS

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

How Cisco IT Protects Against Distributed Denial of Service Attacks

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

Modular Network Security. Tyler Carter, McAfee Network Security

The Business Case for Security Information Management

McAfee Network Security Platform

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

Defending Against Cyber Attacks with SessionLevel Network Security

Making the Internet Business-Ready

Digital Evidence and Threat Intelligence

CALNET 3 Category 7 Network Based Management Security. Table of Contents

How To Block A Ddos Attack On A Network With A Firewall

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

VALIDATING DDoS THREAT PROTECTION

integrating cutting-edge security technologies the case for SIEM & PAM

Defending against Cyber Attacks

Transcription:

WHITE PAPER The Risk vs. Cost of Enterprise DDoS Protection How to Calculate the ROI from a DDoS Defense Solution 1

Every day, we hear more about distributed denial of service (DDoS) attacks. DDoS attacks can impact organizations of all sizes and across all industries, while disabling infrastructure resources, applications, and business operations. An effective DDoS defense system can safeguard business operations against DDoS-related outages. This paper provides a simple, step-by-step approach for evaluating the financial return on investing in a DDoS defense system. Using industry averages for attack frequency and outage costs, the results show that investing in an effective DDoS protection system, such as Bright House Networks Enterprise Solutions DDoS Mitigation, provides a strong positive ROI and lowers financial risk. Understanding the Risk of Attack Few studies focus on the probability that a business will experience a DDoS attack of significant impact. However, survey information from Forrester Research and Arbor Networks provides insight into the risk of such an attack. Forrester Research conducted a survey of 400 companies with significant online operations. 1 The survey s objective was to gather basic information on the DDoS threat to these businesses, which included online financial services, media, news, political sites, gaming, entertainment, web hosting, and ecommerce. Among the results, over 70% reported at least one DDoS attack in the previous 12 month period. Attack durations were highly variable, but the most common duration for attacks that had operational and business impact was two to six hours. Arbor Networks annual Worldwide Infrastructure Security Report 2 is an excellent source of more detailed information on the frequency and nature of DDoS attacks on Internet service providers (ISPs) and Internet data centers (IDCs). Based on the responses from 287 service providers, hosting companies, and enterprises, survey data shows that these organizations are experiencing a high frequency of DDoS attacks equating to multiple attacks per month (see Figure 1). Figure 1: Attack Frequency 6% 0 7% 1-10 9% 11-20 9% 21-50 13% 51-100 16% 100-500 40% More than 500 2

% of Survey Respondents McAfee 3 also surveyed IT and security executives from seven industry sectors and found the frequency and impact of DDoS attacks to be similar to those reported by Arbor. Arbors more recent survey in October 2014 reveals nearly half of enterprise, government, and education respondents seeing DDoS attacks during the survey period, with almost 40 percent of those seeing their Internet connectivity saturated. Just over a third of respondents indicated an increase in security incidents in 2014, with about half indicating similar levels to the previous year 4. The most frequently observed threats targeting enterprise, government, and education respondents are DDoS attacks, accidental data loss, and bottled or otherwise compromised hosts. Each of these categories garnered around a third of respondents (see Figure 2). This data clearly indicates that DDoS attacks are now seen as one of the top threats to enterprise, government, and educational organizations. This backs up anecdotal information, outside of this survey, indicating that a growing proportion of these organizations are looking for DDoS defenses. Figure 2: Most Significant Operational Threats 39% Internet connectivity congestion due to DDoS attack 33% Accidental data loss 32% Botted or otherwise compromised hosts on your corporate network 26% Accidental major service outage 26% Internet connectivity congestion due to genuine traffic growth/spike 18% Advanced Persistent Threat (APT) on corporate network 18% Exposure of sensitive, but non-regulated data 17% None of the above 15% Web defacement 13% Exposure of regulated data 13% Theft 12% Malicious insider 9% Industrial espionage or data exfiltration 8% Other The capacity to unleash a large DDoS attack is available to anyone simply by renting a botnet. Table 1 shows the results of a survey on botnet rental pricing. In short, the resources needed to carry out large-scale DDoS attacks are low cost and readily available. 3

Table 1: Botnet Rental Pricing PRICE DURATION HOURS BANDWIDTH MBPS $20 2 45 $30 6 45 $50 12 45 $70 24 45 $75 24 100 $100 24 1,000 $250 24 1,000 $400 5 5,000 $600 168 1,000 $900 24 4,750 $1,000 24 4,750 $5,500 168 4,750 $6,000 168 4,750 Botnets are not the only source of DDoS attacks. Social media sites can coordinate large numbers of willing users to carry out DDoS attacks as illustrated by the WikiLeaks inspired attacks in late 2010. Coordinated through Twitter, large numbers of end users downloaded a simple attack tool and directed attacks at numerous companies deemed complicit in interfering with what the users viewed as the legitimate activities of WikiLeaks. These attacks successfully targeted high profile companies, including PayPal, MasterCard, and Visa. The attacks went both ways as well. The provider hosting WikiLeaks had to remove the site from its infrastructure because DDoS attacks directed at WikiLeaks were impacting service to all its customers. The overall impact of a DDoS attack is a function of the time it takes to detect the attack, the time needed to mitigate it and the extent of service degradation both before and after mitigation. For many, detection consists of simply waiting for an attack to occur, and mitigation consists of dropping all traffic destined to the resource under attack. This is far from what mitigation should be. How quickly organizations respond to detected threats is hugely important, and has been highlighted as an issue in other studies. Arbor Networks 2014 Worldwide Infrastructure Security Report 4 asked organizations to estimate their average response times to security incidents. Enterprise, government, and educational organizations reported impressive response times (Table 2), although they are generally slower than those of service provider organizations. Table 2: Incident Response Time MINIMUM MAXIMUM AVERAGE Time from compromise to discovery 10 minutes 6 months 1 week Time from discovery to internal reporting 1 second 1 month 1 day Time from reporting to resolution 30 minutes 6 months 1 week 4

% of Survey Respondents About two-thirds of organizations reported having both an incident response plan and at least some dedicated resources (Figure 3). Fifteen percent of respondents indicated having no plans or resources, while another 18 percent have plans but no resources. Figure 3: Incident Response Posture 46% We have an incident handling plan with limited resources 18% We have an incident handling plan with a well resourced team 17% We have an incident handling plan with no dedicated resources 15% We do not have an incident handling plan or team 4% Incident response is outsourced to a third-party organization/service Understanding the Cost of an Attack Organizations observed a number of different business impacts as a direct result of DDoS attacks. About half cited operational expenses (Figure 4) and nearly 40 percent indicated reputation or customer loss due to DDoS attacks. One-fifth indicated direct revenue loss, with other impacts including employee turnover and stock price fluctuation. The costs associated with DDoS attacks are multi-faceted, and organizations should factor all of these into their calculations when looking at their investment strategies for defensive solutions. Figure 4: Business Impact of DDoS Attacks 49% Operational expense 37% Reputation damage/customer loss 20% Revenue loss 8% Employee turnover 4% Stock price fluctuation 2% Loss of executive or senior management 18% Other The cost of outages due to DDoS attacks is comprised of operational costs and revenue impacts. Lower-impact and lower-duration attacks may result only in added operational costs. Higher impact attacks will also negatively affect revenues as business operations are partially or fully impaired. The elements contributing to the overall cost of DDoS consist of some or all of the following: 5

Personnel time spent addressing and recovering from the outage Incremental help desk expenses Lost sales Customer credits and refunds Lost employee productivity Cost of customer defections and lost or missed sales Degradation of reputation resulting in higher customer acquisition costs and a lower rate of business growth The specifics of how outages result in financial losses vary with the type of business. Businesses that are transactional in nature, such as ecommerce, suffer loss as the result of lost sales that are not made up later and lost future business as customers go to alternative suppliers on an ongoing basis. A generic approach to calculating cost regardless of business type can be based on the annual company revenue and the percent dependence of the business on the IDC. Some businesses, such as ecommerce, are effectively closed when their data center is unavailable while other businesses can partially function during an outage. However, for virtually all businesses, the impact of an outage increases exponentially with the length of the outage. For example, 40% of businesses surveyed reported that a 72 hour outage would put their survival at risk. 5 Such impacts that extend beyond the period of the outage itself can be accounted for as lost future business. Table 3 illustrates this generic approach to estimating the cost of DDoS induced outages using an example of a business fully reliant on its IDC and with $50M in annual revenue. Table 3: Modeling Cost of Outages Due to DDoS ATTACK DURATION HOURS OPERATIONS #hours x # staff x cost/person/hour HELP DESK # hours x calls/hour x cost/call LOST CURRENT REVENUE Enterprise revenue x % business loss x outage duration LOSS OF FUTURE BUSINESS Present value of 1 year lost growth TOTAL COST PER ATTACK 2-6 4 x 4 x $75 4 x 25 x $20 $50m / 8760 x 4 0% x $50m x 2.49 $26,031 6-12 9 x 4 x $75 9 x 25 x $20 $50m / 8760 x 9 0% x $50m x 2.49 $58,570 12-24 18 x 4 x $75 18 x 25 x $20 $50m / 8760 x 18 0.25% x $50m x 2.49 $428,390 24+ 30 x 4 x $75 30 x 25 x $20 $50m / 8760 x 30 0.5% x $50m x 2.49 $817,773 Combining the DDoS attack risk profile with attack cost estimates produces the expected cost over three years, as shown in Table 4. Table 4: Three Year Expected Cost of DDoS Attacks ATTACK DURATION HOURS EXPECTED NUMBER OF ATTACKS OVER 3 YEARS COST PER ATTACK EXPETCED COST OVER 3 YEARS 2-6 1.9 $26,031 $49,459 6-12 1.4 $58,570 $81,998 12-24 0.9 $428,390 $385,551 24+ 0.3 $817,773 $245,320 TOTAL EXPECTED COST $762,327 6

This cost can now be compared to the alternative of investing in a high quality cloud-based DDoS defense system, which can be expected to eliminate the extraordinary expenses of dealing with DDoS attacks through traditional methods (e.g., black holing customer traffic, removing domains, etc.). The cost of an effective hosted DDoS protection solution is generally a function of mitigation capacity that is, how much attack traffic the device can handle. This example assumes that a system capable of mitigating 2.5 Gbps is sufficient and can be purchased for $3,000 MRC (monthly recurring cost). Using the data above, Table 5 shows the cost-savings of a three year investment in a cloudbased DDoS defense system. Table 5: Cost-savings of a DDoS Defense Solution 3 Year Investment in Cloud-Based DDoS Mitigation @ $3,000 MRC $108,000 3 Year Expected Cost of DDoS Attacks $762,327 Total Cost-Savings Over 3 Years $654,327 Payback 5.1 Months Choice of DDoS protection solution matters. Traditional perimeter security products, such as firewalls and intrusion prevention systems (IPS), are unable to address the DDoS threat to availability. The attack traffic has already reached the network by the time it hits the firewall. A cloud-based DDoS defense system captures the traffic in the providers network mitigating the threat and ensuring business operations continue as usual. To realize the projected benefits of deploying a DDoS mitigation solution, due diligence is needed on the part of the technical staff when selecting a solution. DDoS Mitigation from Bright House Networks Enterprise Solutions protects an organization from DDoS attacks by removing the threat before it reaches the network, ensuring business continuity. Battling multi-vector DDoS attacks requires a full array of mitigation tools and security expertise, which could cost hundreds of thousands to set up internally. Investing in a high-quality cloud-based defense system like DDoS Mitigation can reduce capital expenditures, labor costs, and eliminate false positive alerts that add to the cost and workload of internal staff. An added advantage to the Enterprise Solutions service is network ownership end-to-end, allowing a single point of accountability and response to incidents. Conclusion The volume, intensity, and frequency of DDoS attacks all continue to grow. Any organization with a significant web presence or that is reliant on Internet connectivity for business continuity, is a potential target and should consider the protection levels required to maintain normal business activity. Given the high bandwidth capacity needed to handle today s volumetric attacks, the cost and complexity of DDoS protection, and the expertise needed to stay up to date on the latest threats, tackling DDoS attacks on one s own can be a daunting challenge for an organization. Bright House Networks Enterprise Solutions DDoS Mitigation addresses network and service DDoS protection requirements for the enterprise providing the traffic visibility and actionable intelligence into threat activity to help secure network services and improve performance. 7

For more information and resources visit Bright House Networks Enterprise Solutions at www. or call 1-877- 900-0246. References 1 The Trends and Changing Landscape of DDoS Threats and Protection, Forrester Consulting, July 2009. 2 Worldwide Infrastructure Security Report, Arbor Networks, January 2010. 3 In the Crossfire: Critical Infrastructure in the Age of Cyber War, Authors: Stewart Baker, distinguished visiting fellow at CSIS and partner at Steptoe & Johnson; Shaun Waterman, writer and researcher, CSIS; George Ivanov, researcher, CSIS; McAfee, 2010. 4 Worldwide Infrastructure Security Report, Arbor Networks, October 2014. 5 Ontrack-2001 Cost of Downtime Survey Results, 2001. 1-877-900-0246 2015 Bright House Networks. Some restrictions apply. Serviceable areas only. Service provided at the discretion of Bright House Networks. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information