With attacks reported against many banks and major corporations, DDoS (Distributed Denial-of Service) attacks seem to be a hot topic these days. This begs the question of what can be done to protect organizations from the damaging impacts caused by sustained service outages on critical resources -- and, increasingly, to protect the organization from the data theft and other secondary motives of DDoS attacks used as smokescreens to draw critical security resources away from true targets.
There are some easy steps you can take while leveraging your existing information security investments to prevent or mitigate the risk posed by DDoS attacks.
As an overall security measure, we at Cygilant advocate implementing a security program based around critical security controls, such as the SANS Top 20 Critical Security Controls, to reduce overall vulnerability to cyber-attacks. Among those controls of key importance to DDoS attack mitigation are areas around knowing what’s on your network, how those devices are configured, establishing baselines of what is normal for those devices and then monitoring continuously for changes that may indicate an attack.
For our SOCVue customers, Cygilant offers the ability to:
- Whitelist/Blacklist ports and protocols – SOCVue provides monitoring, alerting and reporting on this security control
- Use IP Blacklists produced by Threat Intelligence organizations – SOCVue provides monitoring, alerting and reporting based on several open source lists. Customer can also provide their own list.
- Monitor and build correlation rules for any advanced security devices owned by the customer – IDS/IPS, Next-Gen Firewall, Web Application Firewall, etc.
- Receive forensic analysis by our SOCVue team after an attack to trace the event and identify any areas that need remediation.
It’s also important to realize that DDoS attacks are increasingly used a smokescreen to obscure the real motive and target of the attack – by implementing an information security program based on critical security controls, organizations are also better prepared to identify and respond to signals of other simultaneous attacks to keep their network secure.
Request a free demo today to find out how we can help improve your security posture at a fraction of the cost of alternative solutions!