As the volume of high-value data and transactions on the Internet continues to grow, so do the forces of attackers looking to exploit it – and these forces are costing organizations big money. In FY2015, businesses around the world suffered average losses of $7.7 million due to cybercrime, with U.S. companies seeing the largest losses, averaging $15 million. Along with crimes committed by malicious insiders, DDoS and web-based attacks were found to be the most costly.
Unfortunately, the number of DDoS attacks seen across the Akamai network has more than doubled in each of the last two years. Web-based exploits such as SQL injection, cross-site scripting, and local or remote file-inclusion attacks are becoming more common as well, as hackers exploit website vulnerabilities in an attempt to deface, disrupt, or steal from a site. They are also increasingly launched in conjunction with DDoS assaults, using the latter to divert attention while causing more serious damage with the former. In both types of attacks, it is often difficult to distinguish bad traffic from legitimate traffic, and strategies continue to evolve rapidly over time, requiring significant dedicated security resources in order to stay up to date on mitigation strategies.
Given the increasing volatility of the Internet threat landscape, helping to secure websites is a critical CDN requirement. This is a broad topic that spans protection of content, physical security, operational security, compliance (with regulatory requirements such as PCI, ISO, BITS, FISMA, and HIPAA), and even acceptable use policies. While there are many important pieces of the security puzzle, here we focus on cloud-based CDN defense layers that are unique in their ability to protect against the Internet-scale threats of today and tomorrow.
Internet-scale DDoS Defenses
In recent years, the largest DDoS attacks have grown exponentially in size as amplification techniques have allowed hackers to create onslaughts that are hundreds of times larger than before. At the same time, they have become more sophisticated – often coming in multiple waves, using multiple attack vectors, and opportunistically attacking during high-traffic launches and events, when infrastructure is already heavily loaded. They may target the network layer, the application layer, or the DNS infrastructure.