Any organisation with an online presence is vulnerable to a DDoS attack – which can literally shut down a business by bringing down its internet-facing systems. For financial service providers, this kind of disruption would be catastrophic. The pervasiveness of cyberattacks has resulted in organisations developing security strategies for a ‘when, not if’ scenario – strategies that must include protection against DDoS attacks as part of an overall cyber resilience strategy.
Any organisation with an online presence is vulnerable to a DDoS attack – which can literally shut down a business.
The majority of cyberattacks aim to compromise a network or system to obtain business or client information illegally, for various reasons. What makes a DDoS attack unique is that the aim is to take the company offline by bringing down internet-facing systems.
Most DDoS attacks are launched from infected hosts which together form part of a botnet army. Each device sends a small request – in many instances the size of a short email – to the server. But the cumulative effect of millions of requests coming through at the same time can result in an attack of up to 100 Gbps – the equivalent of streaming 1 million songs online.
Protection for all online transaction systems
For financial service providers, this kind of disruption would be catastrophic. Their business generally have operations in several continents, and online services are a big part of their value proposition to customers.
DDoS Protection is therefore an essential element in a financial service provider’s overall security strategy.
A holistic approach to DDoS security
IS has worked with a number of clients in the industry to develop solutions that can assist in mitigating this risk.
Our approach is to engage several experts from different areas of our business in a collaborative effort to understand the needs of our client and gauge the level of protection they require. This includes assessing the organisations’ network to ensure that the solution we deploy matches their needs.
The IS DDoS Mitigation and Protection service has high levels of intelligence and learning built in, enabling it to identify indicators of compromise by analysing different sources and types of network traffic.
If an attack is identified, the system redirects incoming traffic to the IS mitigation platform, where traffic is scrubbed and the attack or ‘dirty’ traffic is removed. Valid requests will still go through to the server, so there’s no impact to the business.
Types of DDos attacks
Most predominant type of attack.
Similar to generic flood attacks but target a particular software component rather than entire hosts.
TCP stack flood attack
Designed to overwhelm a part of the host’s TCP connection state machine by interfering with legitimate TCP connections to the host.
Keeps a large number of idle TCP connections half-open or fully open, exhausting the TCP stack or application connection tables so the host can’t allow new incoming TCP connections to be opened.
Vulnerability exploit attack
Floods of unwanted IP packet fragments.
Designed to exploit a software flaw in the target’s operating system or application.
A building block for cyber resilience
DDoS Mitigation and Protection from IS can protect any company from a sustained multi-Gbps attack. Within minutes of an attack being identified, only clean traffic will be let through. For extreme protection, our upstream Cloud Scrubbing appliances can be signalled to dynamically block a volumetric attack at our ingress international internet borders.
Intelligence and machine learning are built into the DDoS Mitigation and Protection platform, so it’s extremely effective in mitigating a wide range of attacks.
The pervasiveness of cyberattacks has resulted in organisations developing security strategies for a ‘when, not if’ scenario, and Protection against DDoS attacks is a critical element of their cyber resilience. DDoS Mitigation and Protection offers proactive detection and immediate, sustained mitigation of this growing cyber threat.
You can read more about this solution here.
Read more on our case studies