Denial of Service

Data centers inherently contain numerous targets for DDoS attacks. A surveyed showed that 45% of the respondents experienced DDoS attacks against their data centers. This shows a growth of 60% of the DDoS attacks compared to the privious year. Furthermore 94% of the persons that took place in the in the survey confirmed regular DDoS attacks and 17% reported that the attack’s volume exceeded the available bandwidth into their data center.

The Targets of DDoS Attacks

The most frequent target of DDoS attacks is the end customer. Due to the multi-tenant nature of most of the data centers, this should be a significant concern.

The Data center infrastructure services (e.g., DNS, SMTP) are the second most frequent target with over 50% confirmed similar attacks. Yet only 19% have resources responsible for DNS security. One third respondents reported attacks on the data center infrastructure itself.

Frequency of DDoS Attacks

For data center operators who reported being the victims of a DDoS attacks, the observed frequency of attacks increased over last year’s surveys. In 2011 only 30% of respondents indicated that DDoS attacks were not something that occurs each month. Since then 83% of respondents who were victims of attack now experience between one and 50% attacks per month.

Business Impact of DDoS Attacks

Nearly 90% of data center operators reported operational expenses due to DDoS attacks, while one-third among them experienced customer’s complaints and revenue loss:

Untitled

 

Visibility into Data Center Networks

Just over three-quarters of data center respondents have good visibility up to Layer 4, while only one-third have visibility up to Layer 7. This indicates that the majority of operators are likely blind to attacks above Layer 4, making it difficult to defend against them. Layer 7 DDoS attacks are especially dangerous as they are typically “low and slow,” and are often undetectable using traditional volumetric detection mechanisms.

Data Center Security

Firewalls are now a standard security practice in data centers, deployed by 95 percent of respondents compared to only 42 percent last year. The second most common security technology is IDS/IPS (Intrusion detection System and Intrusion Prevention System) which is used by half of respondents. The increased use of firewalls and IDS/IPS devices to deal with DDoS attacks is concerning because even though these devices can deal with some kinds of DDoS attacks, they are primarily designed to assure confidentiality and integrity, rather than service availability.

Firewalls or IDS/IPS Compromised by DDoS Attack

The result is that over one-third of respondents reported that their firewalls or IDS/IPS systems were compromised by a DDoS attack during the survey period.

DDoS Prevention and Mitigation

The proportion of data center respondents using today’s various DDoS prevention/mitigation techniques remained unchanged from last year’s survey. However the proportion of respondents using Intelligent DDoS Mitigation Systems (IDMS) slightly increased and the proportion of the use D-RTBH slightly decreased. This may indicate that data center operators are becoming more focused on protecting end customer service availability during an attack. Three-quarters of data center operators who have IDMS solutions deployed offer their customer base an anti-DDoS service based on their IDMS equipment, thus monetizing their investment.

Summary

Data centers are increasingly being targeted by DDoS attacks—with significant downside to their businesses. As more companies move their services to the cloud, they now have to be wary of the shared risks of collateral damage. With e-commerce and online gaming sites being the most common targets for DDoS attacks, according to survey results this year, sharing data centers with these organizations brings some risk.