A question we’ve been asked recently is why an IPS isn’t sufficient to protect a financial institution (or any organization) from a DDOS attack. The explanation is quite simple, with an understanding of what a DDOS attack is and what an IPS is and does.
Many have heard of DDOS (distributed denial of service) attacks in the news, and might have even seen the effects of such an attack at their organization. A DDOS attack is an effort by a person or group to overwhelm the target’s bandwidth via a large volume of distributed (coming from multiple sources) requests. The most important thing to understand about a DDOS attack is that it is the volume of requests, not the nature of the requests, that is to blame for any ill effects. DDOS attacks flood a target with typical, legitimate packets, but at a volume so much larger than is expected that it brings the system down.
An IPS detects and prevents intrusion, typically by looking at what a user is doing, comparing that to normal use, and determining that the exchange is anomalous. This does little, however, in the case of a DDOS, for two reasons. Firstly, the sheer volume is overwhelming for an IPS. Secondly, and most importantly, the packets being sent, though they are sent at a catastrophically large volume, are legitimate packets.
While DDOS attacks may be used on their own to embarrass an organization or otherwise impede operation, they can also be used as a diversionary attack, distracting employees and tying up resources while a separate attack is underway, with a goal of extracting data.
To truly protect itself from a DDOS, an organization needs more bandwidth and resources than the DDOS attack. There are also ways to mitigate an attack underway. Hardware options are available and there are also cloud-based solutions. The risk and required security will be different for every business. If you have any questions about how DDOS attacks can affect your organization’s ability to operate, or would like to talk to us about protection and mitigation, give us a call at 312-850-5200.