DDoS Attacks: What Businesses Must Do To Minimise It

Darrin Reynolds
Chief Information Security Officer, Edgio

Unfortunately, distributed denial of service (DDoS) assaults have increased exponentially over time; in 2021, there were more than 9.75 million such attempts. Beyond the ransomware’s monetary cost, these threats cause significant harm to businesses, including lost revenue from downtime, reputational harm, legal implications from negligent security, and potential exposure to more serious cyberthreats.

In light of this, businesses are stepping up their defenses against hostile actors; yet application security is a challenge that many firms struggle to solve or even comprehend. Therefore, it is crucial that businesses are backed by solution providers that can handle the whole spectrum of risks that are quickly growing while also having access to resources that fit the size of their operations.

CIO World Asia spoke with Darrin Reynolds, the Chief Information Security Officer at Edgio.

How business leaders can maintain their pace of digital transformation without compromising on cybersecurity

“You must continually improve your security posture so that it scales to meet the needs and liabilities of the transformation.” Said Darrin Reynolds, the Chief Information Security Officer at Edgio.

Business defences and compliance requirements will need to evolve when organizations shift gears from 0 to 50 to 100 MPH. Additionally, what worked well yesterday may not be acceptable for the demands of tomorrow, and the maturity development will likely not be linear but rather logarithmic in shape.

Therefore, as businesses advance their efforts in digital transformation, business leaders have the best chance to protect the confidentiality, availability, and integrity of their data and infrastructure by implementing a holistic security solution. Web application and API protection, bot management, Layers 3, 4, and 7 DDoS protection, end-to-end encryption, origin masking, DNS management, and service and support offered by a 24×7 security operation centre are all capabilities of a holistic security solution. Adopting this all-encompassing strategy will guarantee greater intelligence, quicker analysis and blocking, and quicker containment of zero-day vulnerabilities.

Preeminent cybersecurity threats content delivery platforms (CDN) face

“By the nature of their architecture, CDN platforms have inherent defenses and mitigations built in. Despite their impressive architecture, however, the vulnerabilities are, by comparison, mundane, banal and embarrassingly low-tech.” Said Darrin Reynolds, the Chief Information Security Officer at Edgio

These flaws, which allow login credentials to be stolen, may not even need powerful technology to be exploited. This is a fantastic example of why security has to focus on the “basic” rather than the “extraordinary.” If you have not yet made the investments required for the essentials, making a sizable purchase for the newest gadget is inappropriate.

The preeminent threats to CDNs today are DDoS assaults, which are expanding in scope and size, and sophisticated bots that imitate human behaviour. It’s crucial for content delivery platforms to keep ahead of threats by bolstering their security posture with the help of intelligence from internal systems.

How did Edgio prevented a DDoS attack

Edgio’s software-based DDoS detection and mitigation technology, Stonefish, operates 24/7/365. In order for their network operations centre to immediately undertake further analysis and take mitigation action, Stonefish analyses samples of all packets that are traversing their network, scores them as threats, and then automatically takes action. A DDoS assault measuring 176 million packets per second that was aimed at a global e-commerce customer situated in Asia was recently stopped by Edgio using stonefish. It took the assault around 30 minutes. Despite the enormity of the assault, Edgio’s network absorbed all of it, and their Anycast network swiftly distributed the load to a larger geographic area, making it a non-event for their customer who observed no impact on the attack’s origin.