Professional Documents
Culture Documents
2
Who is impacted?
Operators of essential services” (OES) established in its territory.
According to the Directive, an ‘operator of an essential service’ is a
public or private entity that meets the following criteria:
Defining an incident
According to the NIS Public Consultation,
3
or even tens of minutes of downtime or latency significantly impacts
the delivery of essential services. When you combine these factors,
victims are faced with a significant security and availability challenge.
To keep up with Beyond the ability to deny service, DDoS attacks have become a tool in
the growing ‘denial of security’, by acting as camouflage or a distraction mechanism
to mask more threatening activities – usually data theft and network
sophistication and
infiltration.
organisation of
well-equipped and These attacks act as a smokescreen to distract IT and security teams
well-funded threat from the real breach that’s taking place, which could see data being
actors, it’s essential exfiltrated, networks being mapped for vulnerabilities, or a whole
host of other potential risks manifesting themselves. There have been
that organisations
data breaches reported over the last few years that indicate DDoS
maintain attacks have been occurring simultaneously, as a component of a
comprehensive wider strategy; meaning hackers are utilising the DDoS technique in a
visibility across significant way.
their networks
To keep up with the growing sophistication and organisation of well-
to instantly and
equipped and well-funded threat actors, it’s essential that organisations
automatically maintain comprehensive visibility across their networks to instantly
detect and block and automatically detect and block any potential DDoS incursions as
any potential DDoS they arise. Proactive DDoS protection is a critical element in proper
incursions as they cyber security protection against loss of service and data breach
arise. activity. This level of protection cannot be achieved with traditional
Internet Gateway security solutions such as firewalls, IPS and the like.
Proactive DDoS
protection is a Gauging your DDoS readiness
critical element 1. Recognise DDoS attack activity
in proper cyber Large high volume DDoS attacks are not the only form of DDoS activity.
security protection As discussed, short duration, low volume attacks are stress testing
and finding security vulnerabilities within your security perimeter.
against loss of
Understand your network traffic patterns and look to solutions
service and data that identify DDoS attack traffic in real-time, removing the threat
breach activity. This immediately.
level of protection
cannot be achieved 2. Document your DDoS resiliency plan
These resiliency plans should include the technical competencies, as
with traditional
well as a comprehensive plan that outlines how to continue business
Internet Gateway operations under the stress of a successful denial of service attack.
security solutions
such as firewalls, IPS An OES incident response team should establish and document
and the like. methods of communication with the business, including key decision
makers across all branches of the organisation, to ensure key
stakeholders are notified and consulted accordingly.
4
3. Pair time-to-mitigation with compliance
In the face of a DDoS attack, time is of the essence. Minutes, tens of
minutes or more before a DDoS attack is mitigated is not sufficient
to ensure service availability. As you develop your resiliency plan, and
choose your method of DDoS protection, time-to-mitigation must be a
critical factor in your decision-making process.
Next Steps
• Outline internal DDoS mitigation strategy and reporting
mechanisms
• Identify dedicated DDoS mitigation solutions for real-time and
automatic defense
• Assess these measures against compliance requirements
Corero’s DDoS defense solutions scale across some of the largest, most
complex networks leveraging modern DDoS detection and defense
mechanisms allowing for industry-leading precision in stopping DDoS
attacks.
5
About Corero Network Security
Corero Network Security is the leader in real-time, high-performance DDoS
defense solutions. Service providers, hosting providers and online enterprises
rely on Corero’s award winning technology to eliminate the DDoS threat
to their environment through automatic attack detection and mitigation,
coupled with complete network visibility, analytics and reporting. This,
industry leading technology provides cost effective, scalable protection
capabilities against DDoS attacks in the most complex environments while
enabling a more cost effective economic model than previously available. For
more information, visit www.corero.com.
Copyright 2017 Corero Network Security, Inc. All rights reserved. 867-5309-001