Tip:
Highlight text to annotate it
X
Title: DDoS Attack Results Jenny Zano: Good morning, good afternoon or
good evening depending on where you are in the world. Welcome to today's webcast, Distributed
Denial of Service Service Results, Learning from the IT Pros on What's at Stake when DDoS
Attacks Hit. It's brought to you by Information Week and Neustar and broadcast by United Business
Media, Limited. I'm Jenny Zano be your moderator today. We have just a few announcements before
we begin. This webcast contains audience polling. Polling
question will appear in the slide's presentation window. Please complete the poll when it appears
and click on the submit answer button that's located on the polling slide window. Thanks
in advance for your participation. You can participate in the Q&A session by
asking questions at any time during this webcast. Just type your question into the ask a question
text area below the video window and click the submit button. At this time, we recommend
that you disable your pop-up blockers. The slides will advance automatically throughout
the event. You may also download a copy of the slides
by clicking on the download slide button located below the presentation window.
Finally, if you're experiencing any technical problems, please visit our tech webcast help
guide by clicking on the help link below the media player. In addition, you can contact
our technical support help line, which is also located in the webcast help guide.
Now on to the presentation – Learning from the IT Pros on What's at Stake When a DDoS
Attack Hits. Discussing today's topic is Susan Warner, who is marking manager for DDOS and
DNS products at Neustar. We also have with Miguel Ramos who is an expert in distributed
denial of service attacks and product manager at Neustar. He's a published expert focused
on DDOS attack mitigation and security technology for Neustar. He has ten years of experience
with internet hosted services and IT security in both product and engineering roles.
And he currently leads the DDOS product management team for Neustar. So we'll begin the presentation
right now and hand it over to you both. Susan Warner: Thank you, Jennifer, and thank
you everyone for joining us today as we discuss real DDoS attacks and results. So Neustar
enjoys a unique position in that we have a bird's eye view into DDOS attacks across our
global DNS and mitigation networks. For more than ten years, our dedicated network operations
center and security operations center has seen DDOS attacks in action. They see the
size, the duration, the type of attacks happening across the network. And it gives us a unique
perspective into the global DDOS threat landscape. What we see often aligns with industry reports
around the frequency, size and sophistication of attacks. But across the industry we're
seeing more than 7,000 attacks daily. With the size of the attack varying. But what
we're seeing is that most are over ten gigabits per second, which is enough to clog many pipes
today. Even more worrying is how easy it is to initiate
an attack. With free tools on the internet and social media to help coordinate the attacks,
what's to stop a disgruntled employee or a dissatisfied customer from organizing an attack?
And if that angry person is lazy or technically challenged, they can just hire an enterprising
hacker to just go and do the job for them. The attacks themselves are increasingly more
complex. The types of attacks have gotten more sophisticated. And attackers are combining
multiple types of attacks and aiming for both the DNS and HTTP layers for example. Successfully
mitigating these types of sophisticated attacks is requiring deeper and deeper experience.
During a DDOS attack the entire enterprise is at risk.
Besides crippling sales and productivity, attacks also fuel doubts about the company's
stability and customer confidence will suffer. And that damage to brand equity can be long
lasting and hard to calculate. While the obvious harm is immediate, like site outages and lost
revenues, companies also suffer irreversible effects like lost customers, negative PR and
tarnished reputations. Right now it's back to school season. Do you
remember when you were a kid and your mom would drag you from store to store to store
just trying to get all of your shopping done and everything that you need? Today it's mostly
done online. Yankee Group estimates that an average midsize enterprise could lose over
$150,000.00 from a single attack. And for a large e-commerce company, they would lose
much more. It could be in the millions. So imagine if one of those back to school e-commerce
sites were taken down by an attack today. So what's really happening in the market?
In February of this year we wanted to take a look outside and gather some information
from the market. We surveyed IT professionals across North America to better understand
what was happening with them, to better understand their DDOS experiences. In all, we had 1,000
people from 26 different industries with the titles of network service managers, senior
systems engineers, system admins, directors of IT. And they shared their responses about
attacks, defenses, ongoing concerns, risks and financial losses. So today we're gonna
touch on the highlights of the survey results, but we do encourage you to download the full
survey that's available on Neustar.biz. The real DDOS numbers. The survey shed light
on five key questions. Who's been attacked? How much are these DDOS outages costing them?
What's the single greatest fear about DDOS attacks?
How long have the attacks lasted? And what type of DDOS protection are people using?
Any business that uses the web for customer service, direct sales or brand awareness is
vulnerable. We find that ruthless competitors, angry customers or social, political protestors
can easily take down a website that lacks adequate protection. In the survey, more than
300 businesses across multiple industries reported having been hit by a DDOS attack.
The industries where customer service was largely web based, such as financial services,
reported being victimized more often. And interestingly, nearly half of all responding
telecom companies have been hit. When you download the survey you'll see in
other industries the detailed survey results could be deceiving. So while over 80 percent
of participating retailers reported having no attacks, the large popular e-commerce sites
with millions of dollars at stake have long been targets.
Especially during high business times like the winter holiday season. And as the next
set of responses is going to show, online retailers have sometimes paid a very steep
price. But before we move on to that, we wanted to
do our first polling question. So if you could take a moment to just answer this. Has your
organization or have you personally experienced a DDOS attack?
Jenny Zano: If everyone will take a couple of minutes, we'll get the results up pretty
quickly. I think we're probably ready to show those results now. So send them out there
to everybody. Susan Warner: Great. So it looks like – oops.
Okay, great. So it looks like we've got about 25 percent of you saying that yes, you have,
your organization or you have personally experienced a DDOS attack. Which is pretty much in line
with what we've been seeing. Now as we move on I'm gonna had this over to Miguel now.
Miguel Ramos: Hey, everybody. Let's look at the impact of attacks on revenue to organizations.
When we surveyed organizations, we saw that more than half of all companies report that
the DDOS outage would cost them dearly. Companies with costs of 50,000 an hour would feel a
daily impact of 1.2 million. The key takeaway here really is that downtime can have a significant
impact on revenue. And we see that in the survey results.
If you break it down by industry, it's quite interesting. In the finance sector we're looking
at over 80 percent of respondents that place losses at over 10K an hour. So we'll give
you an example. A trading company with a trading platform and traders not being able to place
trades, therefore, causing a loss of revenue. On the retail side, almost 70 percent say
outages cost over $100,000.00. This makes sense. If you sell online and you derive a
lot of revenue from your website, the impact is obviously disastrous potentially. In excess
potentially of 2 million dollars a day. So the impacts to revenue are quite significant.
Interestingly though, the impact to revenue is not necessarily the primary concern that
organizations have when it comes to DDOS attacks. Customer experience impact and negative impact
are actually the top concerns, not revenue loss. That's actually really interesting.
The companies seem to be taking a longer term view on the potential negative impact.
Give you an example. These days social media plays a huge role,
Twitter, blogs, etcetera. Consumers are using these to research organizations. And the fall
out from a DDOS can potentially be permanent. There's a permanent record out there of people
discussing your company. And there's typically permanent records of DDOS attacks. And easily
available for consumers to look at and find. So the long term negative impact can be significant.
We also understand that customer experience and the impact the customer experience does
also drive negative brand impact. So it's very interesting that companies are taking
a longer view and seeing that revenue is not actually the – or short term revenue loss
is not actually the most important issue. We'll kind of walk you through an example
of what we're talking about here. In this case, Neustar neutralized and helped a customer
mitigate a DDOS attack. This particular customer was associated with
a conservative political party. They were suspended from their service provider. Essentially
they were black holed, taken off the internet because they were under a DDOS attack. Their
provider actually told them they would not turn them on unless they engaged the services
of a DDOS mitigation provider. They'd been down for a week and they decided to search
for a provider. They were back up within two hours with the Neustar service.
They saw additional attacks, but they were successfully mitigated. And once – those
attacks kind of happened early on. And once the attackers saw that they weren't having
the impact that they desired, they gave up. This issue had a specific – a very big impact
for the organization in question. They were down for a week. And that obviously
generates negative brand damage. And interestingly enough, the CEO actually fired the entire
web services team over their lack of contingency planning and their lack of effective response.
So the consequences can be disastrous. And it's very important to be prepared.
When you break down the worries by industry and people's concerns, you do see that largely
the trend is still around negative brand impact and customer experience as the top drivers
of concerns. Job loss is actually an issue for the IT organizations and that makes sense
because it's typically IT people that have to defend against these attacks and their
jobs are typically on the line. But the overarching theme across most industries
is the same. That negative impact and long term – negative impact and customer experience
are important and the long term view is sort of held by most of these organizations.
So how long do these attacks last? Our survey results showed that the organizations that
we polled said that over 35 percent of them experienced attacks that lasted longer than
24 hours. And 11 percent of them experienced attacks that lasted longer than week. This
is most likely due to the fact that they did not have the proper defenses in place. Most
attacks are neutralized quickly if the right defenses are in place. And once attackers,
as I said earlier, once attackers see they aren't having an impact, they give up. So
potentially if you don't have the right defenses in place, the attacks are gonna last a lot
longer. Jenny Zano: Well, we have a poll coming up
next. We're going to ask the audience if you could just let us know whether you are confident
that your organization could successfully withstand or mitigate a DDOS attack. So if
everyone could just take a couple of seconds here to respond yes or no that would be a
real help. All right. And I think we are going to send out these results. I think we have
some interesting findings here that you might want to comment about. Miguel.
Miguel Ramos: Interesting. We see that close to 60 percent of the people surveyed have
said that they are not confident that they're able to withstand a DDOS attack. And this
is a common thing that we're seeing across the industry. Most people are just not prepared.
They don't know enough about how to do it or what their options are.
And we'll talk about that shortly as well. This kind of dovetails into the next question
that we ask people around types of DDOS protection that people are using. That organizations
are using to fight DDOS attacks. The large majority of people that responded are actually
using firewalls, routers or switches. A significant amount of people, a quarter of the people
that we spoke with or that responded to our survey are actually not using any DDOS detection
– they don't have a DDOS protection at all. And a lot of people are using intrusion detection
systems. DDOS mitigation hardware, which is specialized
hardware to fight DDOS attacks, was only used by about 3 percent of the people that responded
to our survey. And miscellaneous other ones were 5 percent. It's really interesting. I
mean it dovetails very much with the survey results that we just saw. Most people are
not prepared or they're using the wrong tools to fight the DDOS problem.
Unfortunately, when you use firewalls and routers and switches, you know these tools
are not optimal for solving attacks. They cannot really guard against sophisticated
attacks that look like valid traffic. And typically routers are used to black hole certain
areas. So you use them to lob off traffic and just drop traffic from specific regions,
for example, and that blocks a lot of good traffic. So the right strategies are not in
place. And most organizations are either they don't have the right strategy in place or
they don't have a strategy at all. What options are out there? What options do
people have for DDOS mitigation? There are about – there are four different options
that are available to organizations that are looking to solve this problem.
The first is typically to get a service from your internet service provider. There are
some advantages to this. It doesn't require additional staff. It doesn't require additional
hardware, expenditures and it's an easy add-on service. There are issues with this particular
approach though. Typically these ISPs are not the best at solving layer seven or really
advanced DDOS attacks. An organization might have connectivity from multiple different
providers and you may be required to buy a service from multiple providers. And typically
these providers, I mean if attacks would end up reaching the edge of their networks these
providers, even if you have a service from them, if you start to threaten the rest of
their infrastructure of the rest of their customers, the will shut you off.
Another option is to kind of do it yourself. To buy your own hardware and manage it yourself.
The hardware that is available is very feature rich. It offers real time views of attack
traffic. It usually offers detection functionality as well. But it's very expensive. It's very
expensive. It requires very specialized staff to operate. And it still requires a lot of
bandwidth. You have to have a lot of bandwidth to mitigate even the largest attacks. So doing
it yourself is a very expensive proposition. A CDN service is sometimes used to mitigate
attacks. The issue with that is that they don't typically mitigate layer seven attacks
properly. It is easy for a knowledgeable attacker to pierce through the CDN and reach the origin
servers and negate the defense capabilities of the CDN completely. Beyond that, you might
get a big bill at the end of the month for the overages associated with the CDN.
Cloud based mitigation is another option. It obviously doesn't really require additional
capital expenditures and equipment. It doesn't require additional bandwidth. It doesn't require
additional staff. And it really leverages the expertise of providers who are specialized
in doing this. It keeps traffic away from your infrastructure and its carrier agnostic.
So that's another option that people are using to mitigate attacks and an option that makes
a lot of sense for most organizations. DDOS attack mitigation is not something most organizations
need to focus on. And outsourcing that is a very intriguing and interesting proposition.
Jenny Zano: Great. We've got another poll question coming up for everyone. Now that
you've had an opportunity to – hold on. Trying to get the poll question out here.
Now that you have had an opportunity to hear some of the options that are available to
you, can you please go back and answer the same question that you answered a couple minutes
ago. Are confident that your organization could successfully withstand or mitigate a
DDOS attack? So if you could just take a minute and revisit that question in light of some
of the information you've just received, that would be great. Okay. And here are our latest
results, Miguel, for you to speak to. Susan Warner: Hi, it's Susan back. So this
is interesting. So we're looking at – yes, you're hearing – so after hearing everything
that Miguel had to say about the types of protection, we're looking at an increased
confidence, which is interesting. So I'm glad that some of you out there are feeling better
about your selection. Next up I'd like to tell you a little bit
about another real customer that went through some trial and error. This is a smallish company
doing 95 percent of its business online. It's a small supply company. They received a threatening
email signed from Captain Jack Sparrow stating that something may happen to their website
if they did not contact him for protection. They received a number of these types of emails
and the final email that they received was, no more communications, you made your choice.
So they braced themselves and they waited. They went through the threat assessment and
they decided that they weren't going to try to bargain with this person.
The attacks started shortly after the last email. And the team tried to manage the attacks
internally and with their ISP, but they were quickly overwhelmed. The attack was a DNS
DDOS attack. So they quickly Googled a solution and went with it.
The chosen vendor could not handle the attack as the size of the attack continued to increase
over time. So they sought another solution. Within weeks of testing that second solution,
they realized that the vendor did not have the experience or the expertise to help them
with the kind of an issue that they were dealing with. The attacks had again escalated in frequency,
size and they began targeting both the DNS and the HTTP layer. Finally, when they contacted
Neustar they were able to successfully mitigate the effects of the attack. The attacks stopped
shortly after they utilized Neustar's UltraDNS and SiteProtect network.
The attacks and the trial and error with the different mitigation solutions went on for
several weeks. Sorry. Several months. And the attacks intermittently took their website
offline. Luckily and oddly enough, the attacks were
focused around the weekend but did run into prime time business hours on Mondays and Fridays.
So they did suffer from revenue losses. They felt like with that experience, the trial
and error of going through multiple solutions and looking for a solution that really would
help them and the learning curve of trying to figure out what to use while under attack
was really the biggest problem that they had. So overall, the survey results that we went
through, the survey responses, they did paint a picture of uncertainty and risk. Over 20
percent said website outages cost them more than $50,000.00 an hour. Nearly 70 percent
of retailers reported that website outages caused revenue losses of 100,000 an hour and
sum totaling millions per day. Thirty-five percent said that their attacks
lasted more than a day. With over the 300 respondents had experienced an attack, a few
of them reacted by implementing a specialized protection solution. Again, we encourage you
to download the full report, which is entitled DDOS Survey Q1 2012, When Businesses Go Dark.
It's on our website, Neustar.biz. And that'll detail the findings that you'll find from
the survey. And we hope that after hearing these results you'll take the steps to look
at your level of protection, calculate the short term, long term and personal impact
of a successful DDOS attack and consider your options for a purpose built DDOS solution.
Now before we get into the – before we wrap up and move into the Q&A portion, I wanted
to just give a short introduction to Neustar in case you're not familiar with us. Neustar
is a trusted technology and information services company serving the telecommunications, internet,
marketing and media industries. We've been around for more than 12 years and
we're listed as one of Forbes top 25 fastest growing companies in America. Every number
is what defines us. Our technology enables people to take telephone numbers with them
when they're changing providers, ensures that text messages reach the right person, directs
people instantly and correctly to the websites they wish to visit and ensures they get through.
Most importantly, we provide our customers with information so that they can better serve
their customer. And as you can see from the numbers, whether calling, texting or surfing
the web, Neustar helps people make billions of connections each day.
Jenny Zano: Thank you, yes. I just wanted to let everyone know that we are gonna be
starting with our Q&A in just a sec. But it would be great if our audience could take
a few seconds to fill out the feedback form that's opened on their computer.
To complete the form just please press the submit answer button at the bottom of the
page. And I'd like to thank everyone in advance for filling that out because your participation
Miguel Ramos: Thanks for your time everyone.