Businesses Not Prepared for DDoS Attacks and DNS Failures, Study Shows

Most organizations aren’t prepared to prevent and respond to web infrastructure failures caused by distributed denial of service (DDoS) attacks and Domain Name System (DNS) failures. These conclusions came from two studies commissioned by VeriSign that show the urgent need for robust DDoS protection, reliable and secure DNS infrastructure, and advanced threat intelligence.

Verisign commissioned a market research report from Merrill Research to investigate the level of concern IT decision makers have with the growing threat of DDoS attacks in today’s ever evolving cyber landscape. An online survey of 225 IT decision-makers in the U.S. from large and medium-sized businesses revealed that 78 percent are extremely or very concerned about DDoS attacks, and more than two-thirds (67 percent) expect the frequency and strength of DDoS attacks to increase or stay the same over the next two years. Nearly nine in 10 respondents (87 percent) view DDoS protection as very important for maintaining availability of websites and services. Additionally, 7 in 10 (71 percent) respondents who reported a lack of DDoS protection said they plan on implementing a solution in the next 12 months.

Research Highlights:

• DDoS attacks are widespread: Nearly two-thirds (63 percent) of respondents who reported experiencing a DDoS attack in the past year said they sustained more than one attack. Eleven percent were hit six or more times.

• More sites will soon be protected: Of the respondents who currently lack DDoS protection, 71 percent plan to implement a solution in the next 12 months — 40 percent plan to outsource their DDoS protection, 31 percent plan to implement an in-house solution, and 29 percent are still undecided on their approach for protection.

• Leaving web infrastructures unprotected is too risky: More than half (53 percent) of the respondents said they experienced downtime in the past year, with DDoS attacks accounting for one-third (33 percent) of all downtime incidents.

• Downtime impacts customers and revenue: More than two-thirds (67 percent) said their downtime impacted customers and half (51 percent) reported they lost revenue. Considering 60 percent of the respondents rely on their websites for at least 25 percent of their annual revenue, downtime can have significant and lasting impacts.

• Threats extend beyond DDoS attacks: The study also found that nine in 10 respondents rate “access to threat and vulnerability data” as very important and nearly three-fourths (73 percent) are “concerned with DNS failures” — suggesting a significant need for ongoing threat intelligence and managed DNS services, in addition to DDoS protection and mitigation.

• DNS Availability Lower for Internally Managed Sites – A separate study commissioned by Verisign sheds light on the need for solutions that ensure DNS availability — a crucial requirement for the reliable operation of websites, network services, and online communications. The study found that in the first quarter of 2011, DNS availability was a problem for even the highest ranked e-commerce sites.

Related Resource: Understanding Web Application Security – Defending the Enterprise’s New Porous Perimeter

Using proprietary technology, ThousandEyes, a company that provides application performance analytics, calculated the minimum availability, maximum availability, and average availability of the Alexa 1,000 websites in the first quarter of 2011 to illustrate the state of global DNS availability.

The research revealed some stark differences between sites with internally managed DNS and those that employ third-party managed DNS services. In particular, the study revealed that minimum DNS availability on average dropped to 90.13 percent for sites that host their own DNS, while sites using third-party managed DNS services averaged a minimum DNS availability rate of more than 98 percent. When examining minimum availability overall, the research showed that some sites with internally managed DNS had total outages, while sites with third-party DNS management never went below 50 percent availability. Similarly, average downtime for sites that host their own DNS is twice that of those that use a third party (99.7 percent versus 99.85 percent).

A separate study released by Arbor Networks earlier this year, showed that 2010 should be viewed as the year distributed denial of service (DDoS) attacks became mainstream. In its Sixth Annual Worldwide Infrastructure Security Report, Arbor Networks revealed that DDoS attack Size broke 100 Gbps for first time; up 1000% Since 2005. 2010 also witnessed a sharp escalation in the scale and frequency of DDoS attack activity on the Internet with many high profile attacks launched against popular Internet services and other well known targets. In addition to hitting the 100 Gbps attack barrier for the first time, application layer attacks hit an all-time high.