Application-layer attacks are getting smarter — and more common.
For businesses with outward-facing Internet services — which is to say, nearly all of them these days — distributed denial of service (DDoS) attacks have been a major threat for over a decade now. Various strategies exist to defend against conventional attacks.
But as is usual in the cybersecurity arms race, DDoS attackers have evolved in parallel with the defenders. An example is in the way DDoS attacks have increasingly focused on the application layer, which is also known as layer seven in the standard OSI network model.
Application-Layer DDoS Attacks More Targeted
While all DDoS attacks attempt to shut down public, Internet-facing services, application-layer DDoS attacks go about it in a particularly insidious way. Rather than simply slamming a target in a generic sense, overwhelming its ability to respond and blocking out legitimate revenue-generating traffic, application-layer attacks are far more specific.
They target a particular aspect of how an application works, such as the link between the service per se and the core databases on which it depends. For instance, a financial institution’s customer-facing transaction services cannot function properly if the customers’ account data can’t be looked up.
This approach has several ramifications.
First, an application-layer DDoS attack requires far fewer attacking nodes — instead of a botnet of thousands, for instance, a hacker might only need a few dozen. Second, because the attack is much more focused, it also more closely resembles legitimate traffic and is harder for defensive strategies to recognize and block. Third, it’s exactly because of these factors that application-layer attacks are becoming increasingly popular. According to Akamai, a distributed Web solution provider, the year-over-year increase from Q4 2013 to Q4 2014 in this form of DDoS attacks was a startling 51%.
Layer 7 Defense Strategies
So how can businesses best defend against layer 7 attacks?
As a distributor of top-tier security solutions, Fine Tec is an excellent position to answer that question. In particular, we’d like to single out Fortinet’s FortiDDoS solution — a complete offering that can deal very effectively with a variety of different DDoS attacks, including those based on OSI layers 3, 4, and yes, even layer 7.
How? In a nutshell, Fortinet’s technology is both smarter and more powerfully implemented. Thanks in part to custom, proprietary ASICs, FortiDDoS can first identify the specific behavioral patterns of attacks — not just search for arbitrary signatures, that can change easily — and then take effective action to shut them down.
To do this, FortiDDoS assesses inbound packets from many different angles, including their origin hosts and IP data as well as their specific content and the logical request being made on the infrastructure that the packet content implies. This smart analysis makes it relatively simple to separate true client traffic from botnet-generated attacks, however fine-grained those attacks may be. Because the technology is exceptionally fast, it can accomplish all this much more quickly than competitive offerings from other providers.
As application-tier DDoS proliferate — and there’s little doubt they will — your customers will need to be more proactive about fighting them. Fine Tec — a top Fortinet distributor — can support your efforts to promote the Fortinet FortiDDoS approach. Get in touch to find out how by emailing us at marketing@finetec.com or visiting us at finetec.com.