Distributed denial-of-service attacks are easy to launch yet difficult to defend against. Margee Abrams of Neustar discusses the state of DDoS and how organizations can best defend against today's potentially damaging attacks.
Neustar, a DDoS solutions vendor, regularly assesses the state of DDoS globally, and will be presenting its latest findings at the RSA Conference 2015 in San Francisco April 20-24.
Among the highlights of the latest research, according to Abrams: DDoS-as-a-service can now be purchased in the underground economy for as little as $6 per month, and the attacks are both multi-faceted and powerful. Put those services in the hands of attackers who understand their targets' business processes - and how to disrupt them - and they become a dangerous weapon.
"Attackers are actually repurposing DDoS attacks for multiple attack vectors," says Abrams, director of IT security services product marketing at Neustar. Whereas attackers used to launch attacks solely to disrupt organizations or distract the defenders, now they are launching attacks within attacks.
"We're seeing a greater instance of additional testing launched during a DDoS attack. So, we're seeing infection-detonation malware and viruses as well."
The bottom line, Abrams says, is: "DDoS attacks are becoming more prevalent and more impactful to companies worldwide."
In this exclusive interview conducted in advance of RSA Conference 2015, Abrams discusses:
- The business impact of DDoS attacks;
- Common defensive gaps;
- The evolution of mitigation strategies.
As director of IT security services product marketing at Neustar, Abrams is responsible for building and driving the company's IT security services strategy. Her team is specifically focused on the company's DDOS, DNS and Web performance monitoring services. She formerly worked at Verizon Communications, where she deployed the company's first advanced persistent threat protection service. Prior to joining Verizon, Abrams served in Booz Allen Hamilton's Cyber Security Center of Excellence, with a focus on threat analytics.