Distributed Denial of Service (DDoS) attacks continue to be a global concern for organizations, and Romania is no exception. During June 17-21, 2024, numerous Romanian public institution websites, including those in the transport, telecommunications, and financial-banking sectors, were targeted by 25 DDoS attacks orchestrated by groups affiliated with Russia, according to the National Cyber Security Directorate (DNSC), whose site was among the targets. These attacks aim to overwhelm systems, networks, or services with a deluge of internet traffic, rendering them inaccessible to users and customers. The increasing sophistication and scale of DDoS attacks have rendered traditional protection solutions often inadequate.

In addition, many organizations are shifting towards a hybrid IT infrastructure that integrates both on-premises and cloud-based resources. This approach offers enhanced flexibility, scalability, and cost-efficiency but also introduces new cybersecurity challenges, particularly the threat of DDoS attacks. To safeguard their operations effectively, organizations require a unified protection strategy encompassing both on-premises and cloud environments.

Datanet Systems has a proven track record in deploying advanced anti-DDoS solutions and is one of the leading NETSCOUT/Arbor partners in Romania. The company has advanced capabilities to design and implement adaptive DDoS protection solutions leveraging Arbor technology, tailored for enterprise-level organizations and service providers.

 

DDoS Attacks in 2024 – Challenges and Trends

DDoS attacks remain a persistent threat, with their frequency, complexity, and impact escalating significantly in recent years. According to NETSCOUT’s „DDoS Threat Intelligence” report, over seven million DDoS attacks were recorded in the second half of 2023, reflecting a 15% increase from the first half of the year. This surge highlights the urgent need for robust mitigation strategies, as these attacks become increasingly sophisticated, often employing multi-vector approaches that target various layers of the network stack. Recent studies indicate the following trends::

• Increased Frequency in 2024: The number of DDoS attacks continues to rise, with many businesses experiencing repeated attacks within short time frames. One report indicates that in the first half of 2024, the rate of HTTP DDoS attacks increased by over 90% compared to 2023, and the average scale of attacks grew by more than 200%.
•  

  Greater Bandwidth and Complexity: Attackers are leveraging higher bandwidth capabilities. For instance, the largest DDoS attack in 2024 reached 700 Gbps, a 30% increase over the 2023 average. Additionally, DDoS attacks are becoming more complex, often combining multiple attack vectors simultaneously (such as email, databases, and web browsers) and employing the latest innovations in Artificial Intelligence.

•  

  Expanding Range of Targets: While traditionally targeting large corporations and government entities, attackers are now also focusing on smaller businesses and even individuals. NETSCOUT has found that the gambling sector is a primary target due to potential substantial financial gains and the desire to disrupt competition.

These trends indicate that traditional defense mechanisms, such as basic rate limiting or firewall rules, are no longer adequate. A more sophisticated, hybrid protection model is now essential.

 

Comprehensive DDoS protection through a Collaborative On-Premises & Cloud Approach

 

In light of the rapidly evolving DDoS threats, an effective defense strategy must cover the entire perimeter of a company. Relying solely on either on-premises or cloud-based DDoS protection solutions can lead to security gaps. Instead, combining both approaches harnesses their respective strengths.

On-premises solutions offer direct and precise control over security policies, enabling organizations to tailor and adjust protection strategies according to specific needs. Customizable security policies can be implemented and monitored to safeguard critical resources and swiftly detect anomalies or attacks. Moreover, on-premises solutions ensure immediate response capabilities against threats, reducing detection and mitigation times and thereby minimizing adverse impacts on organizational operations. They are particularly suited for safeguarding internal resources inaccessible from the cloud, such as critical or sensitive networks and systems requiring closely managed security protocols.

On the other hand, cloud-based solutions offer complementary benefits. By their very nature, these solutions provide impressive scalability, capable of absorbing and managing large volumes of traffic without the need for additional hardware. For instance, in the event of a massive DDoS attack that surpasses an organization’s bandwidth capacity, cloud solutions redirect malicious traffic to their distributed global infrastructure, ensuring continuous availability of services for users and clients. Additionally, these solutions benefit from global reach, capable of detecting and responding to threats before they impact the target network. A cloud-based DDoS protection service provider may have data centers distributed across multiple geographic regions, enabling swift detection and mitigation of attacks originating from various locations.

Consequently, based on this approach, on-premises systems handle the initial detection and mitigation of attacks, while cloud services absorb and distribute traffic on a large scale. This hybrid model ensures robust defense against all attack vectors and efficiently adapts to the magnitude of the threat.  Research Gate analysis indicates that this approach can reduce the impact of a DDoS attack by up to 90%.

 

Developing an Adaptive DDoS Mitigation Strategy

 

An adaptive strategy for mitigating DDoS attacks involves four critical components, each contributing to the creation of a dynamic and proactive defense mechanism.

1. Threat Intelligence and Analysis – a robust cybersecurity strategy begins with understanding the threat landscape, which involves:

• Continuous Monitoring: Implementing systems that continuously monitor network traffic to identify patterns indicating potential DDoS attacks.
• Integration with Threat Intelligence: Utilizing global threat intelligence to stay informed about emerging threats and attack vectors.

2. Detection and Classification – early detection and precise classification of DDoS attacks are crucial:

• Anomaly Detection: Using Machine Learning and behavioral analysis to detect deviations from normal traffic patterns.
• Multi-vector Classification: Identifying specific types of DDoS attacks (volumetric, protocol-based, application-layer attacks) to appropriately tailor response strategies.

3. Dynamic Response – adaptive mitigation requires a flexible and dynamic response strategy:

• Automated Responses: Implementing automated defense mechanisms that can respond in real-time to detected threats. For example, automatically triggering filtering rules to block malicious traffic before it impacts the infrastructure.
• Scalable Defense: Utilizing cloud resources to handle large-scale attacks, while on-premises solutions manage smaller, targeted threats.

4. Continuous Improvements – an adaptive strategy must keep pace with new technologies and vulnerabilities:

• Post-attack Analysis: Conducting detailed post-attack analyses to understand vulnerabilities and enhance defenses. Identifying weaknesses in security infrastructure allows for additional protective measures.
• Continuous Updating: Regularly updating defense mechanisms to incorporate the latest threat intelligence and mitigation techniques. For instance, regularly updating threat detection signatures to reflect new attack patterns and methods discovered in the global cybersecurity landscape.

 

Adaptive Arbor Solutions for DDoS Protection  

 

Arbor Networks, a subsidiary of NETSCOUT, is globally renowned for its advanced DDoS protection solutions. Arbor’s innovative approach seamlessly integrates on-premises capabilities with the advantages of cloud technology, delivering a dynamic and robust strategy against constantly evolving cyber threats. With unmatched expertise in detecting and mitigating DDoS attacks, NETSCOUT’s Arbor™ DDoS solutions are the choice for leading global internet providers and major enterprises, ensuring continuous network availability and safeguarding critical business services.

An exemplary case is Orange Slovakia, which, through collaboration with Datanet Systems (within the Soitron Group), implemented the Arbor DDoS Protection solution. This implementation drastically reduced their response time to DDoS attacks to just a few seconds.

Arbor DDoS by NETSCOUT has safeguarded the most complex and heavily trafficked networks worldwide against DDoS attacks for over a decade. The manufacturer believes in a well-integrated, multi-layered defense approach, essential for organizations to adequately protect against the full spectrum of DDoS attacks. The main components of the Arbor anti-DDoS solution are:

• Arbor Cloud: Offers automatic detection and mitigation of DDoS attacks. It leverages 15 global DDoS filtering centers, providing a total capacity exceeding 15 Tbps for extensive global protection against the largest DDoS attacks. Arbor Cloud DDoS services can be implemented exclusively in the cloud, activated on-demand during attacks, or integrated with Arbor Edge Defense solutions on-premises.
•  

  Arbor Edge Defense (on-premises): Protects the availability of critical services against continuously evolving DDoS attacks using global threat intelligence, automated analysis, and adaptive mitigation. Deployed in edge environments, this solution can block both inbound traffic from external attackers and outbound traffic from compromised elements within the IT infrastructure.

•  

  Arbor SP/Threat Mitigation System (high-capacity on-premises solution for enterprise organizations): Automatically implements countermeasures to eliminate DDoS attack traffic while allowing legitimate traffic to flow. It provides up to 400 Gbps of mitigation in a single TMS device and up to 40 Tbps of mitigation capacity in a single deployment. It stops DDoS attacks originating from mobile applications and other IoT devices connecting to the network.

DDoS Protection with Datanet Systems

In the face of increasingly sophisticated and frequent DDoS attacks, an adaptive approach that combines on-premises and cloud solutions provides comprehensive protection. This strategy leverages the strengths of both environments to effectively mitigate all types of DDoS threats. Arbor Networks solutions are built upon this hybrid model, offering intelligent, scalable, dynamic, and customizable defense mechanisms to safeguard organizations against the ever-evolving threat landscape.

Arbor Networks not only delivers advanced anti-DDoS technologies but also ensures the agility for swift updates, seamless reconfigurations, and tailored adjustments to counter emerging cyber threats. The specialized team at Datanet Systems is equipped to guide you through the seamless implementation and optimization of these solutions, ensuring proactive management rather than a “Set and Forget” approach.

For further information on how we can protect your business from DDoS attacks, leveraging our extensive expertise and leading Arbor Networks solutions, please contact us at sales@datanets.ro.