DDoS attackers aren't knockin' on your door, they're breaking it down
What would the Thursday before Easter be without a good scare to keep network administrators awake at night. Perhaps IDC just mixed up the candy holidays thinking it's Halloween. Whatever, the analyst firm warns of a troubling increase in enterprise distributed denial of service attacks and promises more are coming to you.
Of course, the real motivation here is to scare businesses into exploring DDoS-protective solutions. IDC forecasts 18.2 percent growth rate in DDoS products and services through 2017, reaching $870 million. To be fair, there's little dispute about rising DDoS risks.
The Spamhaus Project just finished a rocky week of "large-scale DDoS attack". Another DDoS disrupted Wells Fargo's website this week.
Last month, Gartner also warned of increased DDoS attacks, many targeting banks and often used as distractions to cover other criminal behavior.
Avivah Litan, Gartner vice president, warns about a "new level of sophistication in organized attacks against enterprises" and that "they will grow in sophistication and effectiveness" this year.
Payment provider Dwolla is under DDoS attack as I write. Site is inaccessible. "Yesterday afternoon, Dwolla’s service providers became the victim of a distributed denial of service event, resulting in limited or no availability to the website, Dwolla.com", according to the company. "This advanced event, still persists today, and is preventing people from viewing the website and consequently accessing its services".
Prolexic, one of those DDoS-protection providers IDC claims more enterprises will give money to, says that "fourth quarter of 2012 exhibited high levels of activity" of attacks against its "global client base". That's up 19 percent year over year and by 27.5 percent from Q3. Also quarter-on-quarter, there was a "67 percent increase in average attack duration to 32.2 hours from 19.2 hours".
"As these attacks surged in prevalence and sophistication, organizations were often caught unaware", Christian Christiansen, IDC veep, says about enterprise DDoS assaults last year. "Embedded capabilities were quickly overwhelmed and outages were readily apparent on the Web. This is driving the need for proactive solutions to protect customer's infrastructure from current and future attacks".
But wait, there's a sales pitch. "With the number of high-profile attacks steadily increasing, the market for DDoS prevention solutions will surge", John Grady, IDC research manager says "A defense-in-depth posture with a combination of on-premise equipment and cloud-based mitigation provides the best protection against advanced application and SSL-based attacks as well as large-scale volumetric attacks".