In response to the recently released “Q1 Akamai State of the Internet – Security Report 2015” , Dave Larson, CTO at Corero Network Security, has given the following comment:
“There is an interesting point to note which is the increase in number of attacks with a corresponding drop in mean peak bandwidth. This correlates quite closely with the transition Corero has been noticing, where DDoS is being used more frequently as a masking agent or security perimeter degradation tool. The big attacks are still occurring – but the increase in lower level attacks of the type we have been highlighting would create this trend in the Akamai data.
“Even though there is evidence of this trend in the Akamai data – you really can’t see it definitively unless you are monitoring in-line, which is how the majority of Corero customers use our SmartWall Network Threat Defense system. The big cloud DDoS providers are great at dealing with big, super-saturating events – but they do not begin to even scratch the surface of the small security focused attacks.
“Even with the 35% increase in unique DDoS attacks from Q4-2014 to Q1-2015, this still yields a total number of around 440 attacks during the quarter in the entire Akamai/Prolexic customer base. Corero sees nearly this many attacks in just a single average customer (351), with several of our customers experiencing many more discrete DDoS attacks than the entire Akamai/Prolexic customer base. This is not intended as a slight against Akamai – but it is an indication that they can only count what they can see. An out-of-band solution, while useful for massive scale events, is limited in the granularity it can achieve. Security conscious organizations must begin taking the security threat of low-level DDoS seriously – DDoS is no longer principally about denying service it is more about degrading security perimeters.”