"Paper" security is ineffective, especially against DDoS attacks
Posted: Mon Feb 10, 2025 4:56 am
From time to time, we have to deal with the “paper” approach of some clients regarding DDoS risks. It looks something like this: an organization connects a DDoS protection service and, on the one hand, requires the Anti-DDoS provider to obtain all sorts of certificates, conclusions and other documents proving that protection from DDoS attacks is provided at a high level, and on the other hand, ignores the provider’s recommendations on increasing the sustainability of the organization’s resources to DDoS risks. In essence, such a client gets a “paper” from the provider designed to convince of protection from DDoS attacks, but at the same time can, for example, leave a low-power router on the edge of its network, which, although it can handle the usual load, will “lie down” at the first attack that, for example, a modern schoolchild is capable of carrying out.
As the experience of previous decades of the information security industry shows, “paper” security in its pure form does not work. At least because the preparation of requirements and recommendations by regulators will inevitably lag behind the rapid growth of skill and technology of attackers, who are inventing more and more new ways to overcome information security barriers and damage the resources chosen as targets of attacks.
Attackers specializing in DDoS risks are evolving bolivia mobile database before our eyes: they are increasing the power of attacks, inventing new methods, improving their tools and reducing the cost of their "actions". Moreover, in an effort to achieve a more destructive effect, attackers cooperate - they unite networks of different botnets for attacks, coordinate their actions, manage numerous groups of well-motivated supporters who voluntarily become accomplices of DDoS attacks, strengthening them due to their mass character.
As the experience of previous decades of the information security industry shows, “paper” security in its pure form does not work. At least because the preparation of requirements and recommendations by regulators will inevitably lag behind the rapid growth of skill and technology of attackers, who are inventing more and more new ways to overcome information security barriers and damage the resources chosen as targets of attacks.
Attackers specializing in DDoS risks are evolving bolivia mobile database before our eyes: they are increasing the power of attacks, inventing new methods, improving their tools and reducing the cost of their "actions". Moreover, in an effort to achieve a more destructive effect, attackers cooperate - they unite networks of different botnets for attacks, coordinate their actions, manage numerous groups of well-motivated supporters who voluntarily become accomplices of DDoS attacks, strengthening them due to their mass character.