5 reasons why depending on your ISP for DDoS protection is a bad idea
5 reasons why depending on your ISP for DDoS protection is a bad idea
A distributed denial of service (DDoS) attack is a malicious attempt to disable an online service for users, typically by temporarily interrupting or suspending the hosting server's services. Once considered a prank, DDoS attacks are now frequently used by cybercriminals to earn money. They are regarded as one of the most powerful weapons on the internet due to their ability to be launched at will, impact any aspect of a website's operations or resources, and result in costly, time-consuming service interruptions.
DDoS attacks are distinct from other denial of service (DoS) attacks in that they flood a target with malicious traffic via a single Internet-connected device (single network connection). Attacks can originate from a wide variety of compromised devices.
To no one's surprise, the number and sophistication of DDoS attacks continue to grow. DDoS activity increased by 286 percent between Q4 2020 and Q1 2021, according to Imperva Research Labs. While security teams work diligently to mitigate these attacks, hackers adapt their strategies as they are thwarted. Many organizations rely on their internet service provider (ISP) for DDoS mitigation because this service is frequently bundled into the ISP's existing bandwidth offerings at a low cost. Because hackers are well aware of this, they prioritize ISPs as targets for DDoS attacks.
In May 2021, BelNet, a Belgian ISP, was the victim of a large-scale DDoS attack that disrupted service for over 200 organizations, including government, healthcare, and academic institutions. The massive attack unfolded in waves, despite the fact that it was not a sophisticated DDoS attack and appeared to have been designed simply to flood the network with thousands of IP addresses, causing a spike in traffic flow. The result was a significant disruption at a high cost, but it could have been far worse.
ISPs prioritize their primary technology services. While they can claim to offer DDoS attack protection, they may only provide low-cost basic protections that are likely to be insufficient to stop all but the most elementary DDoS attacks. By partnering with a security-focused solution provider that specializes in DDoS defense, you can mitigate risk in ways that your ISP cannot. The following are five reasons why choosing a security-first vendor is a better choice than relying on your ISP:
1. Your organization is not the primary concern of the ISP
If an ISP detects a high volume of traffic targeting their network, they may decide to block all traffic – including to your site. At some level, the ISP assists attackers in accomplishing their goal of shutting down websites.
2. Your Internet service provider (ISP) has a limited bandwidth allocation
As previously stated, the default response of ISPs under DDoS attack is to block traffic indiscriminately. A vendor that prioritizes security is capable of spreading traffic across multiple Internet service providers and leveraging massive amounts of bandwidth across multiple data centers to withstand volumetric attacks.
3. ISPs do not provide adequate protection against protocol attacks
As an organization, you are vulnerable to SYN floods, fragmented packet attacks, Ping of Death, and Smurf DDoS attacks, which consume server resources or the resources of intermediate communication equipment such as firewalls and load balancers. ISPs are not protected from these attacks. Additionally, they do not protect against advanced DDoS attacks such as burst attacks, dynamic IP attacks, or attacks using multiple vectors.
4. ISPs are not required to make "reasonable efforts" to thwart an attack
Because the downtime caused by DDoS attacks is expensive, the faster the response time, the better. ISPs do not provide a service level agreement (SLA) outlining attack detection and mitigation times, as well as the quality of mitigation. Delays on their own could cost a small fortune.
5. DDoS protection is not the ISP's primary business
DDoS attacks are unique, and developing strategies to mitigate them and minimize their impact on customers requires the skills and expertise of a security-first vendor. A good vendor will stay current on emerging attack techniques and trends and will have the tools necessary to respond quickly and effectively to attacks.
