The participation of service providers in the identification of DDoS attacks can help to mitigate threats at (or very near) their point of origin. Collaboration between service providers and DDoS mitigation providers can help identify the signs of a pending DDoS attack, bringing customers closer to the ever-elusive “predictive” protections that are important for defense against future DDoS techniques. As a result, service providers may play an important role in advancing the industry from mitigation of DDoS attacks to elimination of DDoS attacks.In the meantime, every organization is different in terms of network needs, disposition to risk, and technological sophistication and security expertise. The most effective DDoS mitigation strategy is one that leverages multiple layers of detection and mitigation, including any and all protections offered by service providers.

Distributed-denial-of-service (DDoS) attacks promise to remain a potent threat to the enterprise in 2015. Both IT and the boardroom need to protect mission-critical infrastructure from this growing menace to availability, brand image, and the bottom line. The key to success? Don't ignore DDoS; instead, take preventive action. With that in mind, IDC believes that hybrid defense scenarios (on-premises equipment married with cloud services) will continue to grow as organizations seek to parry advanced application and large-scale volumetric attacks and as solution providers and product vendors work to deliver joint solutions.

In order to effectively address threats within the kill chain, organizations must move faster to identify compromised systems before that compromise escalates to information theft. They need to see the entire scope of the threat—from when the compromise originated to how and where it spread, as well as the type of attack and what was communicated. Above all they need confidence that the investigations they conduct are accurate and relevant—focused on the attacks that matter most.

In 2014 Ovum looked at the evolution of the distributed denial-of-service (DDoS) attack landscape, highlighting that massive volumetric attacks were on the rise, while lower-bandwidth, more sophisticated attacks were targeting the application layer. It also described how DDoS had evolved from a standalone threat to become increasingly part of blended attacks against intellectual property or financial assets, with the DDoS providing a smokescreen to cover the theft.

This white paper updates the process, looking at attack data for the last year, as well as discussing and seeking to dispel some of the myths around how DDoS mitigation is developing. Finally, it makes recommendations regarding the kind of infrastructure that companies facing the entire spectrum of DDoS attacks should adopt.

This paper examines the four stages of evolution as security organizations move from reactively responding to incidents to proactively identifying and hunting for threats. It provides a snapshot of each stage, including the size and structure of the security team, approaches to incident response (IR), team skill sets and necessary metrics. It also identifies how to evolve your security posture to one capable of proactively hunting and neutralizing advanced cyber threats—before you end up in the headlines.

The ground has shifted under most enterprise IT security staff. Breaches are now capturing prime-time air across mainstream media outlets. As the world becomes more connected, it is no longer enough for enterprises to react once an alert indicates an attacker is inside the network. Instead, with continuous packet capture and threat feeds followed by analysis, it is now possible to hunt the attackers and locate them versus waiting for an alert. Breaches may be viewed as a security problem, but it’s they’re a bigger issue. This is a business problem; similar to lost customers, inventory, or market share, but it just happens to be through technology.

Experienced security leaders and executives have already recognized this challenge and are working towards assembling the perfect blend of people, process, and technology. What is it that they are forming? Internal teams directed to stop waiting for alerts to indicate there’s a problem and to go hunt for the attacker.