Cybersecurity is built to protect computer systems and networks from theft, damage, and service disruption from attacks such as distributed denial-of-service (DDoS). DDoS attacks work by taking a target website or online service offline by overwhelming the target or its surrounding infrastructure with a flood of internet traffic.
Although DDoS attacks have been around for more than 20 years, they remain something of a moving target as cybercriminals regularly discover and weaponize new attack vectors and techniques, including:
- Launching different types of attacks such as volumetric, TCP state-exhaustion, and application-layer attacks simultaneously as multivector attacks, each with a unique signature.
- Using different botnets to change the source of attacks and stay one step ahead of blocked IP addresses.
- Using DDoS attacks as a smoke screen to distract from the real cybercrime underway. DDoS traffic can consist of incoming messages, requests for connections, or fake packets.
But here’s the catch: Attacks are based on legitimate traffic, and it can be difficult to determine which traffic is legitimate “good” traffic and which is the “bad” traffic. Therefore, you must continually test your web servers and services, cloud offerings, and network topology for their ability to allow good traffic to pass through while stopping the bad traffic.