DDoS Attack Report: ServerCentral’s DDoS Attack Defense | Radware Security


The Chicago-based firm, Server Central, routinely identifies network and distributed denial of service attacks, which occur as frequently as every few days and range from small protocol floods to full-blown DDoS attack campaigns designed to extort money. After the victim pays up, the attacker promises to stop the DDoS attack.

Download a Copy Now

Pay Up or Else: IT Infrastructure Solutions Provider Helps Customers Navigate Distributed Denial of Service Attacks

We live in a managed services world where organizations across industry sectors are outsourcing significant pieces of their operations to third-party specialists. The business case for managed services can be compelling. But as DDoS attacks and security threats rise, so too have the stakes for DDoS attack defense for managed services providers. These companies must not only have DDoS attack defense strategies in place to protect their own networks and data but also serve as effective guardians on behalf of their customers and their customers' customers.

As an IT infrastructure solutions provider, ServerCentral fills these dual roles. The Chicago-based firm routinely identifies network and distributed denial of service attacks, which occur as frequently as every few days and range from small protocol floods to full-blown DDoS attack campaigns designed to extort money. After the victim pays up, the attacker promises to stop the DDoS attack.

Earlier this year, one of ServerCentral's customers—a company that offers a web-based tool for project management—was the target of an organized DDoS attack that involved attempted extortion. The group's MO is simple: threaten to attack a network if an organization does not meet its demands for payment.

After refusing to negotiate with the criminals, the ServerCentral customer was hit with a 20GB DDoS attack. The incident underscores the important role that ServerCentral plays in its customers' network security. "ServerCentral takes as much pride in our customers' ability to execute and offer service as we do in our own ability to provide infrastructure in support of mission-critical applications and business functions," says Ron Winward, the company's Director of Network Engineering. "We are equally focused on providing 100% uptime to their customers and end users."

Detecting Extortion-Based DDoS Attacks

ServerCentral detects DDoS attacks in many different ways. In the case of the extortion-based attack, the customer notified ServerCentral of the threat.

"In some instances, customers will contact us, noting that something isn't right. They may recognize it as an attack or simply see something out of the ordinary," Winward says. "Attacks can also be detected by our network monitoring tools, which can identify anomalies and alert our Network Operations Center of the incident."

ServerCentral engineering staff regularly reviews the network reporting data and performs DDoS forensic research using historical flow analysis when needed. For ServerCentral customers that use Radware's DefensePro and DefenseSSL, ServerCentral's Network Operations Center and engineering staff are notified of detected DDoS events in real time.

After years of experience operating a resilient, high-performance network, Winward says ServerCentral was prepared to support its customer through the extortion-based DDoS attack. In fact, the company has built a DDoS attack defense model that it can apply to customer interfaces immediately once a problem turns up.

"As a result, most customers don't even know they're being attacked until ServerCentral's monitoring system detects it," Winward says.

DDoS Attack Defense: Planning for the Future

Groups responsible for many DDoS attacks, especially those that incorporate extortion, have a habit of stopping and starting attacks at random intervals. Winward says that ServerCentral's core network architecture, deployment of carrier-class routers, and use of a DDoS forensic toolset help ensure the company is ready for even the most unpredictable attacks, thus providing the best possible DDoS attack defense.

"We're able to quickly and easily manage the presence of an attack with a known or identifiable fingerprint," Winward says. "Offering DefensePro as a real-time option for individual customers further strengthens our position, especially for application-layer and SSL attacks."

ServerCentral keeps standby units onsite for rapid deployment, if needed. However, Winward acknowledges that the real-time responsiveness of DefensePro simply outmatches any reactive technique, no matter how fast it may be. DDoS attacks are becoming both more sophisticated and seemingly easier to execute, and Winward says ServerCentral expects the number of attacks to double over the next 12 months. Managed services providers need to remain vigilant in their DDoS attack defenses, as attacks can affect both their own networks and those of many or all of their customers.

With that reality in mind, customer education is an increasingly important component of the company's strategy for DDoS mitigation. ServerCentral makes a point of educating its customers about risks and about the steps they should take for DDoS attack defense to proactively guard against those risks.

"As we see more and more attacks of all types, we have an obligation to share this knowledge with our customers so that everyone can be as vigilant as possible," Winward explains. "We know that attackers are focused on their 'job' 100% of the time. For ServerCentral, staying abreast of changes in attack patterns, objectives, and execution is something that must remain 'on' at all times as well."