• Application Layer DDoS Attacks

    Stop application layer DDoS attacks before they disrupt your business operations. These DDoS attacks are difficult to detect and focus on small complex attack sequences.

  •  
  • Application layer DDoS attacks have become very effective in the world of cyber attackers. They essentially represent an advanced kind of DDoS attack, kind of like a Special Forces analogy, in that they’re very hard to detect, they frequently seem initially legitimate and they’re focus is normally not on volume, but on small highly skilled or highly complex DDoS attack sequences. Nevertheless, even though application layer DDoS attacks are small and non-volumetric they’re as effective as any other volume-based DDoS attack essentially rendering your business down or disrupted, otherwise disrupted.

    What Are Application Layer DDoS Attacks?

    Application layer DDoS attacks are DDoS attacks on layers 5 through 7 in the OSI stack both across the board like: FTP, SMTP, HTTP, HTTPs, TLS as well as some business critical VoIP applications or really anything that your organization might be using. For example, if you’re an electric company, you might be using SCADA oriented proprietary protocols in layer 7. These are all application layer DDoS attacks and you have to be able to detect an application layer DDoS attack, all of your protocols that you’re using broad and then vertically within the application itself, all the problems that might arise within the application layer stack.

    For example, most notably, is on HTTP where it has a whole plethora of known vulnerabilities. There are 60 categorical types of vulnerabilities as part of the OWASP standard and each one of those needs to have the ability for you to quickly detect that there are potential application layer DDoS attacks going on that may disrupt your business. These are things like sessions, connections, concurrent connections, injections like L dap or Ajax, or the infamous SQL injection as well as input parameters, Brute Force attacks and all sorts of other application layer DDoS attacks.  So you can see here that with application layer DDoS attacks NetFlow is almost useless. NetFlow being one do the major detection technologies for DDoS vendors today.

    DDoS Protection for Application Layer DDoS Attacks

    For DDoS protection against application layer DDoS attacks, you’re going to need to have an advanced, very close application detection technology that will not only be able to detect robustly a behavioral element of a legitimate connection, but will be able to move that DDoS mitigation in to the cloud to move it away from your applications as fast as possible. The behavioral element has been driven as a result of essentially of the nature of application layer DDoS attacks.

    Nature of Application Layer DDoS Attacks

    The nature of application layer DDoS attacks is a legitimate connection, i.e. it’s not able to be detected in a cloud. It’s a legitimate connection that comes in and within that connection is misuse that goes on. That misuse can be connections, concurrent connections, input parameters, sessions or injections of commands that are going in. All of these need to be detected in a behavioral way. Ways in which rates and IP blocking will not be able to help you.

    Under Attack and in Need of Expert Emergency Assistance? Radware Can Help.

    Radware offers a DDoS service to help respond to security emergencies, neutralize the risk and better safeguard operations before irreparable damages occur. If you’re under DDoS attacks or malware outbreaks and are in need of emergency assistance, Contact us with the code "Red Button.”

  • Recommended Videos

    DDoS Security Concerns in Cloud Computing
    How to Stop Sophisticated DDoS Attacks
    Radware's Advanced Persistent Threat (APT) Score