Neustar Second Annual DDoS 2012 Survey
Download full survey: PDFLast year, Neustar reported on the DDoS landscape during 2011. This year, it surveyed IT pros on their experiences in 2012. Did the threat of DDoS grow or shrink? What were the costs of downtime? In total, were companies better prepared to protect their websites and their brands?

In comparing threats to readiness, the answers weren’t encouraging:

• DDoS attacks continue to grow in frequency and impact
• While a handful of massive attacks dominated the headlines—especially in the banking industry, where many suspect the hand of unfriendly nation-states—most DDoS attacks are less than 100Mbps in size
• As in 2011, over 1/3 of attacks lasted longer than 24 hours, extending downtime, customer complaints and mitigation costs
• Connecting the dots: it doesn’t take a mega-attack to cause lasting damage, merely well-planned strikes on poorly defended websites
• While more companies are investing in some type of DDoS protection…
• Most still rely on firewalls and other traditional solutions that get bottlenecked during attacks and accelerate outages

Most Frequent Ddos Victims – As in 2011, financial and ecommerce businesses were the most frequent DDoS victims. Last year, 32% of financial organizations reported being attacked. In 2012, the number increased to 44%. Starting in Q3 2012 and continuing to the present, banks in particular have suffered large, disruptive attacks, with specialized botnets such as “itsoknoproblembro” amplifying the destructive impact.
(Source: Neustar 2012 DDoS Survey)The data reported here is from a wide-ranging survey, not from Neustar’s network monitoring or DDoS mitigation efforts. The data reflects the realities faced by diverse IT professionals across numerous industries, among companies large and small. It shows the real challenge most companies face today: how to gauge the threat clearly and respond within their means.

Among the key findings from the survey, 35% of organizations experienced a disruptive DDoS attack in 2012. Of those surveyed, 39% of retailers and 41% of ecommerce businesses experienced an attack last year. Additionally, more than a quarter of respondents (26%) indicated a DDoS outage could cost between $50-100k per hour, further showcasing the need for a strategy around DDoS protection and mitigation.

Additional survey findings include:

• Key sectors reported higher rates of attack: The number of retailers experiencing an attack increased by 144% from 2011 levels to reach an overall level of 39% in 2012; financial organizations experienced a 38% increase in attacks year-to-year with 44% of financial organizations being victimized in 2012.
• Though more companies are deploying DDoS protection—only 8% had no protections in place compared to 25% in 2011—few have invested in purpose-built hardware or third-party expertise.
• The latter is alarming; while 66% of companies use firewalls, routers and switches for DDoS protection, these networking products create bottlenecks that actually aid attackers.

How long did DDos attacks last?

2012 Annual DDoS Attacks & Impact Infographic – To see how DDoS attacks affected businesses in 2012, Neustar surveyed over 700 IT pros. Comparing 2012 results with out 2011 survey, it’s clear that many people are still hoping and wishing and praying they can solve a complex problem with old-school solutions. (Click to Enlarge Image)Tracking with last year’s results, survey found over a third of all DDoS attacks lasted more than 24 hours: 37% in 2012 versus 35% in 2011. Some attacks stretched out for several days or even longer—with 20% of attacks lasting between 3 days and 7+ days. The longest attacks, those lasting over a week, increased from 10% in 2011 to 13% in 2012.

According to Christian A. Christiansen, Chris Liebert and Charles J. Kolodgy of IDC Research, in a February 2013 report, entitled The Business Value of Hybrid Cloud-based Compromise Intelligence Monitoring and Threat Mitigation, “Given the complex nature of today’s threats, enterprises can achieve a strategic advantage by employing a new layer of security that is services based. Cloud-based services are an important aspect of this approach to security and provide always-on monitoring without the added expense of buying and maintaining on-premise equipment.”

Download a copy of the full survey here.

About Neustar siteProtect

Learn How Neustar Technology Can Block DDoS AttacksNeustar SiteProtect offers intelligent DDoS protection, blending the people, processes and technologies to stop today’s complex attacks. Using battle-tested procedures and best-of-breed equipment, the experts in the Neustar Security Operations Center work swiftly to eliminate downtime and protect your brand.

Based in the cloud, SiteProtect offers 24/7 on-demand traffic scrubbing. Immediately accessible through DNS or BGP redirection, it provides instant relief from DDoS attacks involving network Layer 3, application Layer 7, IPv6 and/or encrypted traffic—or any combination of these takedown methods. SiteProtect reroutes traffic to unclog your network, filters malicious traffic and permits valid traffic to return to your infrastructure.

Built on a dedicated, globally distributed Anycast network, SiteProtect can be instantly deployed and remains activated until the danger is gone. With SiteProtect handling the DDoS, your responses remain nimble and in sync with customer requests. Online business continues even as the attack unfolds.

For larger organizations, SiteProtect is an ideal complement to in-house mitigation hardware. As a cloud-based failover solution, SiteProtect provides the bandwidth to absorb malicious traffic and enables you to launch countermeasures in real time. Using a hybrid approach, you can leverage your investments in DDoS detection and alerting, avoid outages and minimize disruptions.