Home / Industry

Tips to Address New FFIEC DDoS Requirements

Recently, the FFIEC released statements that describe steps it expects financial institutions to take to address cyberattacks—like distributed denial of service (DDoS) attacks—and highlight resources institutions can use to help mitigate the risks posed by such attacks.

The statement went so far as to say that FFIEC members “expect financial institutions to address DDoS readiness as part of their ongoing information security and incident plans. More specifically, each institution is expected to monitor incoming traffic to its public website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate.”

While this is common practice for many of the largest financial institutions today, these new recommendations have thrown many smaller banks and credit unions for a loop. In an effort to help financial institutions of all sizes address the new FFIEC guidelines, Verisign and Juniper Networks recently held a joint webinar to highlight what exactly these new guidelines mean for financial institutions, and explain DDoS attacks and common options that leading institutions use today for DDoS protection and mitigation. All of this was discussed in the context of the six key focus areas described by the FFIEC statement: risk assessment, monitoring, incident response, staffing, information sharing, and ongoing evaluation and assessment.

There were several questions during the webinar, including the following two highlighting some key industry challenges:

Q: How does the financial industry compare with others in terms of frequency of DDoS attacks?

At Verisign we compile and analyze data on attack attempts against our customers. Based on 2013 attack activity, about 45 percent of DDoS attacks targeted the financial services industry. Our customer base is weighted toward financials—indicative of the importance of this type of protection to the industry—so it’s not too surprising that the vertical represents a high percentage of activity.

Q: NTP attacks have been in the news lately. What are these?

In the webinar, we described NTP amplification attacks that we’ve seen over the past several years, which rely on a weakness in the User Datagram Protocol (UDP) that allows an attacker to impersonate (spoof) the victim when requesting data from a third-party server. By sending small requests to many third parties that result in large responses directed towards the victim, the attacker can overwhelm victim resources while using relatively few of his own. NTP is a UDP-based protocol like DNS, but it’s used to allow computers across the Internet to synchronize their internal clocks so they all agree on what time it is. There are many “open” NTP servers on the Internet that will respond to any request, and the attackers use these servers as the third party in amplification attacks against their victims. The majority of large attacks we have seen over the last year have been amplification attacks. Having a robust network and application layer DDoS protection solution is the best way to protect against these attacks.

For more information about how to implement a DDoS protection strategy, watch the on-demand webinar or read an earlier blog post, How Financial Institutions Can Up Their Game Against DDoS Attacks.

By Verisign, A Global Provider of Critical Internet Infrastructure and Domain Name Registry Services

Verisign, a global provider of domain name registry services and internet infrastructure, enables internet navigation for many of the world’s most recognized domain names. Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. To learn more about what it means to be Powered by Verisign, please visit Verisign.com.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global