Home / Blogs

Do I need DDoS protection? A Realistic Look at the Decision Process

There has been a recent spate of well publicised Distributed Denial of Service (DDoS) attacks that bring websites down and render them useless, including Evernote and most recently Feedly. In light of this, here are some comments and tips to help companies evaluate and prepare not to be held for ransom or suffer lost reputation and sales as a result.

DDoS attacks bombard a website with so many external communication requests that it floods the system and overloads the server to such a point that it can no longer function, leaving the website paralysed and unable to transact business. Attacks of this nature are on the rise and it’s fair to predict that this year will be no exception to this trend.

To prepare, start by thinking about the impact of your website being down for one to three days and how it would affect current and prospective clients, loss of revenue and the reputation of your brand. Think of the direct cost of lost sales. Many companies average their sales over the year and say to themselves, we do for example 10K per day in sales, so if we were down for a few days it would cost us 10-30K, which won’t kill our business. This is the first big mistake!

The dirty little secret is, many DDoS attacks are perpetrated by your competitors. The attackers sometimes will target numerous competitors at once and do it at the worst time possible. Here’s a few real life examples of what we have seen over the last 7 years. One year we picked up 9 customers who were all attacked on October 15th, why? because they all sold Halloween costumes online, and their sales at this time of the year would be 50 times a normal day in say February. We saw 10 sports book sites all attacked on the weekend that marked the first day of the NFL season. This is an interesting business, because anyone who places bets on sporting events always uses 2-5 different sportsbooks, so they can get the best odds, this means that if your site is down, they will place their bet on another site, they already have accounts on other sites, so its an easy for them to place the bet somewhere else. This is business that’s lost forever and it can be substantial given this is one of the busiest days of the year.

If you have an online flower shop, you should calculate the cost of downtime on February 12-14, pre Valentine’s Day. Google is usually the first port of call when checking out products and services, so chances are high that any disruption to your web experience won’t be favourably looked upon by prospects.

Take Evernote for example; customers have come to expect virtually uninterrupted service. Given Evernote’s service, if a customer was unable to access their files stored on their system, it could lead them to look at alternative options. Evernote should take this one day outage as a huge warning and make changes to their infrastructure to avoid a repeat event.

And if this wasn’t bad enough, the risk is actually two-fold. There are some attackers that will threaten to hold your website for ransom. In this case, they will perform a DDoS attack against a website and attempt to blackmail the company into paying them, in order for them to cease the attack.

In the case of Feedly, attackers are blackmailing the company and attempting to extort them in order to cease the DDoS attack on the website. At present, Feedly’s DDoS protection service provider is providing a splash page indicating the site is down, with a HTTP status code of 200 (request was fulfilled) or a 304, instructing your browser to use local cache. From an SEO standpoint, this is not ideal as search algorithms would see a change of content and see that the website is no longer authoritative for keywords that the site was previously indexed under, which will negatively impact search rankings. It remains to be seen as to how much longer this splash page will remain up and what impact it will have on Feedly’s SEO.

Browsers, such as Chrome, Firefox, etc. will also flag insecure or risky websites and that may scare away potential customers. It may take weeks of effort to get removed from blacklists and re-indexed.

Follow these steps to see if you should have DDoS protection in place or not:

  1. Calculate the cost of having your website down and use your worst case scenario which means, use your best revenue and/or busiest days of the year.
  2. Can you afford the cost from step 1 ?
  3. Have a plan in place based on the potential loss of step 1

The best way to avoid being effected by a DDoS attack is to have a plan in place—whether it is a hardware solution or a provider who offers DDoS protection services that can be up and running in as little as a few minutes in an ad-hoc solution. Or choose a solution that’s always on and there is no downtime should you come under attack.

In addition, it’s worth noting that some good DDoS protection services will offer a caching component that will allow bursts of legitimate traffic to your website without negatively impacting the server. Because it will automatically serve up the cached content, it keeps the website available to handle large amounts of requests with no disruption to your user base. So, make sure you do your research when choosing the best option for your website.

Bear in mind that, while you can get a protection service in an emergency situation, as with so many things, the best offense is a good defence, so businesses should make sure that they have a proactive DDoS solution in place to avoid disruption to your web presence.

By Jag Bains, CTO at DOSarrest Internet Security

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC