Reimagining Defense: The X Factor in Battling Web DDoS Attacks

The Story of the 16-Year-Old in His Basement

In the network security field, DDoS attacks have always been around. There is a myth going around, that the person behind the first ever DDoS attack, was in the 70s with a teenager playing around on a computer. He apparently managed to shut down a server after sending towards it a bulk of problematic requests. We might never know the truth behind this story but what we do know, is DDoS attacks no longer look like that. And as for the attackers, they are much closer to well-seasoned political hacktivists than bored teenagers in the 70s.

The World Has Changed

Evidently, we can say that when it comes to DDoS attacks, everything that we used to know has changed. The motives, the tools, the scale and even the profile of the attackers. The misconception that a DDoS attack is one of the simplest modes of attack on the network layer, is fading. Today hackers understand that simple vector DDoS attacks are no longer having impacts on the organizations they are trying to bring down. Attack tools have to be innovative, more complex and extremely sophisticated.

On that quest to find the latest brand of DDoS attacks with the most malicious impact on an organization, came the surge of Web DDoS attacks. Some say that after hackers exploited the network layer, they decided to move on to DDoS threats on the application layer. Others will say that inventing this new bread of attacks puts certain players on the map and attracts the fame they are constantly searching for. But one thing is clear: the web DDoS attacks have brought the attackers to a gray area filled with vulnerabilities.


The Gray Area

All of us are familiar with the OSI model. We understand that each layer has its specific threats. This understanding led cybersecurity models to secure separately each layer with a different strategy and protection. That worked very well for a long time. And then came the web DDoS attacks.

DDoS attacks are traditionally targeting the network layer with massive traffic and therefore a protection is deployed in the same layer to protect from the scale. Web attacks are targeting the application layer with small-scale attacks and protection such as WAF are deployed in the same layer. So, what happens when a large-scale attack with millions of RPS targets the application layer? The WAF cannot handle the scale that a DDoS solution is usually equipped to work with, and the DDoS solution protecting the network layer is completely futile since it is not in the right place. This is the gray area. Attackers have achieved an important task which is finding a vulnerability where appropriate protections are simply absent.

The Price of Panic

Like with any emerging surge of attacks that is threatening the availability of services to many organizations globally, it wreaked havoc. And where there’s panic there is bad decision making. Cyber security firms tried to tackle this new threat and provide protection. But with these types of attack not being well known, and the scale that could reach several million RPS, the protections that were available came at a very high cost. The price to pay for immediate protection was legitimate users’ experience. The solutions could not identify the malicious requests from the legitimate ones since they were so similar and ended up blocking sometimes over half of the legitimate users during an attack. While it might be acceptable to block legitimate users under attack simply based on hoping for their understanding, most organizations will not settle for that. Especially when those attacks can hit on a weekly or daily basis.

The X Factor

The web DDoS attacks require security experts to rethink the way they protect their assets. The roles of WAFs and DDoS solutions are now intertwined more than ever and need to be working together facing this threat. Most importantly, in light of the similarity between malicious and legitimate web transactions, a solution differentiating between the two whiles being able to withstand the scale, is essential to preserve users and their experience. A solution able to do that will make the entire difference, the next time you are under a Web DDoS attack.

Eva Abergel

Eva is a Product Marketing Manager in Radware’s network security group. Her domain of expertise is data center protection, where she leads positioning, messaging and product launches. Prior to joining Radware, Eva led a Product Marketing and Sales Enablement team at Elmo Motion Control - a global robotics company - and worked as an engineer at Intel. Eva holds a B.Sc. degree in Mechatronics Engineering from Ariel University and an Entrepreneurship Development certificate from the York Entrepreneurship Development Institute of Canada.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center