Traditional Defenses Fail to Mitigate DNS, DoS Attacks: F5 Survey Finds
Attackers are increasingly hitting networks and applications while organizations are struggling to mitigate the effects of the attack using traditional defenses, according to the latest survey from F5 Networks.
About a third of the respondents of the survey of senior IT managers in 1,000 organizations around the world said that traditional defenses were not able to protect against complex blended threats, F5 Networks said in a report released Nov. 7. The "most worrisome" threat reported by the IT managers was that existing defenses had trouble defending against four out of the top five types of attack, according to the report.
Attacks are getting more difficult and expensive to defend, Alan Murphy, senior technical marketing manager for F5 Networks, told eWEEK. Domain Name Server (DNS) attacks were the most frequent type of attacks faced by organizations, the most difficult to defend against and had the highest impact on enterprises, the survey found.
"There haven't been a lot of changes in the DNS architecture since it was originally designed," Murphy said. DNS attacks included denial of service, domain spoofing and cache poisoning to divert users to malicious sites, according to Murphy.
Other types of attacks that were difficult for enterprises to defend against included network-layer denial-of-service attacks, improperly accessing encrypted data, misconfigured systems and application layer denial-of-service attacks, according to the survey. Adversaries were increasingly launching cross-site scripting, SQL injection, cross-site request forgery and directory traversal attacks against organizations, the survey found.
About 38 percent of the survey respondents said traditional defenses performed less than "somewhat well" in protecting against complex, blended threats, F5 said. More than half, or 53 percent, of the respondents also said there was a network performance impact from these security safeguards.
Traditional defenses "fall short" because threats are constantly evolving, according to Murphy. About 42 percent of the survey respondents said a firewall failed during a network-layer denial-of-service attack in the past 12 months, according to F5 Networks. About 36 percent claimed the firewall failed during an application-level denial-of-service attack.
All the organizations that were breached in the survey claimed to have suffered some kind of loss, including stolen funds and data, regulatory fines, loss of customer trust, lost revenue and lost productivity. Organizations typically lost $682,000 in the past 12 months, Murphy said.
Just encrypting the data was not sufficient, since organizations needed to control how the data was being accessed, Murphy said. Toward that end, 92 percent of the survey participants said they consider application delivery controllers (ADC) an appropriate alternative to traditional security products, F5 Networks found. According to survey results, 74 percent said they are deploying ADCs for application security and about the same number are implementing them for access control. Approximately 64 percent rely on ADCs for traffic-inspection-based security, the survey found.
Organizations need to have context to understand network traffic. To be able to properly deliver applications on the network, the IT department has to know who is accessing the network or data, from where it is being accessed and what kind of device is being used, he said.
In the case of a denial-of-service attack on a DNS server or on the network, it is hard to mitigate if the IT department can't correlate the various streams and identify them as part of a single attack, Murphy said.