Vinay Sharma, Regional Director, India and SAARC, NETSCOUT

Vinay has nearly 2 decades of vast professional experience and functional knowledge across Sales and Marketing domains in the IT networking industry to his current role as the Regional Director (Enterprise), India and SAARC at NETSCOUT.  He has held several leadership positions in leading IT/ITeS companies during the span of his career.  Vinay’s areas of expertise cover, Business Alliances, Managed Services, Enterprise Software, Business Development and Partner Management.  For over 4 years, Vinay held this position at NETSCOUT and is responsible for Sales and Business Development functions at the organisation. Equipped with an MBA from Birla College, Vinay is adept at Sales and Marketing functions in addition to Vendor and Partner Management.

 

In this new era of ‘online everything’ and the permanently altered digital landscape, businesses are staying connected to their employees, students are continuing their online learning and e-commerce sites are busier than ever.  Thanks to the commitment of key platforms and deployment of world-class engineering skills for making these work round-the-clock.

However, no function is without challenges. With an increase in digitally and remotely connected devices, there is a boom in the cybercrime economy with DDoS (Distributed Denial of Service) attacks being very prevalent.  These attacks are malicious attempts to prevent regular traffic to reach its destination, such as servers and networks by overwhelming them with a flood of internet traffic.  Attackers are leveraging advanced techniques in their attempts and legitimate users are not able to access the network.

In fact, the year 2020 has been a record-breaking year for DDoS attacks with a huge impact on the global digital infrastructure leading to a loss in sales and customers, decreased productivity in addition to brand damage. This clearly indicates the Covid-19 impact on the DDoS attack activity.  Pandemic lifelines, healthcare and education sectors also experienced increased attention from threat actors. There was a significant increase in demand for DDoS protection services from enterprise customers with the shift to remote work and online collaboration services.  

The complexity of DDoS attacks further add to the challenges

Traditionally, only e-commerce, net banking or a typical branding webpage were primary targets, making news headlines that the sites were down for a couple of hours. But today no industry vertical, be it, BFSI, Enterprise, IT/ITeS, E-commerce or any Government organisation, is free from DDoS attacks.  It is done to cripple the workflow of an organisation. Employees are not able to access critical applications, which are required for day-to-day operations, as these productivity tools and remote access processes are getting targeted.

DDoS is being used for smokescreen attacks for stealthily gaining otherwise privileged access to critical data on the network and exfiltrating the data, after diverting the attention of the security team.  When the IT and Security teams are more focused on a high volume of DDoS attacks in an attempt to mitigate them, the actors sneak into the network, plant malware or try to do some lateral movement and exfiltrate specific critical data. Most of the time, it is for financial reasons these extortion attacks are made on both organisations and individuals, with a DDoS incursion threat, until the extortion amount is paid.

DDoS mitigation has to address advanced threats and provide ongoing protection

In this changing IT landscape, it is very important to do comprehensive planning for DDoS mitigation that will lead to the efficient, flawless working of the IT network of an organisation of any size. The response mechanism, using the advanced methods to counter the challenges should be in place. Although organizations are adding additional VPN capacities to gateways, more horsepower to the servers, some critical aspects are to be considered. It is important to ensure attackers do not enter VPN gateways with guessable names that are commonly being used and bring down the workforce productivity.  At the outset, organizations should adopt best practices.  There should be in clear understanding and definition of the various critical and non-critical resources that are exposed to the internet and be brought under the active protection umbrella.  With organizations migrating to the cloud, those applications in the cloud, on-premises, hybrid cloud or mixed environment should have comprehensive protection.  Businesses should not completely rely on cloud-based DDoS protection providers but have in-house capabilities to protect against even sophisticated attacks that are low volume and slow.  Perimeter-based DDoS protection is also critical.   Doing a deep analysis of the attack will provide the required visibility and support in putting all the necessary controls in place. Global threat intelligence is key to protecting the enterprise infrastructure from advanced DDOS attacks that have seen their footprint elsewhere. During this changing IT landscape, it is critical that the solution adopted should provide protection for all assets and workloads in a distributed environment. 

Going forward, with a sizable percentage of the global workforce likely to make some form of remote work permanent, it is crucial to defend organizations by keeping all inbound and outbound threats at bay.

Related Articles