Quantifiable benefits of Proactive DDoS Defense - A NETSCOUT- Forrester Total Economic Impact Study - Vinay Sharma, Regional Director, India & SAARC, NETSCOUT
Distributed denial of Service (DDoS) attacks are volumetric attacks against a product or service with the objective of disrupting normal traffic. These attacks overwhelm the target system or resource with a huge flood of internet traffic. According to a Forrester survey, DDoS attacks accounted for 24 percent of all external attacks in 2019. Large DDoS attacks surpass 1TB per second, 500 million packets per second, or 20 million requests per second. These attacks last anywhere from minutes to weeks.
The modern-day DDoS attacks are more complex and they are of three types. The first is the volumetric one which floods the internet-facing circuits with illegitimate traffic. The other two are the State-exhaustion and Application layer, where each uses a different set of attack vectors and the objectives vary too.
Challenges with traditional DDoS protection devices
ISP and firewalls are inadequate for DDoS protection. ISP will not be able to detect and stop smaller, short-lived volumetric attacks, state exhaustion, and especially application layer attacks before the damage is done.
Firewalls offer only limited DDoS protection and impact the performance of more important functionality, such as SSL throughout the Layer-7 inspection, SSL decryption, and VPN termination. A firewall will not be able to intelligently communicate with a cloud-based scrubber solution for the mitigation of large DDoS attacks.
Furthermore, with the availability of cheap DDoS attack tools and services, organizations are increasingly becoming targeted for DDoS attacks.
NETSCOUT Omnis AED
Organizations require dedicated DDoS protection that can automate mitigation not just improve times to detect and defend against sophisticated cyber-attacks. Additionally, a DDoS solution should be able to mitigate traffic based on indicators of compromise (IoC), so that illegitimate traffic cannot get through prior to re-routing and mitigation being triggered.
The NETSCOUT Omnis AED device is the appropriate solution for DDoS protection. It is an automated, on-premises network security appliance deployed at the network perimeter between the internet router and firewall that also has an automated ability to connect to the cloud for hybrid DDoS protection. Omnis AED offers scalable stateless packet-processing technology that proactively blocks DDoS attacks by inspecting each packet at the network edge. Additionally, Omnis AED can fully integrate into an organization’s existing security stack and processes.
Total Economic Impact™ (TEI) study and key findings
NETSCOUT commissioned Forrester Consulting to conduct a TEI study and examine the potential return on investment (ROI) enterprises may realize by deploying Omnis AED.
Prior to using Omnis AED, these interviewees noted how their organizations had no dedicated DDoS protection tools or services in place. Interviewees described basic edge firewall defense on servers and systems, application security tools like network monitoring services, and use of block lists through their internet service providers for DDoS protection within their security environments.
After the investment in NETSCOUT Omnis AED devices, interviewees’ organizations had an on-premises solution that provided greater visibility into network traffic through the stateless packet processing technology and contextual threat intelligence with the connected intelligence feeds. Interviewees reported the solution proactively mitigated DDoS attacks, which reduced potential business loss, improved efficiency for security and network teams for application support and report creation, and shortened the time to detect and mitigate threats.
Risk-adjusted present value (PV) quantified benefits
- Improved DDoS protection, which provided proactive defense against business losses
- Increased operational user productivity, which saved network engineers and security analysts more than 2,000 hours in total
- Improved time to detect and respond, which saved security engineers 144 hours
Unquantified benefits
- Improved application uptime through automated traffic filtering
- Improved compliance and governance
- Improved peace of mind and brand reputation
Risk-adjusted PV costs include
- Hardware and subscription costs totaling more than US$1.7 million over three years
- Implementation costs totaling more than US$30,000 over three years
The decision-maker interviews and financial analysis found that a composite organization experiences benefits of US$5.04 million over three years versus costs of US$1.67 million, adding up to a net present value (NPV) of US$3.37 million and an ROI of 201%.