Large Distributed Denial of Service (DDoS) attacks are in the news again following last weeks announcement that the Justice Department has indicted seven hackers associated with the Iranian government. This marks the first time the United States has charged state-sponsored individuals with hacking to disrupt the networks of key U.S. industries.

The indictment alleges that the suspects caused cyber mayhem, including coordinated DDoS attacks, in which hackers commandeered web servers around the world and used them to direct massive amounts of traffic to crash the commercial websites of 46 U.S. financial institutions, and break into a computer system of New York dam in an apparent attempt to disrupt its operation. The bank attacks occurred on a weekly basis affecting dozens of major institutions leaving hundreds of thousands of customers unable to access their bank accounts online.

DDoS attack imageAnd like the 2009 hijacking of the U.S. container ship Maersk Alabama (Captain Phillips) by a crew of Somali pirates, later rescued by the U.S. Navy, these recent attacks beg the question – Should the U.S. government take action in protecting U.S. banks and critical U.S. infrastructure from state-sponsored attacks?

Hello Federal Government ! …. Why not use Software Defined Perimeters that have been tested and proven to stop all forms of network attacks including DDoS, Man-in-the-Middle, credential theft, as well as Advanced Persistent Threats (APT).

In the case of DDoS, the Software Defined Perimeter (SDP) is a new solution being proven by early adopters such as Coca Cola, Mazda and the DHS who have enormous financial and brand reputation interest in preventing and removing the risk of being impacted by DDoS attacks.

Today’s anti-DDoS solutions are dealt with at layer3 and layer4 of the network stack using various packet filtering and load-balancing techniques. These solutions deny access to packets including all legitimate ones thereby denying access to legitimate business transactions. This greatly impacts normal business operations and increases the risk of the business to failures.

For the first time ever, SDPs combine and integrate on-device authentication, identity-based access, and dynamically provisioned connectivity to hide critical applications from hackers. The SDP is particularly relevant for DDoS as they are able to prevent the attack and not disrupt IT operations and network access since all legitimate users continue to be authenticated and allowed access. To learn more about the emergence of the Software Defined Perimeter, check out our new white paper.

Stay tuned and watch this space for additional guidance on SDPs and digital risk management services.