Published on: February 22, 2023
Safety Detectives recently interviewed Andrew Slastenov, Head of Web Security at Gcore. We asked him about the findings from their latest research on DDoS attacks, and how their platform in conjunction with more tools and best practices can help protecting your data.
You don’t know what a DDoS attack is? Well, it’s high time you discover how dangerous these cyber threats are and what are the best ways to prevent DDoS attacks.
What’s the story behind Gcore? How did you start, and how does your mission differ from others in your industry?
Gcore started as a CDN and hosting provider. These services were in demand by customers, but some were experiencing DDoS and web application attacks. It became clear that we needed to provide users with protection against malicious activity to offer them high performance and reliable services.
We started with using third-party solutions. Unfortunately, these solutions have difficulty scaling and integrating with Gcore Infrastructure. The volume of DDoS attacks was continuously growing, and we had to increase our costs for these solutions by 1.5 to 2 times per year. So we decided to develop our own protection solutions.
Two years ago, we started working on DDoS and Web Application Protection. The main goals for these new products were good integration with other Gcore services such as CDN and cloud services, an unlimited volume of traffic filtration, and simple scalability.
Since then, we have achieved all these goals. Developing new products allowed us to strengthen Gcore’s cloud services. Unlike many other providers, we now offer our customers a wide range of reliable and secure products for their work, from CDN, cloud, and hosting to security solutions.
What kind of cybersecurity services and products do you offer?
Our portfolio encompasses two primary areas of comprehensive cybersecurity solutions.
The first is Web Application Security. This helps customers secure their sites, web applications, and APIs. This solution includes protection for web services against DDoS attacks at the network (L3), transport (L4), and application (L7) layers, Bot Protection, and WAF (Web Application Firewall). All this together allows us to provide users with 360-degree DDoS protection for their web applications.
The second is DDoS Protection for servers and data centers. This solution protects customers from attacks at all levels, from L3 and L4 to L7.
With these two products, we can protect any customer’s infrastructure and applications.
And apart from your products, what are, in your opinion, the essential tools to prevent DDoS attacks and hacking threats?
While it is not possible to anticipate the timing or methods of a DDoS attack, it is important to note that implementing preventative measures and maintaining a robust incident response plan can help mitigate the impact of such an event.
This type of attack uses standard internet protocols, and the traffic generated to carry out an attack has no special characteristics that would make identification very easy. In order to effectively differentiate between malicious and benign packets, it is recommended to employ behavioral analysis methods in conjunction with deep packet inspection. In addition to implementing preventative measures, it is also crucial to ensure adequate network capacity to withstand a DDoS attack. For this reason, it is advisable for organizations to consider utilizing specialized DDoS protection services offered by external providers.
To mitigate the risk of hacking attempts, it is essential to implement and maintain industry-standard IT security protocols, such as implementing firewalls, utilizing a combination of detection and intrusion prevention systems, and continually monitoring network activity, as well as practicing security hygiene.
Would you say that your customers are mostly proactive or reactive when it comes to online security?
Mostly reactive. The thing is, a customer who has never suffered from security incidents usually doesn’t pay enough attention to protection. It’s difficult to explain to them how important it is to protect servers and web applications. But when the customer faces a DDoS attack or any other security incident for the first time, they understand the importance of protection and the need to set up these services. At this point, we provide them with protection solutions.
The proactive approach is more typical of large companies. They usually have serious security procedures in place and strict system security requirements. If they store personal user data or have critical infrastructure, they know that data theft or service inaccessibility will cost much more than protection solutions. That’s why they usually secure their infrastructure and applications in advance.
What are the most common and most dangerous myths about cybersecurity?
There are many myths, but let me mention the two I encounter most often in my work.
The first myth is that cybercriminals only attack enterprises. Small businesses often think DDoS and other attacks are targeted at large companies, such as major game publishers. That’s because these cases are reported in the news. No one writes about cyberattacks on small businesses, which gives these organizations a false sense of security. They think no one is interested in wasting time on them. But the reality is different.
It’s particularly easier for cybercriminals to attack small companies in all industries, from eCommerce and healthcare to GameDev and others. These businesses are the least protected against DDoS attacks, and they are the easiest to hack and get at data. That’s why they are more likely to be targeted by cybercriminals. I recommend not underestimating these risks and taking security measures in advance.
The second myth is that platforms and services from well-known providers are always reliable. For example, you use a telemedicine platform in your healthcare organization. Let us further assume that it is really well protected against hacker attacks. The problem is that, even then, it is vulnerable to DDoS attacks. These attacks do not target vulnerabilities, but overwhelm systems with large amounts of traffic.
At Gcore, we help our customers avoid these problems. Our DDoS Protection is based on a distributed network of traffic-cleaning centers around the world. We use them to block suspicious traffic before it reaches customers’ hardware. This solution is capable of mitigating multi-terabit-level attacks, which makes it suitable for both large and small businesses from all sectors, including FinTech, eCommerce, GameDev, and others.
What are the most common mistakes that users make in terms of online security and privacy?
The most common mistake is not following standard cybersecurity measures. All users in all organizations, small and large, must comply with them. The list of these measures is long, but I’ll just tell you the most important ones: don’t open suspicious links, don’t enter your personal information on suspicious websites, don’t use simple passwords, don’t install software from suspicious sources, and never open links you receive in emails unless you’re sure they come from a reliable source.
Also, I recommend that you always have a backup copy of all critical data so that you can restore it quickly in case of an incident.
Is there any recent cyberattack that has concerned you more than others?
It’s not any particular attack that worries me, but the annual increase in the volume of DDoS attacks by 1.5 to 2 times. According to our statistics from Gcore security services, the volume of DDoS attacks grew in 2022; the average attack increased to 1400 Gbps, and this growth continues in 2023. One reason for this is the rising number of IoT and 5G devices connected to the internet. Any of them can be hacked and become part of a botnet.
That’s why at Gcore, we developed DDoS protection based on a distributed network of 13 traffic-cleaning centers and 150+ points of presence around the world. Protection servers based on high-performance 3rd generation Intel® Xeon® Scalable processors. Regardless of the volume of attacks this year and in the future, we are ready for it.