CASE STUDY: DOS DEFENSE

Major Online Stock Broker Turns to Verizon Business to Help Stop a Potentially Devastating DDoS Attack
Verizon Business Uses Cutting-Edge Solution to Mitigate a Major DDoS Attack and Defuse an Extortion Attempt
When a major online stock broker became the target of a potentially crippling DDoS attack and accompanying extortion demand, it turned to Verizon Business Security Solutions for a mitigation capability that would protect its business operations. DDoS Attacks: Bad for Business The costs of DDoS attacks can be immediate and substantial, and due to the interrelated nature of the Internet, the repercussions can extend far beyond the site being attacked. Estimates from Forrester, IDC, and the Yankee Group predict the cost of a 24-hour outage for a large e-commerce company would approach US$30 million. A spate of DDoS attacks against Amazon, Yahoo, eBay, and other major sites in February 2000 caused an estimated cumulative loss of US$1.2 billion, according to the Yankee Group. A 2004 DDoS attack against Authorize.Net, one of the Internets most widely used credit card processing services, overwhelmed the companys servers and shut down payment processing for its 90,000 business customers, resulting in millions of dollars in lost revenues.

Background
Distributed denial-of-service (DDoS) attacks are often the weapon of choice for would-be criminals who target Internet sites. And, as a major online stock broker found out, the threat of a DDoS attack can be the perfect tool for extortion. During legitimate web use, when a user accesses a website, a request is routed to the corresponding server to view the contents of a web page. However, web servers and supporting infrastructure (routers, rewalls, switches, circuits) can only process a maximum amount of tra c at a given time. Once this limit is reached, additional requests are unable to connect, preventing other visitors from accessing the sites services in a timely manner. In a DDoS attack, hackers may ood a website with a massive amount of requests from large numbers of computers. Under such an attack, the targeted web serversunable to di erentiate between legitimate and bogus requestssoon become overwhelmed, e ectively blocking user access to the email, nancial, or other online accounts and services normally available through the a ected Internet site. A DDoS attack can be so enormous that it completely overwhelms routers and network linkscrashing the location entirely and rendering it unavailable for all Internet use. Such attacks can be directed at virtually any company that has a web presence. But DDoS attacks are particularly devastating to companies that generate a signi cant portion of their revenue from online transactions. Damages from DDoS attacks can total millions of dollars in lost revenue for the a ected company, not to mention the losses in productivity and tarnished company reputations.

Challenge
For some time, a major online stock broker had been experiencing small DDoS attacks on a somewhat regular basis, but the disruptions to that point had been minimal. In an ominous development, the attacks suddenly became far more sophisticated in design and scale. Soon a notice arrived, demanding that a substantial monetary payment be made in order to stop the crippling attacks.

1 of 3

1 of 2

Basically, the way the extortion process works is that theres an attack that demonstrates the hackers capabilities, which is followed by a notice informing the company that it has 24 hours to make a payment to stop the attack, said Chris Hunsaker, Senior Product Development Manager in the Verizon Business Network-Based Security Services group. Or the notice will say that the company will be attacked unless it pays a ransom in advance. Needless to say, the threat to the online brokers business was potentially catastrophic. Finding a solution to the DDoS attacks and eliminating the extortion attempt became the companys top priority. A decision was quickly made to engage Verizon Business for a solution, in part because the broker was already a Verizon Business Internet services customer. While the existing relationship provided a good head start, the Verizon Business security team still faced a threefold challenge in solving the brokers security issues. First and foremost, the DDoS attacks on the brokers site had to be stopped. The attacks were causing the brokers clients to experience timed-out pages, slow loading times, and overall nonresponsiveness to user inquiries. Second, Verizon Business needed to restore the brokers ability to conduct business and generate revenue. As long as the site was subject to DDoS attacks, revenue and continued operations were at risk, in addition to the brokers business reputation. Finally, Verizon Business was tasked with establishing an ongoing standard defense solution to help the broker proactively mitigate future DDoS attacks.

Solution
Verizon Business immediately implemented its DoS Defense product to address the online brokers problems. DoS Defense uses a network-based mitigation solution to examine tra c before it reaches the customers location. If the tra c is legitimate, the packet is routed to the site. If a request is discovered to be malicious, it is blocked in the network, having never reached the customer location. In this particular situation, the broker was using Verizon Business for its Internet backbone, but was also using additional carriers to handle spill-over tra c. To combat the attacks, the broker elected to route all of its Internet tra c through Verizon Business. The tra c was scrubbed through the DoS Defense system, which enabled Verizon Business to stop the DDoS attack and restore the brokers ability to generate revenue. The rst two challenges had been successfully addressed. Verizon Business Security Solutions consultants immediately began working on the nal

challenge: providing a DDoS monitoring and detection capability that would allow the online broker to detect future attacks and respond with mitigation measures that could preserve normal business operations. DoS Defense o ers a monitoring and detection capability that constantly searches incoming tra c for the tell-tale signs of a DDoS attack. In the online brokers case, a warning system was put into place that gave the broker the ability to determine the extent of an attack and respond with the proper level of mitigationensuring that a large-scale mitigation e ort would not be wasted on an insigni cant attack.

2 of 3

DoS Defense also gave the broker the ability to independently blacklist or whitelist certain types of tra c, allowing the broker to terminate blacklisted tra c before it reached the brokers Internet site while allowing whitelisted tra c to always be permitted .

Results
With DoS Defense in place, the online broker was able to mitigate the DDoS attack and defuse the extortion threat. Not only were we able to restore the brokers revenue-generating capability, said Hunsaker, but DoS Defense has given the broker the ability to proactively defend against future DDoS attacks and reduce its exposure to future extortion attempts. In addition to DoS Defense, Verizon Business Security Solutions o ers customers assistance in developing business continuity plans. We o er a number of Professional Security services that help customers assess what their primary concerns are and assign the proper risk valuations, Hunsaker said. In addition to the DDoS services, we are able to help our customers understand what their particular risks are and identify steps they can take to more fully address service availability and revenue generation in their overall business continuity plan.

Why Verizon Business Security Solutions Powered by Cybertrust?

With more than 30 o ces around the world and an international sta well versed in information security requirements, Verizon Business was the ideal vendor to mitigate existing and future attacks against the online broker and its services. Verizon Business Security Solutions powered by Cybertrust o ers outsourced, co-sourced, or in-sourced customized services, depending on what ts best with a customers strategy, regulatory environment, technical needs, culture, and in-house competencies. Verizon Business will remotely monitor, make regular inspections and reviews, and even work alongside in-house sta to integrate security services.

Visit our website at www.verizonbusiness.com to learn more about Verizon Businesss products suite.

This case study is intended to be representative of a sample investigation only. The customer information and investigation details have been changed to maintain con dentiality, and the case study is based on a number of real life customer experiences. 2008 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizons products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its a liates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

PID# 12915 04/08

For more information, visit www.verizonbusiness.com.

3 of 3