Denial-of-service, or DoS, attacks continue to set public- and private-sector organizations on edge. The largest...
recorded attack -- 1.7 TB of traffic -- hit a U.S.-based carrier in March 2018. With attackers driven by a combination of ideological and financial motives, enterprises across all verticals need to maintain a high level of awareness of trends and evolving attack profiles.
Recently, a long-tail DoS threat has started entering the conversation. Unlike distributed denial-of-service attacks, a long-tail DoS threat involves a light-volume breach that takes advantage of resource limitations across systems supporting multi-tiered applications. Instead of overwhelming a single server with a flood of traffic coming from multiple nodes, the long-tail DoS threat manipulates the service queues within a web application to interrupt processes and derail service.
How do DoS attacks target web apps?
Multi-tiered web applications are comprised of multiple process layers. The end user's request is initially received, typically via a web server that then queries back-end services. These services are often microservices that construct the requested content and send that data back to the user through the interface.
These multilayered applications rely on multiple systems and subsystems, each of which is potentially vulnerable to malicious traffic that can overwhelm its resources and disrupt service. While long-tail attacks are atypical of most DoS incidents today -- where the trend is to larger-bandwidth distributed attacks -- they can also be exceptionally hard to spot. Thus, some long-tail attacks could go undetected.
Application monitoring can be an important first defense against these and other application-layer attacks. Fine-grained application monitoring to look for anomalous bursts in metrics like CPU utilization and query traffic can be an early indicator of trouble.
With that said, attackers trying to use this model face a significant barrier to success. For a long-tail DoS threat to disrupt operations, the attacker needs to have a good understanding of the interrelationships between systems on which an e-commerce or other web application runs. This means knowing which systems to target and how much traffic is needed to generate bottlenecks that could stall application processes.
However, as hackers have proven time and again, motivated cyberattackers can outwit some of the most difficult challenges. So, while a long-tail DoS threat may not be high on your security list, enterprises need to understand the potential for that to change.
Dig Deeper on Network Security Monitoring
Related Q&A from Amy Larsen DeCarlo
Several methods and metrics measure network performance and throughput. But IT needs to gauge these measurements on a consistent basis to avoid major... Continue Reading
When undertaking network performance troubleshooting, organizations can benefit from a mix of passive and active network traffic monitoring to ... Continue Reading
From cabling to capacity issues, IT professionals need to consider all possibilities when rooting out the underlying cause of network performance ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.