lolloj - Fotolia
Denial-of-service, or DoS, attacks continue to set public- and private-sector organizations on edge. The largest recorded attack -- 1.7 TB of traffic -- hit a U.S.-based carrier in March 2018. With attackers driven by a combination of ideological and financial motives, enterprises across all verticals need to maintain a high level of awareness of trends and evolving attack profiles.
Recently, a long-tail DoS threat has started entering the conversation. Unlike distributed denial-of-service attacks, a long-tail DoS threat involves a light-volume breach that takes advantage of resource limitations across systems supporting multi-tiered applications. Instead of overwhelming a single server with a flood of traffic coming from multiple nodes, the long-tail DoS threat manipulates the service queues within a web application to interrupt processes and derail service.
How do DoS attacks target web apps?
Multi-tiered web applications are comprised of multiple process layers. The end user's request is initially received, typically via a web server that then queries back-end services. These services are often microservices that construct the requested content and send that data back to the user through the interface.
These multilayered applications rely on multiple systems and subsystems, each of which is potentially vulnerable to malicious traffic that can overwhelm its resources and disrupt service. While long-tail attacks are atypical of most DoS incidents today -- where the trend is to larger-bandwidth distributed attacks -- they can also be exceptionally hard to spot. Thus, some long-tail attacks could go undetected.
Application monitoring can be an important first defense against these and other application-layer attacks. Fine-grained application monitoring to look for anomalous bursts in metrics like CPU utilization and query traffic can be an early indicator of trouble.
With that said, attackers trying to use this model face a significant barrier to success. For a long-tail DoS threat to disrupt operations, the attacker needs to have a good understanding of the interrelationships between systems on which an e-commerce or other web application runs. This means knowing which systems to target and how much traffic is needed to generate bottlenecks that could stall application processes.
However, as hackers have proven time and again, motivated cyberattackers can outwit some of the most difficult challenges. So, while a long-tail DoS threat may not be high on your security list, enterprises need to understand the potential for that to change.
Dig Deeper on Network Security Monitoring
Related Q&A from Amy Larsen DeCarlo
Network traffic analysis has evolved to incorporate machine learning techniques that help identify network security threats in real time and expedite... Continue Reading
As they monitor and filter network traffic, some firewalls can provide some pretty advanced security controls. But added packet inspection can slow ... Continue Reading
As hybrid cloud adoption ramps up, businesses should consider hybrid cloud monitoring tools that provide network performance insight across the ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.