Corero Network Security has released a DDoS trends and analysis report revealing the current nature of DDoS attacks and what it means for the threat landscape. The report compiled data from Corero Network's hosting, data centre, internet service provider, and online enterprise customers, which was then analysed in their Security Operations Centre (SOC).

Two new DDoS trends were uncovered by the customer data. The first revealed that attacks more often come in short bursts of malicious traffic, rather than prolonged events, as previously was common. In fact, nearly all attacks analysed were less than 30 minutes long, and averaged about four attack attempts per day. This is bad news for businesses that rely on out of band defences or anti-DDoS scrubbing, which generally take over an hour to successfully thwart an attack.

Secondly, whereas attacks would previously flood networks (originating the term Denial of Service), almost 80 percent now come in the form of partial link saturation attacks, using under 5Gbps in peak bandwidth. Attacks such as these intend to distract corporate security teams while leaving enough bandwidth available for subsequent attacks, infiltrating the vulnerable network, the analysis shows.

“More recently these attacks have become increasingly sophisticated and multi-vector in nature, overcoming traditional defence mechanisms or reactive countermeasures,” Dave Larson, CTO of Corero Network Security, wrote in an email to “There is a growing need for protection that will properly defeat DDoS attacks at the network edge, and ensure the accessibility required for the internet-connected business, or the internet providers themselves.”