The only way to stop DDoS attacks against enterprise VPNs is to implement an intelligent DDoS mitigation solution that operates in a stateless or semi-stateless manner. Credit: Netscout It seems as if each day brings more harrowing stories about DDoS attacks that have been waged against enterprises, with each attack seemingly lasting longer and costing more than the ones before. There’s almost a tendency to view the bad actors who wage these DDoS attacks as masterminds of new technology and strategies for bringing down the networks of global enterprises.In reality, however, many of the DDoS attacks waged against enterprises target components that have long been a part of the network—things such as virtual private network (VPN) devices, firewalls, load balancers and other edge devices. Such devices contain state information used to route and manage traffic. This makes them susceptible to DDoS attacks. More specifically, state exhaustion DDoS attacks which are designed to fill finite sized state tables with illegitimate connections – ultimately denying legitimate connections access to the services behind them.According to NETSCOUT’s 1H 2021 Threat Intelligence Report, more than 41,000 DDoS attacks were leveled against commercial VPNs in the first half of the year. With this level of threat, it’s vital for enterprises to understand why bad actors target VPNs and what can be done to stop such attacks.Severing a needed connectionAs the pandemic has forced companies to support work-from-home (WFH) and other remote-work initiatives, those enterprises increasingly have turned to VPNs to link remote workers to corporate resources. At the same time, cyberattacks have increased DDoS attacks against VPNs—for several reasons.Such attacks disconnect users from their organization’s online assets, and they also serve to prevent security teams from responding to these and other types of cyberattacks. But the pandemic also forced enterprises to expand digital services to customers and vendors, massively expanding the potential impact of an attack against the corporate VPN.According to NETSCOUT’S Worldwide Infrastructure Security Survey (WISR), cybercriminals know that corporations are more exposed while employees are working remotely, which provides the only motivation they need to launch targeted DDoS attacks against VPNs and other stateful devices. In fact, 83 percent of WISR enterprise respondents reported DDoS attacks targeting firewalls and/or VPN devices contributed to a service outage—an increase of 21 percent from 2019.The solution: intelligent, stateless mitigationThe only way to stop DDoS attacks against enterprise VPNs is to implement an intelligent DDoS mitigation solution that operates in a stateless or semi-stateless manner and integrates the following features:Predominantly uses stateless packet processing technologyWhen stateful inspection is required, make use of an ephemeral challenge to determine the legitimacy of the connectionIs deployed on customer premises, northbound of firewall, VPN gateway, and other stateful devicesEasily integrates into the cybersecurity stackTo learn more about the inherent weaknesses of stateful devices such as VPNs, read our white paper Enemy of the State: Why DDoS Attacks Against Stateful Devices Have Massively Increased—and What to Do About It, or contact us today. Related content brandpost Sponsored by Netscout How to Avoid Getting Crushed Under a Tidal Wave of Traffic Systems with resilience, scale, and a multilayered defense can stop multipurpose application-layer DDoS attacks. By NETSCOUT Mar 09, 2023 4 mins DDoS brandpost Sponsored by Netscout Is Your XDR Strategy Incomplete? Why you can’t have XDR without NDR. By NETSCOUT Mar 07, 2023 5 mins Security brandpost Sponsored by Netscout How 3 Tools Can Revitalize Your Security Strategy Focus on visibility to improve your security posture. By NETSCOUT Mar 07, 2023 4 mins Security brandpost Sponsored by Netscout Protecting the Edge Is More Important Than Ever NETSCOUT’s Omnis Arbor Edge Defense Earns Security Today’s 2022 CyberSecured Award By NETSCOUT Mar 07, 2023 2 mins DDoS PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe