Radware's Annual Global Application & Network Security Report Warns of
Increased Severity and Sophistication in DoS/DDoS Attacks
Organizations at Greater Risk in 2014 as Attackers Develop Faster Responses to
New Mitigation Tools, Resulting in Detrimental Service Degradation and Outages
MAHWAH, N.J., Jan. 27, 2014 (GLOBE NEWSWIRE) -- Radware^®(Nasdaq:RDWR), a
leading provider of application delivery and application security solutions
for virtual and cloud data centers, today announced the release of its 2013
Global Application and Network Security Report. The annual report indicates
that Distributed Denial of Service (DDoS) attacks will continue to be a
serious issue in 2014 – as attackers become more agile and their tools become
more sophisticated. In 2013, increasingly widespread DDoS attacks have led to
detrimental service outages and service degradation, critically impacting
revenue, overall customer satisfaction and brand perception. The report also
reveals that attackers have become faster in defeating newly deployed
Radware's Emergency Response Team (ERT), which actively monitors and mitigates
attacks in real-time, developed the report - delivering an important analysis
of DoS/DDoS attacks from both an enterprise and technical perspective, and
provides best practices to inform and help organizations combat network
assaults. The 2013 report was compiled using data from over 300 cases handled
by Radware's ERT in 2013, a vendor-neutral security industry survey conducted
by the ERT, and the newly added Executive Survey consisting of personal
interviews with 15 high-ranking security executives.
"Our report indicates that DoS/DDoS attacks have increasingly become the tool
of choice for cyber-hackivists groups and will continue to wreak havoc on
organizations," says Avi Chesla, chief technology officer at Radware.
"Eighty-seven percent of our respondents encountered service level issues from
these style of attacks. The negative impact of a service outage is already
understood, but even small instances of service degradation can have harmful,
lasting effects on an organization's brand image, customer satisfaction and
ultimately its bottom line."
Key findings from the report include:
*Service Degradation is Enough to Interrupt Business. Sixty percent of
survey respondents stated they experienced service degradation due to
attacks in 2013. While it might not seem as detrimental as a complete
shutdown, studies show that 57 percent of online consumers will abandon a
site after waiting three seconds for a page to load and 80 percent of
those people will not return. For service-based organizations, this can
result in immediate revenue loss.
*Attackers (Quickly) Strike Back. Attackers are increasingly adapting and
defeating new defense protocols implemented by organizations through the
use of new attack vectors. Using HTTP flood attacks and tools like "Kill'
em All," attackers are dramatically shortening the mitigation cycle –
sometimes to a matter of hours after resources have been deployed.
*DoS/DDoS Attacks Leave a Path of Destruction. While powerful attacks
occurred in 2011 and 2012, the overall intensity of the attacks and the
percentage of such attacks with high risk have increased over the last
several years. DDoS attacks increased in severity by 20 percent in 2013,
according to Radware's DoS/DDoS Risk Score assessment.
*The Industry 'Hit List' Expands. The financial services industry joins
government organizations as the sectors with the highest risk of attacks.
Risk for financial services increased due to hacktivist groups performing
DDoS attacks – like the continuation of Operation Ababil and those on
several BitCoin exchanges – not only for destructive purposes, but also to
simultaneously mask other intrusions leading to fraudulent activities.
Risks of attacks to web hosting companies and Internet Service Providers
also increased in 2013.
*New Attack Vectors, One Dangerous Commonality. Survey results showed that
DNS attacks are now the second most frequent attack vector organizations
are fighting, behind DoS/DDoS. These are appealing to attackers due to
their ability to generate massive traffic with limited resources and
multi-layer architecture that makes tracing the assailants nearly
impossible. In addition to DNS attacks, other attack vectors also emerged
as significant issues for organizations. Encrypted application-based
attacks made up 50 percent of all web attacks. Web application login pages
were hit on a daily basis for 15 percent of organizations.
"Attacks in 2014 are not slowing down. In fact, organizations need to take
action now to prepare their networks – particularly in the financial and
government sectors," added Chesla. "The results of this report are a call to
action, and the best way to fight back against cyber attacks is to be prepared
and engage the support of cyber security experts."
Radware's ERT recommends the following steps to anticipate and mitigate
*Speed up mitigation time. Organizations need to ensure that they can
detect attacks and deploy mitigation solutions in the shortest time
*Prepare blanket coverage. With multi-vector DoS/DDoS attacks becoming more
prevalent, organizations need to invest in wider attack coverage that can
detect and protect against attacks of any type and size.
*Establish a single point of contact. Having either an internal security
team employed with DoS/DDoS experts or an external emergency response team
who can help choose the correct mitigation options is crucial for
organizations in case of an attack.
To download the complete 2013 Global Network & Application Security Report,
which includes the ERT's recommendations for how organizations can best
prepare for mitigating cyber threats in 2014, please visit
Blog post: http://blog.radware.com/security/2014/01/2013-ddos-market-review/
About the Radware Emergency Response Team (ERT)
Radware's ERT is a group of dedicated security consultants who are available
around the clock.As literal "first responders" to cyber attacks, Radware's
ERT members gained their extensive experience by successfully dealing with
some of the industry's most notable hacking episodes, providing the knowledge
and expertise to mitigate the kind of attack a business's security team may
never have handled.Through the report, the ERT reveals how their
in-the-trenches experiences fighting cyber attacks provide deeper forensic
analysis than surveys alone or academic research.
About the 2013 Global Network & Application Security Report
Radware's annual Global Application & Network Security Report provides insight
into network security trends with a specific focus on DoS/DDoS attacks.
Intended for the entire security community, this research is designed to
deliver a comprehensive and objective summary of network security events and
DoS / DDoS attacks that took place in 2013, with an analysis of attack types,
trends and mitigation technologies.Altogether, the report draws its
information from three sources: Radware's Security Survey, Radware's Security
Executive Survey and key security cases from Radware's Emergency Response
Radware (Nasdaq:RDWR), is a global leader of application delivery and
application security solutions for virtual and cloud data centers. Its
award-winning solutions portfolio delivers full resilience for
business-critical applications, maximum IT efficiency, and complete business
agility. Radware's solutions empower more than 10,000 enterprise and carrier
customers worldwide to adapt to market challenges quickly, maintain business
continuity and achieve maximum productivity while keeping costs down. For
more information, please visit www.radware.com.
Radware encourages you to join our community and follow us on; LinkedIn,
Radware Blog, Twitter, YouTube, Radware Connect app for iPhone^® and our new
security center DDoSWarriors.com that provides a comprehensive analysis on
DDoS attack tools, trends and threats.
©2014 Radware, Ltd. All rights reserved. Radware and all other Radware product
and service names are registered trademarks or trademarks of Radware in the
U.S. and other countries. All other trademarks and names are property of their
This press release may contain statements concerning Radware's future
prospects that are "forward-looking statements" under the Private Securities
Litigation Reform Act of 1995. Statements preceded by, followed by, or that
otherwise include the words "believes", "expects", "anticipates", "intends",
"estimates", "plans", and similar expressions or future or conditional verbs
such as "will", "should", "would", "may" and "could" are generally
forward-looking in nature and not historical facts. These statements are based
on current expectations and projections that involve a number of risks and
uncertainties. There can be no assurance that future results will be
achieved, and actual results could differ materially from forecasts and
estimates. These risks and uncertainties, as well as others, are discussed in
greater detail in Radware's Annual Report on Form 20-F and Radware's other
filings with the Securities and Exchange Commission. Forward-looking
statements speak only as of the date on which they are made and Radware
undertakes no commitment to revise or update any forward-looking statement in
order to reflect events or circumstances after the date any such statement is
made. Radware's public filings are available from the Securities and Exchange
Commission's website at www.sec.gov or may be obtained on Radware's website at
CONTACT: Corporate Media Relations:
Brian T. Gallagher
+1 201 785-3206 (office)
+1 201 574-3840 (cell)
Press spacebar to pause and continue. Press esc to stop.