DDoS attack sizes and protecting your servers
Akamai has released its 2017 Q1 State of the Internet Security Report, which shows that the median size of DDoS attacks has trended downward since 2016.
This is due to an increase in the number of lower-bandwidth attacks.
The report uses data from the Akamai Intelligent Platform, and provides analysis and insight into the current cloud security and threat landscape.
The report includes a DDoS Attack Density and Bandwidth chart, which illustrates the number of attacks and the size of these attacks since 2015.
In January 2015, the median attack size was 3.9Gbps. By the end of March 2017, the median attack size had fallen to 520Mbps.
This decline was caused in part by an increase in the number of weekly attacks, the majority of which were smaller attacks.
Growth in the number of small attacks has a more significant effect on the median than the slower growth in the number of large attacks.
What the chart means
If an organisation has defences which can withstand 1.3Gbps of volumetric DDoS attack traffic directed at its infrastructure, then it should be able to withstand 75% of current DDoS attacks.
However, if the organisation’s uptime goals are such that it needs to withstand 95% of attacks, those defences would need to be able to absorb an attack of 5Gbps or more.
Even with this level of defence, it is important to note there are still a number of outliers. DDoS attacks generating more than 100Gbps of traffic are common enough to be a concern.