The Most Comprehensive DFIR Event of the Year: SANS DFIRCON! Save $200 thru 10/3.


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS Announces Results of Its 2014 Survey on Distributed Denial of Service (DDoS)

Enterprises Not Prepared to Mitigate DDoS Attacks; Deficiencies Center on Reliance on Production Infrastructure and Failure to Test Processes and Controls

  • Bethesda, MD
  • March 17, 2014

SANS announces results of its 2014 Survey on Distributed Denial of Service (DDoS), sponsored by Corero Network Security, in which 378 IT professionals answered questions about their experience with DDoS attacks and their ability to protect their assets.

"DDoS attacks are affecting every sector," says Deb Radcliff, executive editor of the SANS Analyst Program. "They are no longer solely based on volume, they are also targeting applications and managing to deny service on those applications."

In fact, the weighted averages of survey responses indicate that enterprises experience 4.5 DDoS events per year that span a bandwidth of 1.7 GB, last 8.7 hours, and cause costly outages lasting 2.3 hours for enterprises.

According to John Pescatore, SANS director of emerging security trends and the author of this survey, "Too many enterprises are not prepared to deal with DDoS attacks."

In the survey, 39% of respondents either didn't have a DDoS mitigation plan or were unaware of one existing for their organization. Of those who do have a plan, only 50% have ever tested that plan.

The survey uncovered several deficiencies. Pescatore continues, "Common deficiencies we found were relying on the production infrastructure to protect itself and failing to regularly test dedicated DDoS mitigation processes and controls when they were in place."

Other results determine the most valued factor in a DDoS mitigation solution to be preventing damage to specific applications, followed by preserving bandwidth and handling high-volume attacks. These choices reflect the concern to protect against accidentally interrupting legitimate business sessions. Fully automated solutions that require little to no human intervention were not in demand.

Results and insights surrounding DDoS and mitigation techniques will be released during a webcast on Thursday, March 20, at 1 PM EST. To register for the complimentary webcast please visit:

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by John Pescatore.

The SANS Analyst Program,, is part of the SANS Institute.

Tweet this:
DDoS Taking Their Toll on Enterprises--SANS survey results released 3/20! Register here:

About Corero Network Security

Corero Network Security, an organization's First Line of Defense(R) against DDoS attacks and cyber threats, is a pioneer in global network security. Corero products and services provide Online Enterprises, Service Providers, Hosting Providers and Managed Security Service Providers with an additional layer of security capable of inspecting Internet traffic and enforcing real-time access and monitoring policies designed to match the needs of the protected business. Corero technology enhances any defense-in-depth security architecture with a scalable, flexible and responsive defense against DDoS attacks and cyber threats before they reach the targeted IT infrastructure allowing online services to perform as intended. For more information, visit

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (