Join us for the FREE Cyber Defense Forum | Live Online on October 9


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS Announces Results of Its 2014 Survey on Distributed Denial of Service (DDoS)

Enterprises Not Prepared to Mitigate DDoS Attacks; Deficiencies Center on Reliance on Production Infrastructure and Failure to Test Processes and Controls

  • Bethesda, MD
  • March 17, 2014

SANS announces results of its 2014 Survey on Distributed Denial of Service (DDoS), sponsored by Corero Network Security, in which 378 IT professionals answered questions about their experience with DDoS attacks and their ability to protect their assets.

"DDoS attacks are affecting every sector," says Deb Radcliff, executive editor of the SANS Analyst Program. "They are no longer solely based on volume, they are also targeting applications and managing to deny service on those applications."

In fact, the weighted averages of survey responses indicate that enterprises experience 4.5 DDoS events per year that span a bandwidth of 1.7 GB, last 8.7 hours, and cause costly outages lasting 2.3 hours for enterprises.

According to John Pescatore, SANS director of emerging security trends and the author of this survey, "Too many enterprises are not prepared to deal with DDoS attacks."

In the survey, 39% of respondents either didn't have a DDoS mitigation plan or were unaware of one existing for their organization. Of those who do have a plan, only 50% have ever tested that plan.

The survey uncovered several deficiencies. Pescatore continues, "Common deficiencies we found were relying on the production infrastructure to protect itself and failing to regularly test dedicated DDoS mitigation processes and controls when they were in place."

Other results determine the most valued factor in a DDoS mitigation solution to be preventing damage to specific applications, followed by preserving bandwidth and handling high-volume attacks. These choices reflect the concern to protect against accidentally interrupting legitimate business sessions. Fully automated solutions that require little to no human intervention were not in demand.

Results and insights surrounding DDoS and mitigation techniques will be released during a webcast on Thursday, March 20, at 1 PM EST. To register for the complimentary webcast please visit:

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by John Pescatore.

The SANS Analyst Program,, is part of the SANS Institute.

Tweet this:
DDoS Taking Their Toll on Enterprises--SANS survey results released 3/20! Register here:

About Corero Network Security

Corero Network Security, an organization's First Line of Defense(R) against DDoS attacks and cyber threats, is a pioneer in global network security. Corero products and services provide Online Enterprises, Service Providers, Hosting Providers and Managed Security Service Providers with an additional layer of security capable of inspecting Internet traffic and enforcing real-time access and monitoring policies designed to match the needs of the protected business. Corero technology enhances any defense-in-depth security architecture with a scalable, flexible and responsive defense against DDoS attacks and cyber threats before they reach the targeted IT infrastructure allowing online services to perform as intended. For more information, visit

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (