Protecting Apps from DDoS and API Attacks with BIG-IP Advanced WAF

Navpreet Gill Thumbnail
Navpreet Gill
Published February 12, 2024

DDoS attacks remain a constant concern, but what’s driving their persistence?

Several security trade publications, including a recent report from Zayo Group, point to the spike in DDoS attacks this year due to the war in Ukraine and the current geopolitical situation. This has resulted in subsequent attacks on businesses, specifically in the government and financial sectors. ​These types of DDoS attacks may be motivated by nationalistic hacktivism. ​ also notes that DDoS attacks have grown by 4.5x in volume in Q1 of 2022 compared to the same time the year prior and that DDoS attacks larger than 250 Gbps grew by 1300%.

Let’s look at the common DDoS attacks and how they are used today. 

There are dozens of different types of DDoS attacks. The three most common categories recognized industry-wide are volumetric, protocol, and application layer, but some overlap exists. ​

Volumetric attacks, or floods, are the most common type of DDoS attack. They send massive traffic, typically big packets, to the targeted victim’s network to consume so much bandwidth that users are denied access. ​

Protocol attacks, sometimes called “computational” or “network” attacks, deny service by overwhelming the computational capabilities of network devices at layers 3 and 4. These attacks typically have a “high packet rate” with tiny packets, in which the attacker usually tries to overwhelm CPUs or devices such as firewalls by sending too many packets. In that way, the bandwidth volume usually stays “low” and can remain under the radar of cloud services. ​

Application layer attacks, or layer 7 attacks, use specific packet types or connection requests to consume a finite amount of resources, such as occupying the maximum number of open connections, available memory, or CPU time. A typical app layer attack sends HTTP/S traffic to consume resources and hamper a web app or website’s ability to deliver content, temporarily disabling it or causing it to crash to make the website or application inaccessible to users. F5 Labs 2023 DDoS Attack Trends Report states, “Application vector attacks grew dramatically, by 165% in 2022.”

​Many layer 7 DDoS attacks are stealthy and may go undetected by traditional signature and reputation-based solutions. F5 BIG-IP Advanced WAF uses machine learning, stress monitoring, dynamic signatures, and attack mitigation to defend against these attacks. For example, BIG-IP Advanced WAF automatically learns the application’s behavior and then combines the behavioral heuristics of traffic with the server stress to identify DDoS conditions. Dynamic signatures are created and deployed for real-time protection. This process provides the most accurate detection while minimizing false positives. Server health is continuously monitored for mitigation effectiveness as part of a feedback loop.

DDoS and API security risks pose persistent threats to organizations across sectors. Last year, CSO security researchers warned of how the growing use of APIs gives attackers more ways to break authentication controls, exfiltrate data, or perform disruptive acts, driving API security as a requirement for organizations.

APIs are the core of the modern business today. APIs provide access to business technologies and data to drive their businesses, which would simply be unattainable for many organizations. It’s no surprise we’re seeing an increase in API-related attacks.

A continuous approach to API security is a combination of management and enforcement. There are three core components for secure API delivery – discovery (positive security/API specification validation, authentication status, sensitive data, etc.), monitoring (being able to manage traffic inspection), and securing (API-specific threat protection including protection against known threats, anomaly detection, DoS defense, securing structure, protocol, and content validations, etc.).

The F5 WAF portfolio delivers these three elements for you, but what’s unique is that we can do this by streamlining operations with a single solution and vendor to secure APIs in the cloud and on-premises. We can also help you with API posture management—by reducing complexity since we provide visibility into API traffic, enforce security, and lower risk remediation.

Many businesses today require multiple deployment models to best address application security and ensure it is deployed as close to their apps as possible. That can make it difficult for those organizations to enforce and manage policies consistently across different form factors. F5 addresses this challenge, enabling you to ensure consistent policy enforcement and management whether you’re deploying WAF on-premises, in the cloud, as a SaaS, or as security-as-code. F5 helps you protect apps and APIs no matter where your apps are and where your WAFs are deployed. As your app development and environment needs change, security policies can be easily ported from one WAF to another for turnkey, streamlined, adaptable app and API security unique to your business across hybrid and multicloud environments.

For more information on getting started with F5, try out our BIG-IP Advanced WAF simulator or sample BIG-IP Advanced WAF on a 30-day free trial.