Secure Application Delivery Solutions Using F5 BIG-IP DDoS Protection

Griff Shelley Miniatura
Griff Shelley
Published January 05, 2024

Traffic jams are not fun. But digital traffic jams are probably worse. How many times has this happened to you: you enter your username and password, trying to check your account balance through your bank’s mobile app, and you get nothing but the circle of death, your browser trying to connect to your bank’s server while you wait, anticipation growing by the second.

Unfortunately, this isn’t a rare occurrence. Banks large and small around the world experience distributed denial of service (DDoS) attacks with alarming frequency. And to an extent, it’s understandable. A good application security and delivery strategy comprises a suite of technologies and practices that work together in order to deliver end users a fast, reliable, secure application experience. By their nature, complex apps, like the ones banks typically use, bring with them many vectors for diverse attack types. Last year alone, European financial institutions saw a 73% increase in DDoS attacks from the previous year. DDoS attacks, or put another way, bad actors deliberately causing traffic jams, seek to exhaust system resources enough that the targeted server either crashes or slows to the point that legitimate traffic can’t access the applications they need. It’s like someone causing a (physical) traffic jam specifically to keep you from getting to work on time. So, it’s easy to see the downside that can result from these attacks: lost revenue, ruined business reputations, and frustrated customers who may leave your application for a competitor’s if your page or app takes more than two seconds to load.

The Growing Threat: Volumetric DDoS Attacks

Here's where these kinds of attacks go from slight headaches to migraines: There are dozens of flavors of DDoS attacks that bad actors can launch against an application, hitting on multiple levels of the OSI model and wreaking havoc for app users and providers alike. It’s like a twisted Baskin-Robbins takeoff—31 flavors of denied service. But the most common, and infuriating, flavor of DDoS attack that is especially prevalent on the Transport Layer (layer 4 of the OSI model) is the volumetric DDoS attack. While the specifics of volumetric DDoS attacks vary, the end result is the same: the attacker floods the target server with traffic to max out its CPU and memory, causing it to malfunction and disrupt service for any connected client—legitimate or otherwise. The infuriating part: they’re cheap, and almost anyone with access to the dark web can launch one. For just a few dollars an hour, an attacker can effectively take down an application or website, potentially costing the victims millions of dollars in lost business revenue.

Why these Attacks Matter: The Cost

Needless to say, these kinds of attacks create headaches for users trying to access the applications they need to go about their lives. But there’s another, arguably more frustrated party in these situations: the NetOps and SecOps teams that operate behind the scenes, working to keep applications available and secure. For them, a DDoS attack of any kind is more than just an inconvenience; it could be the event that disrupts an entire month, upending other projects and costing valuable time, money, and person-power resources to fix.

Beyond a financial impact, the human cost of these attacks cannot be understated. In some cases, DDoS attacks serve as diversions that allow attackers to exfiltrate users’ personal information from their victims’ databases on top of denying service, adding to the damage and disruption. Personally identifiable information (PII) winds up in the hands of bad actors, respectable companies lose public trust, operations teams of all kinds lose countless hours playing clean-up or repair crew, while the apps that make the lifeblood of their businesses suffer from protracted downtime.

F5 Solutions for Secure Application Delivery

It’s not all doom and gloom, though. F5’s BIG-IP Local Traffic Manager (LTM) excels at keeping applications up and running in the face of DDoS attacks, acting as a buffer between applications and problematic users who would try to take down that application. If you’re already deploying BIG-IP LTM in your environment, you’re bolstering your Network Layer (layer 3) and layer 4 protection, thanks to its ability to detect and mitigate DDoS attacks at the Network and Transport levels. It is important to note that while BIG-IP LTM provides a great security solution for these layers, deploying it as your only security solution does not make for a holistic app security strategy. To move your application delivery strategy in a direction that can address multiple kinds of threats, mitigating Application Layer (layer 7) attacks should be at or near the top of your to-do list.

Due to their stealthy nature, these kinds of attacks can be among the most problematic because they are notoriously hard to detect with traditional defense mechanisms. Where a volumetric DDoS attack on the transport or network layer can appear as a sudden flood of traffic, a layer 7 attack can hide, blending in with legitimate application traffic, ramping up over time until it overwhelms the server and application, denying requests from legitimate app traffic.

Comprehensive Protection with BIG-IP Advanced WAF

These factors can make layer 7 DDoS attacks especially vexing for NetOps and SecOps teams, since they can take down entire sections of online enterprises while staying undetected for a longer period of time than other kinds of DDoS attacks. You can read more about the damage that these kinds of attacks can cause in my colleague Jay Kelley’s excellent piece on the layer 7 DDoS attack that negatively impacted Microsoft’s Outlook, OneDrive, and Azure Portal applications. So, if you need layer 7 protection, which, if you’re supporting applications for your users at all, you absolutely do, consider adding BIG-IP Advanced WAF to your application delivery strategy. It’s a dedicated web application firewall (WAF) that complements any BIG-IP LTM deployment, ensuring an app security strategy that spans more layers, giving you and your users additional peace of mind. To learn more about the different kinds of DDoS attacks and the OSI layers they impact, check out the CISA guide to DDoS attacks. If you want to evaluate BIG-IP Advanced WAF capabilities, reach out to our sales team for a demonstration.