{"id":89,"date":"2018-11-07T22:21:34","date_gmt":"2018-11-07T21:21:34","guid":{"rendered":"https:\/\/lars-hilse.de\/lhx18\/?p=89"},"modified":"2018-11-07T13:54:18","modified_gmt":"2018-11-07T12:54:18","slug":"cyber-insurance-what-is-a-ddos-attack-and-how-to-mitigate-it","status":"publish","type":"post","link":"https:\/\/lars-hilse.de\/lhx18\/2018\/11\/cyber-insurance-what-is-a-ddos-attack-and-how-to-mitigate-it\/","title":{"rendered":"Cyber Insurance: What is a DDoS attack and how to mitigate it?"},"content":{"rendered":"
<\/div>

I don’t know how often I had to answer the question what a DDoS attack is. Yet one of the most prominent questions was when I was confronted by an insurance company offering cyber insurance products.<\/p>\n

Together with a friend I run a cyber insurance brokerage. Obviously, the clients have to be signed by the insurance company. The products most of the companies have are crap.<\/p>\n

And if they are not, their underwriting policies are… well, worth getting used to.<\/p>\n

A client of mine operates a rather large e-business, particularly an e-commerce shop.<\/p>\n

Like pretty much all of the e-commerce sites, this one was also concerned about the safety of their site, and wanted insurance if they got taken down.<\/p>\n

We did my famous analysis of their operation and ruled out most of the obvious risks.<\/p>\n

This would give me an easier stance trying to pitch it to the insurance company.<\/p>\n

None the less, the first thing the genius underwriter tells me with a frown on his face is that the risk is not coverable because it’s an e-commerce operation relying too heavily on the income from the website.<\/p>\n

His main argument, however, was that the risk of a DDoS attack was too big, before resting his case, and trying to send me off.<\/p>\n

I asked him if he was even aware of what a DDoS attack was, upon which a large discussion erupted which was mainly focussed on me having crushed his ego.<\/p>\n

However, it was fruitful from the angle that I was able to find a “noob” explanation to the issue, which I outlined by explaining to him that it was like a million people trying to exit an aircraft after it had landed, and all of them had to fit through the door. (very short version).<\/p>\n

Against all odds, he understood what I was trying to convey to him; yet now came the bigger problem… explaining the solution fo fighting off a DDoS attack.<\/p>\n

You see, probably one of the most easiest things to do is to put a content distribution network Infront of your operation. A CDN will take malicious traffic and deal with it differently than with legit traffic coming to a site.<\/p>\n

So: bye bye DDoS attacks.<\/p>\n

I told him the we could make this a prerequisite for the client to receive insurance coverage… yet the discussion was and burned.<\/p>\n

 <\/p>\n

 <\/p>\n

<\/div>","protected":false},"excerpt":{"rendered":"

DDoS attacks are still a thing. But they are also easy to mitigate. Here is how, and an interesting discussion about the topic. <\/p>\n","protected":false},"author":1,"featured_media":91,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,5,13],"tags":[42,43,37],"class_list":{"0":"post-89","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-cyber-security","8":"category-infosec-reader-questions","9":"category-risk-management","10":"tag-cybersecurity","11":"tag-ddos","12":"tag-mitigation","14":"fallback-thumbnail"},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/lars-hilse.de\/lhx18\/wp-content\/uploads\/2018\/11\/entrance-to-auschwitz-1517620.jpg?fit=1280%2C960&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paluiP-1r","jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/89","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/comments?post=89"}],"version-history":[{"count":2,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/89\/revisions"}],"predecessor-version":[{"id":93,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/89\/revisions\/93"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media\/91"}],"wp:attachment":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media?parent=89"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/categories?post=89"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/tags?post=89"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}