Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/

Want to listen to other episodes? www.Federaltechpodcast.com

How do you defend your website against an attack that can reach one hundred million requests a second?

The federal government is in an unusual position: in addition to the "garden variety" attacks, such as phishing and ransomware, it is also subject to political attacks with a specific agenda. Ostensibly, they do not have financial motivation; their motivation is a political statement.

Welcome to hacktivism.

The tool they use is a tried-and-true, good, old-fashioned Distributed Denial of Service (DDoS) attack. If you consult your history books and shake off the dust, you will find that the first DDoS attack was recognized in 1996.

Advances in cloud computing and AI have been a force multiplier for malicious actors to shut down websites. In the past, the attacker would remain anonymous; not today. Today's hacktivist often claims responsibility for the attack and publicize their demands.

It has gotten to the point where DDoS attacks are available to consumers as DDoS-as-a-service.

Pascal Geenes has authored an article about a particularly nasty DDoS attack, appropriately called "DieNet." It attempts to instill doubt and chaos in a federal site.

What is the defense? Pascal Geenes has identified vulnerabilities in APIs as a key attack vector. Many federal agencies are not aware of their API inventory. It is possible to scan a federal site, identify a flaw in an unused API, and leverage that knowledge to launch a DDoS attack.

Radware's solutions, including AI-driven security, help mitigate these attacks quickly, reducing the mean time to resolution (MTTR). Heenan emphasizes the importance of being initiative-taking in cybersecurity.

= = =