Cybercrime is on the rise, especially as workers and learners alike move from onsite to remote connections. Unsecure systems and outdated security have allowed cybercriminals to take advantage of the current situation to conduct cyberattacks. New tactics are developing every day, leveraging the fears and uncertainty surrounding the coronavirus, but cybercriminals are also relying on old tactics. In fact, Nokia Deepfield noted a 40% increase in Distributed Denial of Service (DDoS) traffic from February to April 2020.
Although CompTIA Security+ defines many cyberattacks, including DDoS attacks, CompTIA Cybersecurity Analyst (CySA+) covers the skills required to effectively detect, respond to and recover from cyberattacks. IT pros who hold CompTIA CySA+ have the knowledge, skills and abilities to effectively use threat intelligence, threat detection, data analysis, interpretation, preventive measures and incident response. Last month, we published a DDoS handbook for IT pros, and today we’ll pull examples from that handbook to show you three ways CompTIA CySA+ helps IT pros combat DDoS attacks.
3 Ways CompTIA Cybersecurity Analyst (CySA+) Helps You Combat DDoS Attacks
1. DDoS Warning Signs and Tools For Mitigation
Preparation and quick response are crucial in any cyberattack.
Here are just a few warning signs of a DDoS attack:
- Slow or unavailable website or server connections
- Abnormally huge spike in traffic or multiple requests coming from a specific IP address over a short amount of time
- 503 service unavailable errors when maintenance is not being performed
- Ping requests to technology resources time out due to Time to Live (TTL) timeouts
CompTIA CySA+ uses threat intelligence to identify the warning signs of attacks, such as DDoS attacks, and covers the tools for incident response before the DDoS attack hits your network. For example, security bulletins (e.g., US-CERT) identify current attacks on the internet, providing warning signs that help cybersecurity analysts make incident response decisions.
CompTIA CySA+ Exam Objectives
1.1 Explain the importance of threat data and intelligence.
1.2 Given a scenario, utilize threat intelligence to support organizational security.
2. Tools For Detecting and Responding to DDoS Attacks
Detecting and responding to DDoS attacks requires different types of tools for tracking and locating DDoS attacks, monitoring traffic, tracing spoofed traffic and more.
CompTIA CySA+ analyzes data output from tools, such as intrusion detection systems (IDS) or security information and event management (SIEM) systems to detect an attack, such as a DDoS attack, which is part of the security monitoring process. The cybersecurity certification also covers proactive threat hunting to detect threats outside of the security operations center (SOC), including predictive analysis of threats that haven’t happened yet.
CompTIA CySA+ Exam Objectives
3.1 Given a scenario, analyze data as part of security monitoring activities.
3.2 Given a scenario, implement configuration changes to existing controls to improve security.
3.3 Explain the importance of proactive threat hunting.
3. DDoS Attack Best Practices and Response Procedures
DDoS attacks can be damaging if they aren’t identified and handled in a timely manner. A DDoS defense strategy should include the following steps:
- Detection: Early detection is critical for defending against a DDoS attack.
- Diversion: Divert DDoS traffic by sending it to a scrubbing center or other resource that acts as a sinkhole so it doesn’t affect your critical resources.
- Filtering: Drop the unwanted DDoS traffic by installing effective rules on network devices to eliminate it.
- Analysis: Understanding where the DDoS attack originated can help you proactively protect against future attacks.
CompTIA CySA+ covers the incident response techniques and best practices that are required to respond to cybersecurity incidents, including DDoS attacks. Cybersecurity professionals who have CompTIA CySA+ can analyze data output to determine potential indicators of comprise and use digital forensics techniques to learn more about a cyberattack, such as its source, to help determine if more incident response actions are needed.
CompTIA CySA+ Exam Objectives
1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.
4.1 Explain the importance of the incident response process.
4.2 Given a scenario, apply the appropriate incident response procedure.
4.3 Given an incident, analyze potential indicators of compromise.
4.4 Given a scenario, utilize basic digital forensics techniques.
5.2 Given a scenario, apply security concepts in support of organizational risk mitigation.
Whether you’re a cybersecurity analyst, cybersecurity engineer, threat intelligence analyst or other cybersecurity professional, CompTIA CySA+ validates the skills needed to prevent, detect and combat cybersecurity threats. Download the exam objectives for the newly released exam, CompTIA Cybersecurity Analyst (CS0-002) to see what’s covered and start studying.
Ready to get started? Sign up for CompTIA's IT Career Newsletter and save 10% off your CySA+ voucher purchase.
