DDoS

A Distributed Denial of Service (DDoS) attack is a cyberattack in which multiple compromised systems flood a target’s resources or network services to disrupt or completely block legitimate access.

Expanded Explanation

1. Technical Function and Core Characteristics

A DDoS attack uses many sources of malicious traffic, often from a botnet of compromised devices, to overwhelm a target’s bandwidth, processing capacity, or application resources. It aims to exhaust finite system or network resources so that services fail or degrade.

DDoS attacks include volumetric attacks that consume bandwidth, protocol attacks that exploit weaknesses in network or transport protocols, and application-layer attacks that target specific application functions. Attackers often use reflection and amplification techniques that abuse misconfigured services to increase traffic volume.

2. Enterprise Usage and Architectural Context

Enterprises treat DDoS primarily as a threat category within network and application security architectures rather than as a functional capability. Security teams integrate DDoS monitoring, detection, and mitigation controls into perimeter defenses, cloud environments, and critical Internet-facing services.

Architectures commonly employ traffic scrubbing centers, content delivery networks, anycast routing, rate limiting, and web application firewalls to detect and filter malicious traffic while maintaining availability for legitimate users. Organizations also define incident response runbooks and service-level objectives for DDoS scenarios.

3. Related or Adjacent Technologies

DDoS relates to intrusion detection and prevention systems, network firewalls, web application firewalls, and Security Information and Event Management (SIEM) platforms that collect and correlate telemetry for attack detection. It also intersects with Domain Name System (DNS) security, Border Gateway Protocol (BGP) routing controls, and zero trust network design.

Mitigation services often rely on Traffic Engineering (TE), network telemetry, and behavioral analytics to distinguish attack traffic from normal usage. DDoS risk also connects to endpoint and Internet of Things (IoT) security, because compromised devices frequently form the botnets used to generate attack traffic.

4. Business and Operational Significance

DDoS attacks create availability risk for online services, customer-facing applications, APIs, and critical business processes that depend on Internet connectivity. They can interrupt digital revenue channels, degrade user experience, and disrupt internal operations that rely on remote access.

Security, network, and IT operations teams use DDoS threat models, testing, and exercises to validate resilience plans and contract terms with upstream providers and mitigation vendors. Governance programs often include DDoS within business continuity, Disaster Recovery (DR), and cyber insurance planning.