What is Denial of Service (DoS / DDoS)?
Denial of Service (DoS / DDoS) is a category of cyber attack designed to disrupt the availability of systems, applications, or network services by overwhelming them with excessive traffic or resource requests. While a DoS attack typically originates from a single source, a Distributed Denial of Service (DDoS) attack leverages multiple compromised systems (often part of a botnet) to generate large-scale traffic floods that are significantly harder to mitigate.
These attacks target critical infrastructure such as web servers, APIs, and DNS services, exploiting limitations in bandwidth, compute capacity, or application logic. DDoS attacks can take multiple forms, including volumetric attacks, protocol attacks, and application-layer attacks, each requiring different detection and mitigation strategies.
What is Denial of Service (DoS / DDoS) used for?
Denial of Service attacks are primarily used to disrupt business operations, degrade user experience, or create diversion during more targeted attacks such as data exfiltration or ransomware deployment. For CISOs and security leaders, DDoS represents a resilience challenge rather than just a perimeter threat.
Organizations use DDoS protection strategies such as traffic scrubbing, rate limiting, content delivery networks (CDNs), and cloud-based mitigation services to absorb or filter malicious traffic. Integration with tools like Web Application Firewalls (WAF), SIEM platforms, and threat intelligence feeds enhances detection and response capabilities.
From a strategic perspective, defending against DoS/DDoS attacks requires alignment with broader cyber resilience initiatives, including redundancy design, incident response planning, and service-level risk management.