Email Security and Protection Against BEC Fraud: A Practical Guide
Email security and protection against BEC fraud: SPF, DKIM, DMARC, MFA, and internal procedures that protect your company from fraudulent pa
Read
DDoS protection is no longer a luxury but a core part of business resilience, because even a small company can lose its web shop, online banking or access to internal systems within minutes. A DDoS attack (Distributed Denial of Service) floods your server, network or application with fake traffic until legitimate users, customers and employees can no longer reach the service. The good news is that you can defend against it effectively, but only if the defense is set up before an attack, not during one.
Our solution
SOC service 24/7 - 24/7 monitoring that stops threats in time. You don't have to do it alone; we handle it for your company. Request a free assessment.
In the region (Bosnia and Herzegovina, Croatia, Serbia), DDoS attacks are no longer reserved only for large banks and telecoms. Increasingly, the targets are online stores, hosting providers, media outlets, public institutions and companies that depend on online payments. Attacks are often used as extortion (pay up or we take your site down) or as a smokescreen while the attacker tries something more serious in the background. That is why understanding the types of attacks and the layers of defense is the first step toward sleeping more soundly.
What a DDoS attack is and why it is dangerous for businesses
In a classic DoS attack, a single source attempts to bring a service down. In a DDoS attack, the sources number in the thousands or millions, most often infected devices gathered into a so-called botnet (from home routers and cameras to compromised servers). This distributed nature makes the attack hard to block, because you cannot simply ban a single IP address when tens of thousands of them are arriving from all over the world.
The business impact is direct and measurable:
- Lost revenue: every minute that a web shop or booking system is unavailable is money that does not come in.
- Reputation and trust: customers who hit a "page unavailable" message leave for the competition and rarely come back.
- Operational costs: emergency intervention, IT overtime and possible penalties for breaching SLA agreements.
- Security risk: a DDoS attack often serves as a cover for an intrusion, data theft or ransomware while the team is busy fighting fires.
Types of DDoS attacks: volumetric, protocol and application
For DDoS protection to make sense, it must cover all three main categories of attack, since they differ in which part of the infrastructure they target and how they are measured.
Volumetric attacks
The goal is to saturate the bandwidth of your internet connection with a massive volume of traffic. They are measured in gigabits or terabits per second. Typical examples are UDP floods and DNS/NTP amplification, where the attacker turns small queries into huge responses aimed at you. A local firewall is no help here, because the connection has already collapsed before the packets even reach you.
Protocol attacks
These exhaust the resources of a server, firewall or load balancer by abusing the way network protocols work. A classic example is the SYN flood, where the attacker opens half-open TCP connections and leaves them hanging until the connection table is exhausted. The traffic volume need not be large, but the damage is significant because you are using up device capacity rather than line bandwidth.
Application attacks (Layer 7)
These are the most insidious because they look like normal traffic. The attacker sends seemingly legitimate HTTP requests (for example, repeated searches or form submissions) that force the application and database to do heavy work. A small number of requests can bring a server down, and they are hard to distinguish from real users. Here the defense must understand the application, not just count packets.
| Attack type | What it targets | Examples | How it is measured | Main defense |
|---|---|---|---|---|
| Volumetric | Connection bandwidth | UDP flood, DNS/NTP amplification | Gbps / Tbps | Scrubbing center, CDN, upstream filtering |
| Protocol | Server, firewall, load balancer | SYN flood, fragmented packets | Packets per second (pps) | SYN cookies, stateful filtering, anti-DDoS appliances |
| Application (L7) | Web application and database | HTTP flood, slow GET/POST | Requests per second (rps) | WAF, rate limiting, bot protection, CAPTCHA |
Layers of DDoS protection that actually work
There is no single button that solves everything. Serious DDoS protection is built in layers, so that each layer catches what the previous one let through. Here is what that looks like in practice.
1. Scrubbing and upstream filtering
A scrubbing center is specialized infrastructure through which your traffic is rerouted at the moment of an attack. There, the malicious packets are "washed out" (hence the name scrubbing), and only clean, legitimate traffic reaches you. The key is capacity: scrubbing networks are measured in hundreds of gigabits, which exceeds almost any volumetric attack. It works best with an upstream provider or a specialized partner that stops the attack far from your connection.
2. CDN and traffic distribution
A Content Delivery Network spreads your content across dozens of locations worldwide. This way the attack does not crash onto a single server but is broken up across a global network that has the capacity to absorb the queries. A CDN additionally hides the real IP address of your server, which makes direct targeting harder for the attacker.
3. Rate limiting and traffic control
Rate limiting sets a limit on how many requests a single source may send within a given period. If one address tries to send a thousand queries per second, the system slows it down or blocks it. This is a cheap and effective first line of defense against application attacks and automated bots.
4. WAF (Web Application Firewall)
A WAF understands the logic of a web application and recognizes suspicious patterns: strange headers, known attack signatures, unusual request sequences. Beyond DDoS, a WAF also protects against other attacks such as SQL injection and XSS, making it one of the most cost-effective layers for companies with web applications and online sales.
5. Monitoring and alerting
The best technology is useless if no one notices the attack in time. Continuous traffic monitoring (ideally through a SOC) makes it possible to spot an anomaly in the first seconds, before users start calling. Here the NeoBit SOC team monitors traffic and activates countermeasures in a timely manner.
DDoS attack response plan
Technology is half the story; the other half is organization. When an attack hits, there is no time to come up with a plan - it must already exist. A good response plan includes:
- Clear roles: who responds first, who decides on rerouting traffic, who communicates with clients.
- Contacts ready in advance: the numbers of your ISP, hosting provider and security partner within reach, not scrambled for in a panic.
- Predefined countermeasures: scrubbing and rate limiting rules that can be activated in a single move.
- A communication plan: what to say to customers and the media, and how, to avoid additional reputational damage.
- A post-attack analysis: what worked, how long it lasted, what to fix for next time.
It is also worth checking whether the attack is merely a decoy. While the team is preoccupied with the DDoS, it is wise to additionally monitor logs and critical systems so that a quiet intrusion in the background is not missed.
How NeoBit helps with DDoS protection
NeoBit, based in Mostar, sets up DDoS protection for companies in Bosnia and Herzegovina and the wider region as part of a broader security picture, not as an isolated tool. This means assessing your exposure, putting the appropriate layers in place (scrubbing, CDN, WAF, rate limiting), drafting a response plan and providing continuous monitoring through a SOC. The goal is that an attack, if it comes, is an inconvenience and not a catastrophe.
If you want to know how resilient your infrastructure is to DDoS and where the weakest points are, contact NeoBit for a free initial assessment. It is better to discover weaknesses in time, calmly and methodically, than in the middle of an attack.
Frequently asked questions
How quickly can a DDoS attack take down our service?
A volumetric attack can saturate your connection in seconds to a few minutes. That is why the defense must be automated and set up in advance, because a manual response during an attack is almost always too late.
Can an ordinary firewall protect us from DDoS?
A classic firewall helps with some protocol attacks, but not with large volumetric attacks, because the connection itself collapses before the traffic reaches the firewall. For that you need scrubbing, a CDN and upstream filtering at the provider.
Is DDoS protection too expensive for a small company?
It does not have to be. A great deal can be achieved with rate limiting, a WAF and a CDN combined with proper monitoring, which is also available to smaller companies. NeoBit adjusts the level of protection to the size and exposure of your business.
What should we do if an attack is happening right now?
Immediately activate your response plan, contact your provider and security partner, and if possible reroute traffic through scrubbing. If you do not yet have a plan, get in touch with NeoBit so we can set up the defense and prepare you for next time.
Related guides: Cyber security in Bosnia and Herzegovina - the complete guide · Email security and protection against BEC fraud: a practical guide · Protection against hacking attacks - 10 steps for businesses
