The DDoS threat landscape has evolved dramatically. Attackers no longer rely on simple volumetric attacks; they now launch sophisticated multi-vector campaigns that combine high-volume traffic with targeted application-layer attacks.
Now, artificial intelligence (AI), automation, and globally distributed botnets allow these attacks to adapt in real-time, increasing their impact. Beyond disruption, DDoS attacks often serve as a diversion to overwhelm security teams, creating a smokescreen while they execute more insidious objectives like data exfiltration or credential theft.
“We successfully defended an enterprise client against a prolonged 13-day attack involving 400,000 IPs peaking at 292,000 requests per second,” Thales Cyber Security Products’ Area VP, Daniel Toh, told iTnews Asia.
“While our platform was automatically blocking the DDoS traffic, we simultaneously identified a broader, covert malware injection campaign specifically targeting their IoT devices,” said Toh.
He added that this discovery allowed the client to address and prevent a potentially devastating breach that the attackers had hoped to conceal.
Imperva’s platform addresses such diversion tactics through behavioural analysis and contextual threat intelligence.
Toh further elaborates, “We don’t just look at the raw volume of traffic, but instead analyse attack patterns, source behaviours, and timing correlations to help precisely identify when a DDoS might be masking other, more targeted operations.”
“Our system maintains visibility across the entire attack surface – from the network edge to applications and data - to detect the subtle anomalies that suggest a coordinated multi-stage campaign is underway.”
Unfortunately, Toh said organisations are failing to protect themselves from such sophisticated and evolving DDoS attacks.
What’s holding organisations back?
Organisations are ill-equipped due to their reliance on legacy, on-premises solutions designed for a different era, and have three critical weaknesses.
- First, a fixed capacity is often unable to scale to modern DDoS attack volumes.
- Second, manual reactive approaches often blackhole all traffic, including legitimate users, leading to significant service disruption.
- Third, many organisations face challenges contending with blind spots in hybrid cloud environments and API-driven architectures, which attackers are increasingly targeting.
Toh said this means that business impact extends far beyond immediate service disruption.
“Organisations in the APJ region are now facing significant revenue loss, severe damage to customer trust, and competitive disadvantage. Legacy defences simply weren't designed for today's cloud-first, API-driven digital economy, where the attack surface has expanded exponentially across distributed infrastructure.”
This is why a modern, cloud-native, and intelligent approach to DDoS protection is no longer optional, but essential, Toh explained.
Fine tune your cloud DDoS strategy to stay ahead of attackers
Organisations in the Asia Pacific region and globally are shifting to cloud and hybrid architecture. This fundamentally changes the attack surface. For organisations to be adequately protected, security posture must evolve from a traditional, perimeter-centric mindset to one that is truly cloud-native and API-first.
Imperva’s cloud-based DDoS protection is designed with this paradigm in mind and delivers an intelligent, resilient, and comprehensive defence.
Further elaborating about speed and scale, Toh said, “Our globally distributed infrastructure scales elastically in sub-second timeframes. For example, we’ve successfully mitigated hyper-volumetric attacks reaching 1.2 Tbps and 1.5 Tbps, as well as over 1 billion packets per second — all for the same customer.”
“Our Software-Defined Network Operations Centre (SDNOC) intelligently and automatically redirects malicious traffic to optimal scrubbing centres worldwide, ensuring the fastest possible response regardless of the attack’s origin or target,” Toh added.
“In addition, we have sophisticated automation, which helps to form the backbone of our defence.”
Imperva’s platform leverages advanced algorithms that can distinguish legitimate from malicious traffic within milliseconds, and this helps security users educe false positives while maintaining an uncompromised user experience.
This granular, automated decision-making is critical during complex multi-vector attacks where any manual response would be impossibly slow and ineffective.
Since Thales acquired Imperva in December 2023, the team has integrated Imperva’s industry-leading DDoS protection with Thales' extensive cybersecurity portfolio, which created a unified ecosystem where DDoS intelligence feeds into identity management, data protection, and threat detection systems.
“A key differentiation lies in comprehensive coverage and contextual awareness. Unlike point solutions that offer fragmented protection, we provide unified protection across the entire digital footprint, including websites, DNS systems, networks, individual IPs, and cloud-hosted assets, regardless of subnet ownership,” said Toh.
This eliminates the coverage gaps that attackers typically exploit, giving customers peace of mind, he added.
Moreover, Toh feels that the cybersecurity landscape over the next few years will be characterised by a relentless acceleration of AI-driven threats and an exponentially expanding attack surface.
Make AI core to your DDoS defence
Today, AI and machine learning are fundamental to DDoS protection. They provide the speed, scale, and analytical depth essential for combating today's sophisticated attacks. However, it's crucial to understand that they are designed to augment and elevate human expertise, not replace it.
Imperva’s AI-driven automation leverages time series traffic analysis and supervised machine learning, allowing the platform to automatically distinguish legitimate from malicious patterns.
“In turn, this enables the creation of optimal security policies for different IP ranges and adapts thresholds dynamically based on normal traffic baselines. We've essentially taught machines to think like experienced Security Operations Centre (SOC) engineers, but with the ability to respond in milliseconds, and to simultaneously analyse larger volumes of data,” said Toh.
However, Toh believes that human expertise remains critical for strategic threat hunting.
Security analysts are vital in identifying sophisticated long-term campaigns requiring contextual understanding, as well as in continually refining policies based on evolving business requirements and emerging threat intelligence.
“They lead complex investigations involving novel techniques that require creative analysis, and more importantly, provide human oversight that ensures our AI systems operate ethically and align with regulatory compliance requirements in the markets that we operate in,” said Toh.
“Our machine learning models continuously improve through human feedback. When security analysts validate or correct AI decisions, this directly strengthens the model’s future performance and accuracy,” he further added.
This symbiotic human-AI collaboration ensures defence becomes intelligent and effective over time, constantly learning from real-world scenarios.
Integrate DDoS protection with a broader security ecosystem
Toh advises organisations to prioritise API security as a core component of DDoS protection.
APIs are no longer just back-end connectors; they are increasingly primary attack targets and often the gateway to critical data. Many legacy DDoS solutions have dangerous blind spots when it comes to API-specific attacks.
Secondly, embed advanced bot detection and mitigation mechanisms within your security stack, said Toh.
Highlighting the seriousness of bot attacks, Toh referenced a recent Thales 2025 Bad Bot Report , where Thales’ threat research team found that bot traffic has now surpassed human traffic.
The emergence of advanced AI tools is transforming not just user interactions but the methods by which attackers execute cyber threats. Notably, API-directed attacks surged to 44 percent of advanced bot traffic.
Thirdly, Toh advises users to embrace proactive, integrated, and automated defence strategies.
In complex cloud and hybrid environments, a reactive, manual response to DDoS may be too slow and ineffective.
To overcome this, Toh said an organisation’s DDoS protection must be integrated with its broader security ecosystem.
“This includes Web Application Firewalls (WAFs), bot management, API security, and data security solutions. A unified platform, like the comprehensive Thales portfolio, allows for coordinated defence capabilities, which also identifies critical coverage gaps that attackers relentlessly exploit,” said Toh.
Face future attacks with comprehensive security
Toh anticipates attackers will increasingly use AI not just for automation, but for highly adaptive strategies that evolve in real-time based on defence responses.
“Their malicious AI will learn and evolve in real-time based on our defence responses, making attacks far more sophisticated and difficult to distinguish from legitimate traffic,” he said.
Edge computing and IoT devices will become prime targets for building larger, more distributed botnets, exponentially expanding the attack surface. These devices, often with weaker inherent security, will be exploited to build even larger, more distributed, and harder-to-dismantle botnets.
Future attacks will increasingly use DDoS as a component of broader campaigns involving data theft, ransomware, and supply chain compromise, with a continued shift toward Layer 7 attacks targeting specific application vulnerabilities.
“We have been focusing on building a comprehensive cybersecurity ecosystem where DDoS protection, data security, identity management, and application security work together, providing the contextual awareness necessary for complex, multi-stage attack detection,” Toh added.
