These headless browsers are changing the ways in which businesses need to be thinking about protecting their websites. Not everyone, of course- just the ones that rely heavily on their websites to do business; for example, e-commerce websites. Conventional mitigation techniques like firewalls and big iron anti-DDoS platforms will be of no use against these attacks because once they are in, it is too late, so enterprises will need to keep this trend in mind and consider partnering with fast, reflexive service providers who can keep up with the level of sophistication being seen in the ongoing evolution of DDoS.
However, all is not lost: they can be spotted and stopped. Because it’s a botnet that will have written rules in the script, it will operate in a consistent way (similar to searchbot behaviour); as opposed to human behaviour that is much more erratic. This means that it can be spotted by a trained security team who can identify the pattern and intervene by writing their own rules on the fly to combat it. Obviously, not every business has the internal staff to perform this task in-house, but luckily there are options out there that offer this high level of DDoS protection.”
Jag Bains, CTO of DOSarrest Internet Security