Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

DNS and DDoS endurance pressure: what IAM teams should notice


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: DNS traffic closed December at 4.75 trillion authoritative queries, DDoS attacks jumped to 176 in the month, and the largest event reached 2.02 Tbps, according to DigiCert’s Q4 2025 RADAR Brief. Availability planning now has to assume endurance under coordinated abuse, not just peak-volume mitigation, highlighting how sustained multi-layer pressure is now testing resilience across infrastructure and applications.

NHIMG editorial — based on content published by DigiCert: Q4 2025 RADAR: Resilience Is Being Tested at Every Level

By the numbers:

Questions worth separating out

Q: How should security teams prepare for sustained DNS and DDoS pressure?

A: Teams should plan for prolonged pressure, not just peak traffic.

Q: Why do DNS outages create wider trust problems for identity programmes?

A: Because DNS sits underneath certificate validation, service discovery, and many authentication flows.

Q: What should practitioners measure to tell whether resilience is actually improving?

A: Measure time to mitigation, time to stable service, and the amount of pressure the environment can absorb before access or application trust degrades.

Practitioner guidance

  • Map identity dependencies on shared infrastructure Document which authentication, certificate, DNS, and admin workflows depend on the same resolution and availability layers so you can see where a single disruption cascades across access paths.
  • Test endurance-focused mitigation playbooks Run exercises that assume multi-hour or multi-day pressure, then check whether alert fatigue, staffing, escalation, and provider coordination still hold up after the first mitigation wave.
  • Review session integrity under degraded conditions Validate that cookie handling, session state, and re-authentication logic still work when DNS or upstream availability is unstable, because those failures often surface together.

What's in the full article

DigiCert's full blog covers the operational detail this post intentionally leaves for the source:

  • Month-by-month DNS telemetry and attack pattern charts across the full quarter
  • Breakdowns of targeted flood behaviour versus carpet-bombing activity
  • UltraWAF signal detail on cookie manipulation and bot activity
  • Industry targeting patterns for travel and financial services

👉 Read DigiCert’s Q4 2025 RADAR Brief on DNS, DDoS, and application resilience →

DNS and DDoS endurance pressure: what IAM teams should notice?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Availability pressure is now an identity governance issue, not only an infrastructure issue. When DNS, DDoS, and application state are stressed together, access assurance becomes harder to maintain because the systems that prove trust are themselves degraded. That widens the gap between policy intent and operational reality. Security leaders need to treat resilience as part of access governance, not a separate operational concern.

A few things that frame the scale:

  • Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging (37%) and over-privileged accounts (37%), according to The State of Non-Human Identity Security.
  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.

A question worth separating out:

Q: Who is accountable when sustained infrastructure attacks disrupt access and availability?

A: Accountability should sit across network operations, security, application owners, and any provider that supports DNS or mitigation services. The important point is that resilience failures are usually shared failures, so the governance model has to name who owns detection, containment, communication, and recovery.

👉 Read our full editorial: Q4 2025 DNS and DDoS pressure is testing digital trust



   
ReplyQuote
Share: