DDoS Attack Detection and Mitigation by Scott Block

DDoS Attack Detection and Mitigation
As intensity and frequency increase, organizations must protect themselves with a multi-pronged defense strategy.

Background

DDoS attacks have been around since the early days of the internet. In the early years, DDoS attacks were nothing more than a nuisance. Simply “curious kids” pushing the bounds of a new technology. But as networking and communication has become predominately IP based, and the internet now being the primary form of connectivity, DDoS attacks have become a favorite means to disrupt business. They are now crippling some of the largest organization is the world. And there is no discrimination between what kind of company is at risk. Financial services, banking, online companies, retailers, public utilities and governmental organization alike have been the target of Denial of Service Attacks. 

Attackers have taken to deploying multi-vector attack campaigns that target every layer of the infrastructure (network, server and applications). The bad guys then move to an application layer attack, exhausting server resources using silent attack techniques that go undetected by traditional security tools, so the question of where to defend becomes a vexing problem for security teams. 

The Solution

Whether it’s a flood attack or application layer attack, a DDoS detection and mitigation solution is needed to protect the Enterprise and Service Provider infrastructure against bad actors with bad intentions. There are two critical elements to an effective defense. First, one must have a high degree of network visibility. Using the StealthWatch System to analyze NetFlow produced by the network infrastructure, creating normal traffic baselines which are then managed by the StealthWatch Management Console (SMC) provides outstanding visibility, and actionable reporting and management intelligence. Once a DDoS event has been detected, security teams have all the information needed to determine the proper actions for an effective and measured response. Information about the place of origin and rate of attack of the intrusion, as well as the targets of the attack becomes obvious. Once the rate and severity of an attack can be ascertained, the second element of defense is put into action. 

From here Enterprise and Service Providers can quickly implement the mitigation portion of the solution, assess the threats and determine the necessary steps to effectively scrub suspect data. The mitigation solution protects Enterprise applications and Service Provider infrastructure against DDoS attacks. A solution such as that offered by Radware’s DefensePro system fits the bill as an excellent complement to the StealthWatch System. It provides world-class security including DDoS attacks mitigation and SSL-based protection to fully protect applications and networks against all types of attacks. It’s based on dedicated hardware accelerated platforms supporting high bandwidth of up to 40Gbps and up 25M PPS attack prevention rate. It will detect DDoS, Botnets, APT, misbehaving users and zero-day attacks, plus many others. 

For Service Providers

 

DDoS Detection and Mitigation for Service Providers

 

For Enterprise

 DDoS Detection and Mitigation for the Enterprise

 

Considerations

As organizations look for an effective DDoS solution, there are always a few key stair-steps in the decision making process. Please consider what an effective solution should offer:

  • Maintaining business continuity is critical even while under attack. The joint solution offers the widest coverage against all types of availability-based threats that target service provider networks and enterprise applications.
  • Everyone wants to reduce operational costs while increasing attack visibility. Will the solution your considering offer highly granular, centralized monitoring and control system?
  • How accurate do you need your attack detection solution to be: StealthWatch uses network flow-based behavioral analysis to detect DDoS attacks that bypass perimeter defenses for accurate detection?
  • Do you need a highly scalable solution: Will you need your solution to scales to millions of flows per second (fps), delivering end-to-end monitoring for even the largest environments? 
  • Additionally the StealthWatch Management Console (SMC) enables advanced management monitoring of up to 50,000 flow exporting devices (routers, switches, firewalls, etc…).
  • Always use the best attack mitigation solution available that offers:
    • Hardware accelerated mitigation of all network DDoS flood attacks
    • Blocking low and slow attacks and known tools such as Slowloris, RUDY, LOIC and many more.
    • Advanced Challenge-response technique mitigating application attacks
    • Non-intrusive, asymmetric SSL attacks mitigation
    • Shortest time to protect – within seconds

DDoS attacks are not abating. On the contrary, they are becoming more prevalent, widespread and with more debilitating effects. Companies on-going business operations are being brought to a complete halt by these sort of attacks, so organization of all types need to harden their defenses and implement a flexible, scalable and highly effective DDoS prevention strategy.

For information in a Lancope/Radware joint solution brief, please click here.

More information

To learn more visit www.lancope.com or www.radware.com

Contact us sales@lancope.com or www.radware.com/ContactUs