The DDoS Arms Race
Take a moment and try to recall the last time anyone told you that distributed denial of service (DDoS) is a diminishing issue. Just like death and taxes, the DDoS threat has reached the level of “unavoidable fact” for the day-to-day of digital business and operators. And there is every reason to believe that DDoS attacks will do nothing other than grow in frequency and size for the foreseeable future.
It’s getting to be so common, in fact, that the DDoS attack community is industrializing. You can now buy a DDoS attack online for as little as five bucks, and bring it to bear on your business or gaming competitor. While most of those types of attacks are not of the massive variety, the frequency at which they are showing up is alarming, and they can still have clear and direct impact on customer experience, service quality, and digital business availability.
While the small attacks are numerous and annoying, the big ones are of much more significant concern. Just last month, journalist Brian Krebs’ website got nailed with a massive Internet of Things (IoT) botnet attack that saw rates exceeding 600 Gbps, apparently because he “outed” some bad actors who were running a DDoS-for-hire operation. This scale of threat vastly exceeds most enterprise Internet connections, leaving the only practical mitigation choices exclusively in the realm of service providers.
As an industry, the tech sector needs to take this challenge very seriously. The techniques and technologies for countering an expanding DDoS attack landscape are pretty well known, but there are some real technical challenges at hand. CloudFlare’s Marek Majkowski delivered a great presentation on this at the September 2016 Strange Loop conference. And there’s no disputing that we are in an arms race. As attackers’ capacity and sophistication continues to increase, so must the means for detection and mitigation.
New strategies must be embraced and technologies employed at multiple levels. Detection needs to be fast and accurate, with absolute minimal false positives and false negatives. Local mitigation appliances need to be powerful and cost effective for handling smaller attacks, coupled with serious horsepower for cloud-based solutions to handle the really large ones. And most important of all, complete DDoS protection requires flexibility to rapidly identify and adapt to changing attack patterns and new exploits, as they arise.
At Kentik, we provide visibility solutions that accurately recognize DDoS attacks as part of our broader network and security operations intelligence solution. Our solution, Kentik Detect, delivers a platform for network traffic and performance monitoring and analytics. Capabilities are broad, spanning NetOps, SecOps, and NetEng use cases, and include highly accurate DDoS detection. This unique big data-based SaaS solution keeps all raw flow data for 90 days, so you have a complete forensic data set on hand at all times.
Kentik works with A10 Networks to close the loop on the mitigation half of the end-to-end DDoS protection story. DDoS detection alerting within Kentik Detect can be configured to directly signal Thunder TPS appliances regarding attack details, so remediation can begin without delay. While not required, this opens the door to full automation when dealing with well-known, limited scale attacks, so that valuable time and energy of network and security pros can be focused on handling the more difficult events.
The takeaway here is that you need real firepower to deal with the real and growing threat of DDoS. You need scalable and flexible mitigation options, coupled with accurate and flexible detection. And the good news is today’s cutting edge tools vendors are there to help.
For more on surviving DDoS attacks, check out our complimentary white paper, “The DDoS Factor: Costs, Facts & Insight into 2017’s Most Advanced Cyberattack Vector.” And for information about how A10 Thunder TPS can detect and mitigate DDoS attacks against your organization, please contact one of our cyber security experts.