DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
April 5, 2019
In this third video of the DDoS Defenders Tips & Tricks installment, we discussed ways in which a DDoS defense system can block attacks. Here, Don Shin, Sr. Product Marketing Manager at A10 Networks, explains why you should use threat intelligence to mitigate DDoS attacks. DDoS attacks can be catastrophic, but the right knowledge and tactics can drastically improve your chances of avoiding and successfully mitigating attacks.
Transcript
Welcome to A10’s DDoS defenders tips and tricks. In our last session, we discussed the goals of DDoS defenses and the three critical classes of strategies to implement in order to deflect DDoS attacks, while preventing collateral damage against legitimate users.
And in this session, we’re going to introduce you to the concept of actionable DDoS threat intelligence and its role in modern DDoS defenses. Because when you when it comes to DDoS, you may not know when the DDoS attack will come.
And you don’t know why or the motivation of the attackers or who the attacker is that’s instigating these DDoS attacks. But interestingly with DDoS is that you can know ahead where the DDoS attack will come from.
And this is because when in DDoS the first D, Is Distributed. And the distributed element, we’re able to see these malware infected DDoS-for-hire botnets that are repeatedly being used for DDoS attacks as well as the the millions of servers on the internet that can be exploited for reflective amplification attacks.
And with this knowledge, threat researchers collect forensics data, analyze forensics data, tap into networks, track botnet herders activity across the internet, as well as scan for footprints or signatures of DDoS weapons.
And with this knowledge, they create these voluminous lists of IP addresses of the DDoS weapons that are used repeatedly across the internet.
Now, the actionable portion of this comes in where we take that knowledge from the threat researchers and apply it into these large blacklists in order to create a proactive defense ahead of the DDoS attack and prevent those IP addresses from entering your environment and creating damage against your services and against legitimate users.
And so this strategy of applying threat intelligence becomes really critical, especially as the attackers are maturing and adding additional strategies around it. So we can use reputation as a mechanism for being able to do these DDoS defenses.
Now, threat intelligence by itself isn’t something that’s new. However, the action of the elements are what you can do based on the distributed nature of DDoS attacks is incredibly effective when it comes to DDoS defenses. So, to learn more about DDoS attacks, I hope that you will come back for future sessions of DDoS defenders tips and tricks.