DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
April 5, 2019
In this first video of the DDoS Defenders Tips & Tricks installment, we'll explore five ways automation can significantly improve your response time during a DDoS attack. DDoS attacks can be catastrophic, but the right knowledge and tactics can drastically improve your chances of avoiding and successfully mitigating attacks.
Transcript
Welcome to A10’s DDoS defenders tips, and tricks. In this session, we’re going to cover automation. And in particular, we’re going to look at how automation can save you time when you’re under a DDoS attack.
Intuitively, we know that automation is going to help with response time. However, the question is, how much help does it do.
So my good friend, Andy Shoemakers, founder and CEO of NimbusDDOS, conducted a study of his customers response times under a their cloud-based DDOS attack simulation tests.
And what they found was that it on average automation improve defenses by five times, which is really significant. And so for the very best, that translated from 35 minutes to 6 minutes or 26 minutes of improvement.
And for the worst, it added up to a 1 and a half hours of improvement in their defense response time. So that’s pretty significant what automation can bring.
And so for you and your defenses to be able to fully benefit from automation, there’s certain characteristics of your defenses that you need to consider.
First of all, before the attack your system needs to leverage machine learning in order to be able to learn what to protect as well as understanding normal behavior so that you can profile it continuously and automatically. And this all has to be done before the attack.
Then during the attack, leveraging automation is that the system has to follow your policies, redirect traffic according to the predefined policies and then start applying escalating mitigation strategies in order to be able to counter multi-vector DDoS attacks while minimizing the collateral damage to your legitimate users.
And then, in addition to those your system needs to start looking at the attack pattern, in order to be able to extract botnet behavior. This all done in real time and then and then block that behavior.
And then lastly, is the other critical capabilities is to be able to use DDoS threat intelligence and use reputation as a mechanism for being able to block DDoS-for-hire botnets as well as the millions of servers that are available on the internet that are exploited and amplification attacks on a daily basis.
And then after the attack, the system needs to be able to generate reports so that you and the other stakeholders will be able to understand what happens and then improve your processes as well.
And so, you know, attackers continue to innovate. They’ve already figured out strategies for automating their attack platforms. And you need to be ready as well to leverage intelligent automation based DDoS defense to be ready for the inevitable attack
And so in our next video, we’ll go into some strategies: the three critical classes of strategies in order to be able to block attackers as well as to minimize collateral damage against your legitimate users.