- May 31, 2017
- By cEntuRYmINDS
- All
Advanced DDoS Protection with Threat Intelligence
Distributed denials of service (DDoS) attacks are becoming common, expensive and more complex to remediate. DDoS attacks are continued to be a big challenge for business that performs their operations and provide services to its customers via Internet. These attacks cause downtime in network, which is costly for an organization to recover and frustrating for the customer as their service becomes unavailable. As different methods and platforms are used to perform these attacks, narrowing down or reducing these attacks becoming nearly impossible. A good defensive technique by understanding the concepts under these attacks and by surveying the capabilities of hackers and offenders can only be a possible remedial measure.
Incapsula “Q2 2015 DDoS Global Threat Landscape Report” provides us some of the facts about DDoS attack they are:
DDoS attackers are persistent and inevitable, 50% of targets of application layer DDoS attacks are hit again with a span of 60 days. i.e. Targets are being hit once in a week in average.
DDoS attacks last longer, 20% of all network layer attacks will persist more than 5 days. As per the report, there are 1572 network layer DDoS attack and 2714 application layer DDoS attack that persist over a period of 72 days (from March 1 to May 7 of 2015). More number of days the attacks persist, it causes significant damage to organization financial and brand reputation.
Botnet-for-hire services, provides Trojan and hacking methodology to launch DDoS attack. Involvements of botnet-for-hire have been traced on scale of more than 40% on all network layer attacks. With the invent cloud based technologies, hiring of botnets got easier and cheaper.
Internet of Things in DDoS attacks, SSDP DDoS attacks are launched from Internet of Things devices it holds a range 8% of all network layer threat caused by UDP.
Large-scale attack on both front, DDoS attack is inevitable on both ends. Largest reported DDoS network attacked was more than 253 Gbps. for example GitHub experienced this type of attack for more than 71 hours (reported by GitHub).
Aim of this blog is to study and understand different types DDoS attacks and prevention mechanism. Provide an approach on cloud based DDoS protection technique which can prevent any DDoS attack and integrate with the external threat intelligence sources to identity the possible botnets located across the globe targeting the enterprise. This threat intelligence will assist the enterprise to identity and mitigate any new potential DDoS attacks. This cloud-based solution should be available as a SaaS solution that can easily configured and integrated into enterprise other security solutions such as SIEM. By integrating with existing SIEM (logging and monitoring) solution, Enterprise should be able to view historical events and possible threat landscape within the internal network. Solution should address a comprehensive range of DDoS attacks and by integrating with threat intelligence, Enterprises should be able to stop the present and possible future DDoS attacks.