“Through cloud signalling, the solution should send customized, local attack policy information to the cloud-based mitigation service for use in current or future attacks.”
Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT
NETSCOUT’s latest threat intelligence report found that DDoS attacks hit a peak of 13 million in 2022, setting a new record for attack frequency.
As one of the original and most consistently tedious cybercrimes, Distributed Denial of Service (DDoS) attacks are rapidly evolving into more dynamic threats. Malicious actors have become increasingly sophisticated in their approach.
Imagine planning a defence against an aggressor who evolves his strategy each time a company learns to intercept his newest attack. Business owners exhaust an immense amount of time and resources while severely compromising the integrity of their security protocols, inviting data breaches that could cost a fortune.
This is a dangerously growing phenomenon in the threat landscape. Attackers run strategic reconnaissance attacks to test the strengths and weaknesses of existing security protocols, eventually learning how to circumnavigate them.
Once gaps in an organization’s security protocols are identified, the attackers will probe the vulnerabilities with multiple attack vectors and botnets, some as distractions and some as real attacks, eventually probing enough to gain control of the platform.
Defending this type of attack requires three fundamentals:
- A resilient edge defence solution that scans all inbound and outbound traffic currently traversing the organization’s internet circuit
- An understanding of recognized attack vectors, behaviours, and patterns of bad actors and known botnets
- Precise knowledge of which of these is currently participating in an attack somewhere around the globe.
With the above met, organizations can assess a clear plan-of-action laying out counter measures required to mitigate attacks, adapting to threats of any degree.
What comprehensive adaptive DDoS defence looks like
On-site, the solution would operate as an in-line, sitting on the edge of the network, between the router and the firewall, overseeing all inbound and outbound traffic. This aspect of the solution should automatically detect and stop all types of DDoS attacks including volumetric attacks of up to 200 Gbps, TCP state exhaustion attacks, application layer attacks and encrypted traffic attacks.
Through cloud signalling, the solution should send customized, local attack policy information to the cloud-based mitigation service for use in current or future attacks. In the event of a large attack, attack traffic should then be automatically routed to a cloud-scrubbing centre for analysis and mitigation. Preconfigured attack countermeasures, including the solution’s in-built attack policies, should automatically stop the DDoS attack within minutes.
The threat intelligence feed should be armed with millions of reputation-based Indicators of Compromise (IoCs), helping to stop the proliferation of malware within the organization. It also blocks outbound communication from internal devices compromised by known aggressor sites and malicious botnets to eliminate data breaches.
Conclusively
Adaptive DDoS intelligence contains comprehensive lists of currently active botnets, bad actors, attack behaviours, and patterns to compare with current traffic traversing your network, while providing automated countermeasures to eliminate the threats. As these attacks change vectors and behaviours, the solution analyses the traffic again and provides additional measures to protect your network – pure adaptive DDoS defense.
What used to work for organizations is no longer a feasible long-term answer. Instead, they must adapt to the changing threat picture and shift from a default posture of DDoS mitigation to a new paradigm of adaptive DDoS defense.
