Monday , 16 July 2018
Home » NEWS » THIS WEEK’S GURUS » DDoS Defence Demands a Hybrid Approach
Ronald Sens, A10 Networks
DDoS Defence Demands a Hybrid Approach

DDoS Defence Demands a Hybrid Approach

By Ronald Sens, EMEA Director, A10 Networks

Just imagine that a DDoS attack is crushing your network. Your enterprise’s internet pipe is under siege and almost to capacity. There is nowhere else for the traffic to go, making it impossible for legitimate user traffic to get through. So, what is the result? The attack is successful, your network or services fall down, you lose productivity and revenue, your brand is irrefutably damaged and all you can do is pick up the pieces.

It doesn’t have to be this way though. Had the enterprise in this scenario employed a hybrid approach to its DDoS Defence, it would’ve been back to business as usual once the attack was mitigated. How does it do this, you ask? By swinging traffic to the cloud to get a good scrub down. The most effective way to battle DDoS attacks is with a hybrid approach that marries cloud and on-premise protection that can stand up to attacks of any type and any size.

Why Hybrid?

Hybrid DDoS defence is the best of both worlds. It combines cloud scrubbing with the surgical precision and context-aware controls of an always-on, instant on-premise DDoS solution. When DDoS attack volumes grow beyond the capacity of your internet pipe, it diverts traffic to the cloud maintaining service availability.

With this powerful combination, you can defend against frequent smaller and sophisticated attacks that target applications, services and security devices, and the colossal 1 Tbps volumetric attacks that crush companies and make for compelling headlines.

According to Verisign’s DDoS Trend Report for the first quarter of 2017, 41 percent of DDoS attacks are less than 1 Gbps and 77 percent are less than 10 Gbps. These attacks are more effectively mitigated with surgical, on-premise DDoS defence, while the cloud is available on-demand for when attack volume grows beyond the capacity of your internet pipe.

Blending cloud and on-premise DDoS defence ensures network exhaustion and application layer attacks are caught, and it eliminates mitigation errors that cause collateral damage to legitimate traffic and users. This is the whole point of DDoS defence, to ensure legitimate traffic and users get through.

Hybrid DDoS users also get the benefit of cloud scrubbing while maintaining the operator control of an on-premise solution, which delivers the application protection that cloud scrubbing alone cannot.

At the same time, hybrid DDoS defence eliminates the added expense of using cloud scrubbing alone. Some cloud scrubbing services charge based on the total amount of traffic diverted. That’s unnecessarily costly, because you end up paying not only for the legitimate traffic you are seeking to protect, but also for the massive volumes of attack traffic. A hybrid solution kicks to the cloud only when the always-on, on-premise, solution is overwhelmed, and you only pay for cloud scrubbing as you use it.

A Complete Hybrid DDoS Solution

For the best DDoS protection, you need to make sure you have a complete hybrid solution, including an on-demand cloud DDoS scrubbing solution that gives you the full spectrum of DDoS protection, especially when combined with other precise defence solutions.

Solutions that deliver cloud-scale hybrid DDoS protection against volumetric attacks that exceed your internet bandwidth is required for the best protection. This hybrid approach offers precision protection against all DDoS attack strategies such as volumetric, network-based, application layer, slow and low attacks and attacks missed by cloud scrubbing services.

Coupling on-demand cloud scrubbing with other on-premise DDoS defences minimises false events with source-based mitigation; protects enterprise personnel and customers; and enforces protection via threat intelligence services and more than 27 traffic behaviour indicators to increase mitigation accuracy.

Cloud DDoS protection services should be built on protecting legitimate traffic, not the amount of traffic that attacks apply. With an effective protection service, you are only charged for the protected traffic and the number of times cloud-scale scrubbing is required. Coupled with a product that deflects all attacks that fall under your on-premises internet bandwidth, your enterprise can have the most surgically effective and economical full spectrum DDoS solution on the market.

About Dan Raywood

Dan Raywood is the editor in chief of the IT Security Guru. A journalist with more than 13 years experience, Dan has been at the forefront of the information security industry.

As the news editor of SC Magazine he covered breaking stories such as Stuxnet, Flame and Conficker and the online hacktivist campaigns of Anonymous and LulzSec, and broke the news on the EU’s mandatory data breach disclosure law and a vulnerability which affected more than 200 sites.

Contact Dan on dan@itsecurityguru.org, by phone on 0207 1832 839