Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 13 August, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

How To Block DDoS Attacks Using Automation.

By Adrian Taylor, Regional Vice President at A10 Networks

by The Gurus
November 1, 2019
in DDoS, Featured
Adrian Taylor
Share on FacebookShare on Twitter

DDoS attacks can be catastrophic, but the right knowledge and tactics can drastically improve your chances of successfully mitigating attacks. In this article, we’ll explore the five ways, listed below, that automation can significantly improve response times during a DDoS attack, while assessing the means to block such attacks.

Response time is critical for every enterprise because, in our hyper-connected world, DDoS attacks cause downtime, and downtime means money lost. The longer your systems are down, the more your profits will sink.

Let’s take a closer look at all the ways that automation can put time on your side during a DDoS attack. But first, let’s clarify just how much time an automated defence system can save.

Automated vs. Manual Response Time

Sure, automated DDoS defence is faster than manual DDoS defence, but by how much?

Founder and CEO of NimbusDDoS Andy Shoemaker recently conducted a study to find out. The results spoke volumes: automated DDoS defence improves attack response time five-fold.

The average response time using automated defence was just six minutes, compared to 35 minutes using manual processes, a staggering 29-minute difference. In some cases, the automated defence was even able to eliminate response time completely.

An automated defence system cuts down on response time in five major ways. Such systems can:

Instantly detect incoming attacks: Using the data it has collected during peace time, an automated DDoS defence system can instantly identify suspicious traffic that could easily be missed by human observers.
Redirect traffic accordingly: In a reactive deployment, once an attack has been detected, an automated DDoS defence system can redirect the malicious traffic to a shared mitigation scrubbing center – no more manual BGP routing announcements of suspicious traffic.
Apply escalation mitigation strategies: During the attack’s onslaught of traffic, an automated DDoS defence system will take action based on your defined policies in an adaptive fashion while minimising collateral damage to legitimate traffic.
Identify patterns within attack traffic: By carefully inspecting vast amounts of attack traffic in a short period of time, an automated DDoS defence system can extract patterns in real-time to block zero-day botnet attacks.
Apply current DDoS threat intelligence: An automated DDoS defence system can access real-time, research-driven IP blocklists and DDoS weapon databases and apply that intelligence to all network traffic destined for the protected zone.

An intelligent automated DDoS defence system doesn’t stop working after an attack, either. Once the attack has been successfully mitigated, it will generate detailed reports you and your stakeholders can use for forensic analysis and for communicating with other stakeholders.

Although DDoS attackers will never stop innovating and adapting, neither will automated and intelligent DDoS protection systems.

By using an automated system to rapidly identify and mitigate threats with the help of up-to-date threat intelligence, enterprises can defend themselves from DDoS attacks as quickly as bad actors can launch them.

Three key strategies to block DDoS attacks

While it’s crucial to have an automated system in place that can quickly respond to attacks, it’s equally important to implement strategies that help achieve your goal of ensuring service availability to legitimate users.

After all, DDoS attacks are asynchronous in nature: You can’t prevent the attacker from launching an attack, but with three critical strategies in place, you can be resilient to the attack, while protecting your users.

Each of the three methods listed below is known as a source-based DDoS mitigation strategy. Source-based strategies implement cause as a basis for choosing what traffic to block. The alternative of destination-based mitigation relies on traffic shaping to prevent the system from falling over.

While destination traffic shaping is effective in preserving system health from being overwhelmed during an attack, it is equally fraught with indiscriminate collateral damage to legitimate users.

Tracking deviation: A tracking deviation strategy works by observing traffic on an ongoing basis to learn what qualifies as normal and what represents a threat.

Specifically, a defence system can analyse data rate or query rate from multiple characteristics (e.g. BPS, PPS, SYN-FIN ratio, session rate, etc.) to determine which traffic is legitimate and which is malicious or may identify bots or spoofed traffic by their inability to answer challenge questions.

Pattern recognition: A pattern recognition strategy uses machine learning to parse unusual patterns of behaviour commonly exhibited by DDoS botnets and reflected amplification attacks in real time.

For example, DDoS attacks are initiated by a motivated attacker that leverages an orchestration platform providing the distributed weapons with instructions on how to flood the victim with unwanted traffic. The common command and control (C&C) and distributed attack exhibit patterns that can be leveraged as a causal blocking strategy.

Reputation: To utilise reputation as a source-based blocking strategy, a DDoS defence system will use threat intelligence provided by researchers of DDoS botnet IP addresses, in addition to tens of millions of exposed servers used in reflected amplification attacks.

The system will then use that intelligence to block any matching IP addresses during an attack.

Any of these three source-based DDoS mitigation strategies requires more computing capabilities than indiscriminate destination protection.

They do, however, have the significant advantage of being able to prevent legitimate users from being blocked, thereby reducing downtime and preventing unnecessarily lost profits.

Knowing that, it’s safe to say that these three mitigation strategies are all well worth the investment.

FacebookTweetLinkedIn
Share12TweetShare
Previous Post

Grade Hacking Services And Fake Diplomas Easily Available Online During Exam Season.

Next Post

NTT Security Launches Women In Cybersecurity Awards In Europe.

Recent News

Doctor holding phone

Recovery From NHS Attack Could Take Weeks

August 12, 2022
Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit

Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit

August 12, 2022
Laptop, phone, hands

Campaign Launched to Stop People From Becoming Money Mules

August 11, 2022
MIRACL is One Cybersecurity Company to Watch in 2022

MIRACL is One Cybersecurity Company to Watch in 2022

August 10, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information