Have you ever calculated the damage you would in the case of a DDoS attack? Do you know how to manage an attack of over 1 Gbps? Can you make a difference between a peak of legitimate traffic and a potential threat? If you do not have adequate answers to these questions, Datanet Systems specialists can help you find the optimal solution with the support of Arbor Networks – NETSCOUT anti-DDoS solutions.

In 2017, 84% of organizations have experienced at least one Distributed Denial of Service (DDoS) attack. This year, the situation has worsened:

• the total number of DDoS attacks increased by 37%;
• in the first 6 months, 74% of the attacks exceeded the 1 Gbps threshold;
• attacks above 300 Gbps increased by 500%;
• the first Terrabyte attacks occurred: on February 28 – 1.3 Tbps, and five days later – 1.7 Tbps;
• hackers have begun to use new attack vectors: the memcached reflection/amplification technique (responsible for the attack in February) is increasingly used;
• the share of multi-vector attacks remains high, 58% of them use at least two types of threats;
• more and more DDoS-for-Hire platforms are available to allow hackers to deliver DDoS-as-a-Service on-demand attacks.

Another novelty was the establishment of a record duration of an attack – 297 hours!

But there are also good news: number of attacks over four hours has fallen (69% in the second quarter, compared to 81% in the first). But even a one-minute DDoS attack can cause major network damage, which then requires hours of work to re-establish the service. Do you think you have enough time in 60 seconds to react promptly to such a threat?

Perimeter protection is outdated

As organizations are increasingly dependent on Internet connections, Cloud services and distributed applications, the new generations of DDoS attacks tend to overwhelm the security teams’ response capabilities. These, faced with increasing complexity, frequency, and intensity, are forced to make timed decisions to identify threats and establish the necessary remedial measures.

In such cases, many companies rely on Firewall, Web Application Firewall WAF, Intrusion Protection System IPS, or other perimeter protection products. Useful and necessary, but with completely different functionalities than “established” solutions for detecting and remediating DDoS attacks.

Firewalls, for example, although providing the first line of defending organizations against outside threats, are not a real anti-DDoS solution, because they themselves are victims of multi-vector attacks (TCP SYN floods or ICMP ping floods) , which “exhaust” resources very quickly. Once a certain capacity limit of the firewall is exceeded, legitimate traffic cannot be achieved even if the allocated band is not necessarily large.

To prevent such situations, you only have a few seconds, too little to identify and block an attack targeting multiple targets. That’s why Datanet specialists recommend adopting DDoS solutions that are installed before firewalls and are capable of responding automatically to each type of attack, they are smart enough to make a difference between a natural increase in legitimate traffic and a “Low and slow” attack, for example, and allow security teams to take appropriate action by providing them with contextual information and analysis relevant to the type of threat they face.

Smart Solutions for Current Challenges

To meet this cumulus of conditions, Datanet uses Arbor Networks anti-DDoS solutions that come with a number of important competitive advantages.

• The first advantage is that the Arbor Networks Availability Protection System (APS) solutions are preconfigured with an extended set of countermeasures (over 30). Counterfeit responses are developed to detect, block, and automatically fix each type of DDoS attack, being developed on their specific set of criteria. Their pre-configuration makes the protection immediate, the set can be activated “out of the box” and without requiring time to learn the application itself. This does not mean, however, that automated detection and remedial measures cannot be personalized, with the help of Datanet specialists, to the specifics of organizations’ security policies, or according to new security policies defined.
• Another major asset of Arbor solutions is that they are designed from the start to offer complete anti-DDoS protection using a hybrid approach that combines on-premises functionality with Cloud-based features. For this, Arbor uses the Cloud Signaling mechanism, with the help of which the on-premises APS solution communicates permanently and in real time with the Cloud Service Provider (Arbor for Service Providers – Peakflow SP and Arbor Network TMS) to synchronize data about potential attacks and necessary remedial actions. Thus, if the traffic volume of the attacks exceeds a certain threshold predefined by the client organization, Cloud Signaling automatically triggers mitigation measures in Cloud, traffic being automatically redistributed to TMS. The solution eliminates illegitimate “surplus” generated by DDoS attacks, without interrupting network services, providing real-time visibility over network applications, and proactively monitoring DoS attacks. Security teams can also initiate the Cloud Signaling mechanism manually when faced with a potential threat and policies can be configured and tailored to the needs of each company. The immediate benefit of the hybrid approach is to provide organizations with a scalable and flexible protection solution that quickly adapts to different types of attacks, regardless of their volume.
• A third major advantage of Arbor Networks solutions is the Active Threat Level Analysis System (ATLAS), the largest Threat Intelligence platform specializing in identifying DDoS threats, which monitors about one-third of global Internet traffic, extracting information from over 400 of networks. The collected data is analyzed and transposed into policies and response patterns by Arbor Security Engineering and Response Team (ASERT) specialists and after tested and validated counteraction responses are delivered – via ATLAS Intelligence Feed (AIF) Arbor APS and SP / TMS, thus increasing the number of automated responses to new threats.

Automation is not enough

However intelligent a solution might be, it is important for it to provide the flexibility needed to be upgraded, reconfigured, and personalized so as to respond as quickly and efficiently to the needs of the client organizations. Arbor Network solutions also meet these requirements and Datanet specialists can help you do all of your operations proactively. This is approach is opposite to the “Set and Forget” model,  binding the companies to develop specific skills to limit the increase in false positives and reduce the risk of blocking valid traffic sessions due to lack of visibility

 

Datanet Systems has a solid experience in the field of anti-DDoS solutions, accumulated in several projects developed for the main telecom operators and service providers in Europe, and benefits from a team of specialists with interdisciplinary competencies, covering from infrastructure datacenters, to complex security and networking solutions.

 

If you want to find out how you can protect yourself against DDoS attacks capitalizing on the strengths of Arbor Networks solutions and the competitive advantages of Datanet Systems in favor of your company, please contact us at office@datanets.ro