- Written by JP Blaho
My first car was a 1983 Mercury Lynx. It was basically a rebadged Ford Escort. Although you had to turn the AC off in order get the car to move, it overall served me well. I did have some issues, but that is to be expected since the car was 7 years old when I first took ownership. One time I was driving home when the car started overheating. It was due to a leak in one of the rubber hoses that fed coolant to the radiator. I noticed it when steam started rising from underneath the hood (the check engine light was always on in that car so it wasn’t a key indicator for me).
I pulled the car into the nearest gas station, and found that there was no coolant left. It had all leaked out. I was about 10 miles away from home, so I waited 30 minutes, filled the coolant chamber with water, and slowly made my way home. My Dad and replaced the hose and added the coolant. Problem solved.
I was reminded of this situation when someone recently asked me a question about Content Delivery/Distribution Networks (CDNs). Their question was, “Doesn’t a CDN protect against DDoS attacks?”
It’s a good question. A CDN, based on its design, will allow some DDoS attacks to be absorbed without blocking access to web content and applications. But there are two things to point out:
- CDNs have a unique use case: CDNs were designed to provide localized availability of web content to the end user. They were used to ensure that access to this content was fast and always available. They were not designed as a security solution, and most certainly not designed to protect against DDoS attacks, especially the Layer 7 and advanced threat attacks;
- CDNs offer no value for security: Although a CDN fortuitously can absorb volumetric attacks, it is not a security solution. It does not offer advance protection capabilities, or provide active intelligence to define and understand the attack, let alone learn from it. A CDN does not take into consideration that the DDoS attack oftentimes is just a smokescreen for a much larger threat that could migrate its way to your network.
A content delivery/distribution network is not a solution to DDoS attacks. Nor was filling up my coolant chamber with water. Although adding water provided me the capability to get my car home safely, it was a stop-gap measure. CDNs are similar in that they can provide some protection from a DDoS attack, but it is not a defense strategy. It may prevent certain types of attacks from denying access to services, but it does not prevent from all DDoS attack types, nor does it prevent future attacks.
Relying on a CDN to protect you from a DDoS attack is an awfully risky defense. You should consider a multi-layered and integrated approach to DDoS protection. If not, you may find yourself stranded on the “side of the road.”
- Written by Arbor Networks
Today’s DDoS threats are both complex and highly sophisticated. They target the availability of networks, services and applications, often at the same time, through a multi-layered attack strategy. These attacks combine high-bandwidth assaults that overwhelm the capacity of enterprise data centers with low-bandwidth, hard-to-detect attacks aimed at bringing down critical applications.
This is especially concerning for providers that offer cloud services – where an attack on their infrastructure will cause a ripple effect to their own customers, not only shutting down availability of their services, but that of their customers’ services currently running in the cloud. Unfortunately, these attacks represent the most popular attack vector as their stealthy nature makes them harder to detect. By making critical applications inaccessible to those who rely on them, these attacks deliver a significant blow to business availability.
We recently hosted a Webinar where we discussed this very issue – the fact that, as more services move to the cloud, the accessibility of these services becomes absolutely critical, and thus, much more attractive targets to would-be attackers. Arbor’s Rakesh Shah and Frost & Sullivan senior analyst Chris Rodriguez discussed this issue in depth, touching on the following:
- The importance of mitigating business risk in light of the increased number of attacks targeting cloud services
- The who, what, when, where and why of DDoS attacks targeting the application-layer, where many business-critical applications typically ‘live’
- An overview of popular attack tools and methods currently in heavy use by attackers
- Best practices defense for not only detecting these complex attacks, but mitigating them quickly before the damage is done
To view a replay of this Webinar, you can visit this link.
The slides are also available on SlideShare here:
- Written by Jennifer Glenn
Targeted attacks against today’s enterprises are rarely a singular event. Instead, they tend to be a long running campaign that starts with a simple compromise and escalates into a larger incident involving unauthorized access and data theft. Furthermore, today’s attackers are motivated – they’ve done the legwork to really understand their target and how to avoid being detected. Further compounding today’s advanced threat landscape is an often-overloaded Security Operations Center (SOC) team; a team who is often juggling so many high-priority items that they only have time to react, vs. taking the offensive approach to threat detection.
What if security teams were able to seek out the attacker as opposed to waiting for them to slip up and trip an alert? With motivated attackers penetrating successfully, security leaders are creating internal teams of hunters to locate the attacker and to eradicate them as quickly as possible.
This is where Pravail® Security Analytics comes into play -- empowering security teams to have a fighting chance defending the enterprise. To be successful at hunting for an attacker, security teams need visibility, speed, accuracy and analysis across historical and real-time data. We understand this requirement and, using big data technology, we enable security teams to make faster, and more importantly, accurate decisions across complex networks.
Pravail Security Analytics delivers real-time and historical deep inspection to simplify analysts’ workload hunting for the attacker. The ability to replay captured traffic (referred to as ‘looping’) using the latest security intelligence is important because it provides retroactive forensics to uncover possible pre-existing compromise and to eradicate the attacker before data exfiltration occurs.
So what’s the better alternative? Be reactive and wait for the attacker to make a mistake and trigger an alert, or be proactive and use security analytics to locate the attacker? Preventing the exfiltration of data is futile without the ability to detect before it’s too late. Pravail Security Analytics enables security teams to focus their attention where it matters most.
For more on Pravail Security Analytics, read today’s press release (Go on Offense, Hunt for Attacks on Your Network in Real-Time with Arbor Networks Pravail Security Analytics On-Premise Solution) announcing the availability of the Pravail Security Analytics appliance, or click here for more on both the on-premise and in-cloud version of Pravail Security Analytics.
- Written by Ben Fischer
When your infrastructure or customers are under a DDoS attack, every second counts. As we’ve illustrated in our 9th annual Worldwide Infrastructure Security Report: DDoS attacks are increasing in size; DDoS attacks are frequently multi-vector; and security operations (OPSEC) teams are struggling with headcount and resources. Aside from the fact that DDoS attacks are happening more frequently, they are bigger and more complex, which requires expert staff equipped with the best tools to combat these threats.
- Written by Arbor Networks
Service providers today are typically offering a multitude of services ranging from Triple/Quad Play (voice, video, data and mobility) services to subscribers and/or high speed Internet access and cloud-based services to enterprises. In turn, providers are, no doubt, facing major challenges related to network management, service optimization and increased competition. If you fall into this category, you’ll want to join us next week for our Cybersecurity Virtual Summit where we’ll cover the latest cyber threats, the potential costs of those threats, how to detect and defend against attacks and how to deliver differentiating attack protection services to end-user customers.