Under Attack? Call (844) END.DDoS

How Do You Handle a Swarm of Threats Heading at You?

swarm 2

If you saw a swarm of insects flying at you, what would you do?  Most likely you would be running away or remembering to duck and cover.  A swarm of insects has a lot of similarities to a botnet.  Both are comprised of a seemingly massive number of members and despite one is alive and one is a collection of enslaved computers, they both exhibit patterns.

You cannot defeat a swarm one insect at a time – and neither can you defeat the activities of a botnet one at a time.  You need to elevate your understanding of the situation in a manner that is repeatable and scalable.  You need a process to gain insight into the botnet so that you have the intelligence you need to protect your organization. Here’s three key elements to keep in mind:

  1. Amass – as much data on the botnet as possible.  Broad collection provides valuable data on various activities; where it is active and what its command and control infrastructure is. Deep collection yields details on the specific tactics that a botnet is carrying out, including its tools, communication methods and an understanding of how it evolves over time.
  2. Analyze – all of the data from as many perspectives to harvest as much intelligence as possible.  Analyze with both automation and human engagement where data is categorized, compared and correlated. Develop as much understanding of the activities and evolution of the botnet as possible so you can understand how it evolves into active campaigns.
  3. Apply –  that valuable insight and intelligence gathered as the ammunition to bolster your defenses to defeat the entire swarm, versus just using one particular tactic at a time.

Arbor’s ATLAS is the world’s largest globally-scoped threat analysis network. It allows Arbor’s Security Engineering and Response Team (ASERT) to understand botnets, to monitor them over long periods of time, and most importantly, gain valuable insights into their active attack campaigns. Together, ATLAS and ASERT provide an understanding on which botnets are using which attack tactics – when, against whom, and from where – over the duration of all of their campaigns.  This insight allows us to develop specific protections that are continuously updated and fed back into our products via the ATLAS Intelligence Feed.

Check out ASERT’s blog for the latest research and analysis. They’re rock stars in the world of network security!

 

Getting Real About Rio: Physical Security is Not the Only Security to Worry About

This month, the entire world is watching Rio. Amid police protests, violent crimes, terrorism threats, sanitation concerns, dangerous levels of viruses and bacteria in the water, major public transportation problems, Zika virus, and other fears, many Brazilians like myself are worried that our “cidade maravilhosa,” or “wonderful city,” was sadly not the most wonderful choice […]

Cyberhustle – Spotting the Classic Cons at BlackHat

I had a chance today with Scott Howitt to have a little fun at BlackHat.  I’ve always enjoyed the show over the years for many reasons, not least of which is avoiding taking ourselves too seriously in ways that seem to be the norm at some other security shows. So this time, I thought let’s […]

e-Sports: A Prime Target for DDoS Attacks

As my colleague discussed a couple of weeks ago, with DDoS attacks continuing to grow in scale and frequency, and increasingly being used to disguise other forms of cyber-crime, gaming companies now have a big target on their backs. e-Sports, organized, multiplayer video game competitions, has become an extremely popular and lucrative business with at least 70 […]

Gaming Companies and DDoS: You can bet on it

When a gaming provider is taken offline it frustrates hard core users and damages the company’s reputation. Because availability is of such primary importance to gamers, these firms are frequent targets for attack. With DDoS attacks continuing to grow in scale and frequency, and increasingly being used to disguise other forms of cyber-crime, gaming companies […]

Cisco’s Visual Networking Index and the DDoS Challenge

Many of you are probably already familiar with Cisco’s Visual Networking Index (VNI) initiative. If you are not familiar with the VNI, it is a great resource and highly recommended. Recently, Arbor Networks was invited to collaborate on their latest white paper, The Zettabyte Era: Trends and Analysis. Cisco highlighted a number of of interesting […]

Ten Years of DDoS Education: A Long and Winding Road

This June it will be ten years since I joined Arbor and it’s always been a fun ride, one that gave me the opportunity to meet people from different cultures, customers from the Persian Gulf to Ireland, from Portugal to Romania, most of the times preaching the gospel of DDoS Mitigation together with my “sales […]