Author: Darren Anstee

Darren Anstee has over 15 years of experience in the pre-sales, consultancy and support aspects of telecom and security solutions. Mr. Anstee specializes in customizing and supporting traffic monitoring and Internet threat detection and mitigation solutions for service providers and enterprises in the EMEA region. Prior to joining Arbor, he spent eight years working in both pre- and post-sales for core routing and switching product vendors. Follow Darren Anstee on Twitter ‏ @cadernid

Engaging Security

  I am a big believer in empirical evidence and I’d like to share a recent hunting experience I had on an engineering shadow system (a system deployed at a customer site, but used for engineering field test).  In my recent blog post, ‘Investigation at […]

Read more

The Science Behind DDoS Extortion

‘Pay up or we’ll take your Web site down’, so goes the adage that usually accompanies ransom-based cyber-attacks. At the top of the news feed on a regular basis, we witness well-known names such as Feedly and Evernote falling victim to extortion-based DDoS attacks. But […]

Read more

DDoS Attacks, The Necessity of Multi-Layered Defense


DDoS attacks are larger than ever.  Our 9th annual Worldwide Infrastructure Security Report illustrates this point very clearly with the largest reported DDoS attack in 2013 clocking in at 309 Gbps.  ATLAS data corroborates the report, with 8x the number of attacks over 20Gb/sec monitored in 2013 (as compared to 2012).  And, 2014 is already shaping up to be a big year for attacks with a widely reported NTP reflection attack of 300Gbps+, and multiple attacks over 100Gbps, in early February.

Read more

Q3 findings from ATLAS

It’s that time again – our quarterly data pull from ATLAS to glean new insight into DDoS attack trends and how they stack up for the year to date. 

You can dig into all the data yourself if you download the presentation on Slideshare, or read a full summary in our press release.

Here, I’m sharing a few of the more interesting findings from my own perspective.

Read more

Q1 Key Findings from ATLAS

**Updated on 4/26 with infographic**

Q1 2013 saw the previous record for the largest reported DDoS attack, around 100Gbps, shattered by the 300Gb/sec DNS reflection / amplification attack which targeted Spamhaus. Attackers have had the technical capability to generate attacks of this magnitude for some time, and now this has been demonstrated. The attack vector used in this case was not new, DNS reflection / amplification has been used to generate several of the largest attacks seen on the Internet in recent years. DNS reflection / amplification attacks are actually relatively common, but usually at much lower traffic levels.

Read more

Protecting the cloud from the DDoS threat

Security threats are constantly evolving and for most organizations keeping track of the ever-changing threat landscape is an ongoing challenge. However, this is becoming increasingly important for Internet data center operators as they are increasingly being targeted by all kinds of cyber-threats, with one of the most significant being DDoS (Distributed Denial of Service) attacks.

DDoS attacks have grown in size, complexity and frequency over the past decade and many organizations are now being targeted. It’s not just high-profile, politically-connected organizations that are at risk. Any enterprise which uses the Internet to sell products, offer services or to access cloud based data and applications – which applies to almost any sector and size of business – can become a target, because of who they are, what business they do, who they partner with or for any other real or perceived affiliation. The range of motivations behind DDoS attacks has broadened considerably – ideological hacktivism, extortion, disguise of other cyber-crime, vandalism, competitive weapon etc., –  and a broader range of motivations means increased risk to many businesses.

Read more