Preventing DDoS: What to Look for in a Security Solution
Distributed Denial of Service (DDoS) attacks are on the rise, and they’re only getting stronger. This was driven home by The New York Times report on how anti-spam organization Spamhaus fell prey to one of the largest DDoS attacks in history. More details after the jump.
Few can forget the targeted DDoS assaults on global financial institutions JP Morgan Chase, Wells Fargo and Bank of America, Regions Bank and American Express - attacks that crippled the businesses for hours and cost millions in lost business, remediation and damage control.
This doesn’t even count the tens of thousands of DDoS attacks that fail to make the front page. In short: No one is immune. Thanks to new and sophisticated attacking tools DDoS threats are more powerful than ever.
In addition to becoming stronger and more prolific, DDoS attacks are now more intelligent. Many modern application-layer attacks aren’t designed for volume and mass, but for stealth and targeted at underlying application logic. Unlike older DDoS attacks, many are created to focus on specific threat vectors and targets. When totaled, it’s a recipe that enables destructive threats to slip by security infrastructure.
At some point, every organization will be compelled to invest in some form of dedicated DDoS protection, or risk suffering an attack that could throttle their systems and indefinitely shut down business.
What should an organization look for when in the market for a dedicated DDoS security solution? A lot of things.
First, it begins with visibility. You can’t protect what you can’t see. Before anything else, users need a solution that provides a comprehensive window into the entirety of their organization’s IT environment, coupled with capabilities that give IT administrators complete control.
Solutions need to not only identify, but also hone in on evasive attacks and analyze DDoS malware. To that end, solutions needs to contain an adequate notification and alerting mechanism that indicates the nature and severity of a threat and provides remediation options for IT admins.
Once a threat is detected, security administrators need to block and eradicate them. The solution should contain threat mitigation technology to address salient attacks such as APTs, worm outbreaks, DDoS, botnets, and inbound and outbound attacks.
A comprehensive DDoS solution will also need to contain reporting tools and a logging and correlation mechanism. This information gives IT administrators a much clearer picture into the overall threat landscape and security posture of their organization, which can analyze sophisticated malware and link obscure threat data. Also, with the dearth of stringent compliance regulations, robust reporting capabilities are necessary to appease auditors and avoid punitive fines as the result of compliance violations.
Powerful attacks require an even more powerful solution. Users need a DDoS security solution with enough bandwidth to absorb and prevent the attack from taking hold of a network. It also should incorporate bandwidth management features that enable solution providers and IT admins to enforce policies and relegate predefined bandwidth based on the user, group, time of day and other criteria.
Almost every enterprise faces complexity sourced to cloud, virtualization, and on-premises infrastructure in their network. To address complex multi-platform environments, no DDoS solution is complete without the ability to segregate and virtualize network traffic - a feature that enables security admins to separate policies on each segment for multi-tenant environments.
The individual tools add up to a multi-layered approach that can go toe-to-toe with the stealthiest DDoS threats around. While no solution is 100-percent secure when combatting new and sophisticated forms of DDoS malware, a protective layer will increase users chances of getting by unscathed.
Back to top
Top trending post
No comments: