AVENGERS: THE INFINITY WAR IN THE AGE OF DDOS ATTACKS
Yes, we get it. Distributed Denial of Service (DDoS)
attacks is a dry, technical topic. It is not sexy. The terminologies –
application layer, multi-vector attacks, deep packet inspection – are complex.
Plus, the endless list of acronyms – DDoS, FPGA, SSL/TLS – can be intimidating.
attacks is a dry, technical topic. It is not sexy. The terminologies –
application layer, multi-vector attacks, deep packet inspection – are complex.
Plus, the endless list of acronyms – DDoS, FPGA, SSL/TLS – can be intimidating.
Yet, we see these
headlines in the media every other week – “Deloitte
hit by cyber attack revealing client’s secret emails”, “Equifax CEO Richard
Smith resigns after uproar over massive hack”, “Cyber attack costs could hit
$300 million for shipping giant Maersk”, “Teenage hacker jailed for
masterminding attacks on Sony and Microsoft”…
headlines in the media every other week – “Deloitte
hit by cyber attack revealing client’s secret emails”, “Equifax CEO Richard
Smith resigns after uproar over massive hack”, “Cyber attack costs could hit
$300 million for shipping giant Maersk”, “Teenage hacker jailed for
masterminding attacks on Sony and Microsoft”…
NOW is the right time to learn about DDoS attacks – is it
not?
not?
If DDoS attacks were villains…
If you are starting to feel a little apprehensive about the
amount of technical know-hows that you need to keep up with, fret not! Here’s a
simple analogy to help you understand today’s evolving DDoS attacks.
amount of technical know-hows that you need to keep up with, fret not! Here’s a
simple analogy to help you understand today’s evolving DDoS attacks.
Think Avengers.
Infinity stones are coveted objects, stored in highly
secured vaults. Loki attempts to steal them. He leads an army, and they charge towards
the target in a single direction. Using brute strength, sheer force, and
volume, Loki and his army tries to break the Avengers’ line of defense, which
is made up mainly of the Hulk, Captain America and Thor who rely on muscle and
strength.
secured vaults. Loki attempts to steal them. He leads an army, and they charge towards
the target in a single direction. Using brute strength, sheer force, and
volume, Loki and his army tries to break the Avengers’ line of defense, which
is made up mainly of the Hulk, Captain America and Thor who rely on muscle and
strength.
The army’s behavior is similar to the traditional
single-vector DDoS attacks.
single-vector DDoS attacks.
Just like how the Hulk can defeat the army, a firewall can
defend against this traditional DDoS attacks.
defend against this traditional DDoS attacks.
As such, Loki carves out a new strategy. Again, he leads an
army, but this time, he invades from all directions. The Avengers are darting
everywhere to contain the chaos, but Loki and the army constantly change their
strategy – using both brute strength and psychological manipulation – to
outsmart the Avengers. Alas, the Avengers do not have Iron Man or Black Widow
who fight not only with brawn but with brains as well in their line-up. So, amidst this disorder and confusion, Loki
and the army notice that the security at the vault’s backdoor is weak and
unguarded. They immediately switch tactics and attack via the defenseless
backdoor. As a result, they successfully obtain the Infinity stones.
army, but this time, he invades from all directions. The Avengers are darting
everywhere to contain the chaos, but Loki and the army constantly change their
strategy – using both brute strength and psychological manipulation – to
outsmart the Avengers. Alas, the Avengers do not have Iron Man or Black Widow
who fight not only with brawn but with brains as well in their line-up. So, amidst this disorder and confusion, Loki
and the army notice that the security at the vault’s backdoor is weak and
unguarded. They immediately switch tactics and attack via the defenseless
backdoor. As a result, they successfully obtain the Infinity stones.
This scenario simulates how DDoS attacks behave today.
Now, what if the Infinity stones are your internal and
external stakeholders’ personal data, financial records, or expensive research
instead? What if losing the Infinity stones means crippling your business’ critical
online services, messing up your financial transactions, or immobilizing your
online portals?
external stakeholders’ personal data, financial records, or expensive research
instead? What if losing the Infinity stones means crippling your business’ critical
online services, messing up your financial transactions, or immobilizing your
online portals?
DDoS attacks are increasing in size, and sophistication.
They use a plethora of diversionary tactics to confuse IT teams, while a “lo-ki”
intruder infiltrates the system to steal precious data. This is what we call
“multi-vector DDoS attacks” today.
They use a plethora of diversionary tactics to confuse IT teams, while a “lo-ki”
intruder infiltrates the system to steal precious data. This is what we call
“multi-vector DDoS attacks” today.
According to a recent IDG Connect report commissioned by
A10 Networks, enterprises experiencing between six and 25 attacks per year has
ballooned by more than four times since 2015.
A10 Networks, enterprises experiencing between six and 25 attacks per year has
ballooned by more than four times since 2015.
Why are DDoS attacks happening?
Cybercriminals have an agenda
In the past, DDoS attacks were typically launched by
parties looking to create mischief. Today, cyber criminals are in it for
various reasons. It could be for monetary gains. Hackers can threaten
organizations to pay ransom to retrieve their data, or sell the stolen data in
the dark web.
parties looking to create mischief. Today, cyber criminals are in it for
various reasons. It could be for monetary gains. Hackers can threaten
organizations to pay ransom to retrieve their data, or sell the stolen data in
the dark web.
Sometimes, these hackers are also paid to carry out cyber
attacks. According to the Cyber Security Agency of Singapore, an unnamed public
organization was hit by an advanced persistent threat in 2016. Investigators
found that the attacks were carried out by a group of state-sponsored
attackers.
attacks. According to the Cyber Security Agency of Singapore, an unnamed public
organization was hit by an advanced persistent threat in 2016. Investigators
found that the attacks were carried out by a group of state-sponsored
attackers.
Today, cyber criminals also use DDoS attacks as a tool of
protest. Government agencies, and organizations have had their websites
shutdown by anonymous hackers wanting to prove a point.
protest. Government agencies, and organizations have had their websites
shutdown by anonymous hackers wanting to prove a point.
Human errors are a cause of cyber attacks too
Human errors can result in cyber attacks too. According to
A10 Networks’ Application Intelligence Report, more than half (55%) of the
respondents in Asia believe that application or data security is not their
responsibility. They expect to be protected by either their company or
third-party app developers instead. This makes Asian the biggest risk takers,
leading to careless behavior.
A10 Networks’ Application Intelligence Report, more than half (55%) of the
respondents in Asia believe that application or data security is not their
responsibility. They expect to be protected by either their company or
third-party app developers instead. This makes Asian the biggest risk takers,
leading to careless behavior.
Globally, almost half (48%) of IT leaders agree or strongly
agree that their employees do not care about following security practices.
agree that their employees do not care about following security practices.
Gaps in conventional security infrastructure
Conventional security infrastructures can protect against
volumetric DDoS attacks. However, DDoS threat vectors are continuously evolving,
often leaving gaps in conventional security infrastructures. For instance,
Application-layer DDoS attacks are more stealthy and even more difficult to
defend against because instead of relying on sheer volume to overwhelm network
bandwidth, an application-layer attack targets specific application
vulnerabilities. Unfortunately, many
vulnerabilities that exist in the proprietary code of web applications are
unknown to existing/traditional securitydefense solutions.
volumetric DDoS attacks. However, DDoS threat vectors are continuously evolving,
often leaving gaps in conventional security infrastructures. For instance,
Application-layer DDoS attacks are more stealthy and even more difficult to
defend against because instead of relying on sheer volume to overwhelm network
bandwidth, an application-layer attack targets specific application
vulnerabilities. Unfortunately, many
vulnerabilities that exist in the proprietary code of web applications are
unknown to existing/traditional securitydefense solutions.
Another key shortcoming with today’s business solution is
slow detection and tardy mitigation – imagine if the Avengers prepare for
battle only when Loki and his army are right at the entrance. According to a
global study by Neustar, over 50 percent of enterprises take three hours or more
to detect a DDoS attack on their website in 2016. 48 percent take at least
three hours to respond.
slow detection and tardy mitigation – imagine if the Avengers prepare for
battle only when Loki and his army are right at the entrance. According to a
global study by Neustar, over 50 percent of enterprises take three hours or more
to detect a DDoS attack on their website in 2016. 48 percent take at least
three hours to respond.
As DDoS attacks increase in size and sophistication, there
is an increased need for DDoS solutions that offer both best-in-class, high-performance
DDoS mitigation, and precise DDoS detection.
is an increased need for DDoS solutions that offer both best-in-class, high-performance
DDoS mitigation, and precise DDoS detection.
Avengers of DDoS Protection
To combat against today’s evolving DDoS attacks, A10 is
strengthening its A10 Thunder™
TPS (Threat Protection System) platform with the addition of surgical flow-based
detection – Thunder TPS Detector.
strengthening its A10 Thunder™
TPS (Threat Protection System) platform with the addition of surgical flow-based
detection – Thunder TPS Detector.
Here are a few key features of the Thunder TPS Detector:
• The
Thunder TPS Detector tightly integrates with A10 Thunder TPS Mitigator and A10
aGalaxy TPS management solution to provide automated detection and mitigation
Thunder TPS Detector tightly integrates with A10 Thunder TPS Mitigator and A10
aGalaxy TPS management solution to provide automated detection and mitigation
• The
new solution can manage 500,000 flows per second to swiftly and efficiently
detect attacks which is more than double the industry’s closest competitive
flow-based DDoS detection
new solution can manage 500,000 flows per second to swiftly and efficiently
detect attacks which is more than double the industry’s closest competitive
flow-based DDoS detection
Here’s how it works, and benefit enterprises:
• TPS
Detector analyzes traffic to detect an attack
Detector analyzes traffic to detect an attack
• Once
an attack is detected, it triggers the Thunder TPS Mitigator to make the
appropriate response
an attack is detected, it triggers the Thunder TPS Mitigator to make the
appropriate response
• Thunder
TPS assesses and understands the severity of a DDoS attack, and then auto
escalate suspect traffic through progressively tougher countermeasures.
TPS assesses and understands the severity of a DDoS attack, and then auto
escalate suspect traffic through progressively tougher countermeasures.
• Countermeasures
are run automatically to mitigate DDoS attacks before they spread and wreak
havoc
are run automatically to mitigate DDoS attacks before they spread and wreak
havoc
•
Multi-protocol counters and behavioral profiling
are used to map out peacetime network conditions. This baseline is then
intelligently applied for precise detection of anomalies across the traffic
spectrum.
Multi-protocol counters and behavioral profiling
are used to map out peacetime network conditions. This baseline is then
intelligently applied for precise detection of anomalies across the traffic
spectrum.
• Deep
traffic visibility and profiling also distinguishes legitimate users from
attacking botnets and complex application-layer attacks.
traffic visibility and profiling also distinguishes legitimate users from
attacking botnets and complex application-layer attacks.
• It
is DDoS defense at scale, thus protecting businesses from today’s aggressive
and persistent DDoS attacks
is DDoS defense at scale, thus protecting businesses from today’s aggressive
and persistent DDoS attacks
Remember, in the age of DDoS attacks, the strength of a
Hulk will not suffice. Businesses need a solution that combines the
intelligence of Iron Man, sharpness of Hawk Eye, swiftness of Quicksilver, and
the mind-manipulation expertise of Black Widow.
Hulk will not suffice. Businesses need a solution that combines the
intelligence of Iron Man, sharpness of Hawk Eye, swiftness of Quicksilver, and
the mind-manipulation expertise of Black Widow.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!