Parachutes, Brakes, and Adaptive DDoS Defenses Must Work Well When Needed
When do you settle for less than 100 percent reliability when it comes to products or solutions? Answer: When the risk of the failure is not fatal, catastrophic, or extremely painful.
So, when your garden hose kinks, your umbrella fails to open, or your fancy pen does not work, you might grunt, sigh, or curse, but the net result is an inconvenience. On the other hand, a parachute or the brakes on your car need to work when they are supposed to—and work how they are supposed to—every time, or the result is very bad. The same is true for adaptive DDoS defenses. You need the best possible distributed denial-of-service (DDoS) protection to guard against the DDoS attacks that will be coming your way. Having your DDoS defenses work most of the time, occasionally, or not at all makes for an exciting board meeting when the chief information security officer (CISO) must share those facts.
Change and Adapt or Suffer the Consequences
Organizations need to constantly refine their cyberdefense strategies and make sure they can stop attacks nearly every time. They need to use the most up-to-date global threat intelligence and utilize proven best practices to prevent constantly evolving cyberthreats from impacting their systems, devices, and people. NETSCOUT executives Scott Iekel-Johnson, AVP, Product Management, and Tom Bienkowski, Senior Director, Security Product Marketing, discuss what’s necessary for doing exactly that in “Defeating Adaptive DDoS Attacks in Superhero Fashion,” part of our Problem Solvers Series.
Iekel-Johnson and Bienkowski shine a light on recent DDoS attack trends and recommend best practices that should be deployed in your environments. They discuss why using a best-in-class on-premises stateless solution that automatically detects and intelligently mitigates DDoS attacks and other cyberthreats is essential. And they thoroughly explain why deploying intelligently automated hybrid DDoS protection that combines on-premises and cloud working in concert provides the best possible protection, reduces opex, and even provides the lowest total cost of ownership.
Threat Landscape Is Changing
NETSCOUT sees approximately half of all internet traffic, which Bienkowski notes is unheard of in the industry and nearly impossible for anyone else to do. We saw more than 13 million DDoS attacks last year, as reported in the most recent NETSCOUT DDoS Threat Intelligence Report—the largest attack approaching a terabit per second and the longest attack lasting almost a week. However, Bienkowski points out, 90 percent of all DDoS attacks were under 10 gigabits per second, and 85 percent of all DDoS attacks lasted fewer than 30 minutes. With those types of application-layer and state-exhaustion attacks, he warns, if you don’t have automated detection in place, it’s too late.
In addition, there has been a larger emphasis on DDoS botnets launching direct-path attacks to select whatever traffic they want so they can rapidly shift the attack in real time, reports Iekel-Johnson. He notes that the DDoS threat surface looks very different than the threat surface for malware and hacker intrusions into systems. And, he knows firsthand that CISOs are very worried about the rapidly expanding threat surface.
Iekel-Johnson posits that thwarting the smaller attacks often is the most important layer of protection, because although you may not be set up to see smaller DDoS attacks, this does not mean they are not happening—it means you don’t know they’re happening and may be causing outages and damage. Unfortunately, out of sight may mean out of mind, and in the case of adaptive DDoS attacks, it means you are blind to the occurrence.
NETSCOUT Arbor Edge Defense can handle ten times the number of threat indicators that a next-generation firewall can handle, says Iekel-Johnson, and keeps the bulk of malicious traffic from getting in at all—which enables other parts of the security stack to do what it is really designed to do well—and it provides both the first and last line of defense for on-premises protection. The net result is that NETSCOUT can provide a more agile dynamic response.
So don’t settle on your adaptive DDoS defense solution. Make sure you know it will work as advertised when it is needed for all the types of attacks coming your way. Oh, and don’t forget to double-check that parachute before your solo jump and to have your brakes routinely inspected.
Join NETSCOUT AVP for Product Management Scott Iekel-Johnson and Senior Director for Security Product Marketing Tom Bienkowski as they discuss what’s needed to ensure your DDoS defenses work the way they are supposed to work in “Defeating Adaptive DDoS Attacks in Superhero Fashion,” part of our Problem Solvers Series.