Nine Tips for Agile DDoS Protection

 
 
By Karen A. Frenkel  |  Posted 07-19-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Nine Tips for Agile DDoS Protection
    Next

    Nine Tips for Agile DDoS Protection

    DDoS attacks are increasing and evolving, so CIOs should take intelligence-driven approaches to combat them using these tips to protect their networks.
  • Previous
    Understand Your Digital Supply Chain
    Next

    Understand Your Digital Supply Chain

    Ask yourself: Are you dependent on IaaS/PaaS for application development and deployment? Is your marketing and sales software built on a SaaS-based technology stack? How many web APIs are embedded in your critical applications? Then map out your Internet-traffic dependencies.
  • Previous
    Don't forget about DNS
    Next

    Don't forget about DNS

    One of the quickest ways a DDoS attacker can knock you offline is to disrupt DNS. Keep a close eye on DNS traffic activity for unusual changes, and make sure your DNS provider is both resilient and prepared.
  • Previous
    Grant Your Detection Its Independence
    Next

    Grant Your Detection Its Independence

    Detection that is independent from mitigation technology ensures that your teams always maintain visibility. Otherwise, when you start dropping attack traffic, you also start losing real-time insight.
  • Previous
    Praise for Independent Detection
    Next

    Praise for Independent Detection

    Independent detection can also ensure that you're not overly dependent on one technique or vendor for your entire DDoS defense strategy.
  • Previous
    Diversify Your Mitigation
    Next

    Diversify Your Mitigation

    A unified detection approach enables you to use multiple mitigation techniques, which can vary from simple and inexpensive to sophisticated and costly. Choose according to the type and scale of attack. Try Remote Triggered Black Hole (RTBH), Flowspec and on-premises or public cloud-based commercial mitigation products and services.
  • Previous
    Deal With Big Data Reality
    Next

    Deal With Big Data Reality

    Network data is big data, so you must have visibility that scales. Networks can generate millions to billions of network traffic flow records daily.
  • Previous
    Traffic Flow
    Next

    Traffic Flow

    DDoS attacks generate far higher than average unique traffic flows. This means the network traffic flow records upon which detection products rely can spike to huge numbers. If your detection technology can't handle that rate, then you will lose visibility and accuracy.
  • Previous
    Think Hybrid Cloud
    Next

    Think Hybrid Cloud

    Gone are the days when traffic scrubbing can only be done in expensive appliances. Many digital businesses take a hybrid cloud approach with both on-premises and cloud services, especially to deal with attacks that exceed total direct Internet connection capacity.
  • Previous
    Don't Neglect Inter-Connectivity
    Next

    Don't Neglect Inter-Connectivity

    Most DDoS attacks come in at under 20G bps. With 10G bps transit links costing less than $3K per month, it makes sense to invest in more inter-connectivity for your DDoS protection portfolio to more easily weather garden variety attacks.
 

DDoS is a disruption that plagues digital businesses. Unfortunately, it is growing and evolving rapidly. First-generation DDoS detection techniques were limited by scale-up computing models. Now, new, scale-out, big data technologies are providing nearly limitless capacity to handle modern networks. As a result, "Savvy NetOps and SecOps teams are taking a less static and more adaptive stance by moving past fixed, perimeter defenses to a more intelligence-driven approach," says Jim Frey, Vice President Product Management of network intelligence provider Kentik Technologies. He suggests that CIOs assess the top-line risk of DDoS attacks by asking themselves questions like: Are your revenue, brand, user experience or critical growth initiatives dependent on Internet traffic? Are you launching a new e-commerce site, mobile app or VoIP or chat-based communications for customer service? How big a percentage of your business will Internet traffic touch? Here are Frey's tips and questions to ask yourself while building agile DDoS protection.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...