UPDATED 16:08 EDT / DECEMBER 24 2013

NEWS

NSFOCUS anticipates a big year for DDoS threats in 2014

As we look at the year ahead, predictions on cyber security are coming forward from throughout the industry.  Today’s prediction series comes from cyber security expert Vann Abernethy of NSFOCUS, an anti-DDoS firm.  Abernethy focuses on one of the most painful attacks in the industry, DDoS attack.  He addresses the various attack methods, businesses’ security weaknesses and how the proper technology can ensure networks are secure.

DDoS is one big threat for 2014 and here’s what NSFOCUS is doing about it.  NSFOCUS answers the call with a multi-level approach featuring a web app firewall, hardware, services,  app security, network and web security.  The reason why is that when it comes to DDoS, it’s not just one type of attack. TCP/SYN flood attack make up just a couple of types.  DDoS attacks can actually be targeted at different layers, such as the app layer.  When it hits the app layer, that’s when the attacks consumer server resources or overload apps on the server.  Often times the answer is actually a stout DDoS offense.   

NSFOCUS has the ability to report on the type of attacks where it looks like the developer of the application actually wrote the attack.  This can be something that is rather devastating as it is directed at the core of the application.  To counter that you actually have to have someone who looks at the attacks as they are happening and essentially write code to answer this on the fly.  NSFOCUS stands up an active DDOS defense system through their own security operations center called Managed Security Service (MSS).  If for example a tier 2 hosting provider is actively being attacked at the app layer and they start getting reports of their customers going down, they can call the expert MSS team who will actually look at that attack in real time and immediately mitigate the situation.   

DDoS attacks will rise

 

DDoS attacks are pretty well known and have been around since the early 2000s, but it has evolved in a lot of ways.  Many targeted attacks can be found in specific verticals such as ecommerce and banking, but no one is immune from the threat.  The attacks themselves are increasingly easy to do.  Cybercriminals have figured out how easy they are to execute and how weak many systems actually are out in the wild.  Organizations can manage to cruise through without DDoS-specific technology by using proper security strategies in apps and throughout their environments, however many don’t even do these rudimentary steps.  In the last couple of years, the rampup in BYOD and mobile applications ahve changed the landscape and worked their way into the normal workflow of businesses.  The industry used to call this integration, but it’s way more complicated than that.  Today there’s all kinds of systems and applications talking to each other that never did so before.  Add to that the additional elements like big data, cloud and identity to all this and it becomes clear that as a security defender simply building your basic walls and calling it a day is just not going to cut it.   

Things like malware can easily creep into environment from any number of vectors like apps, apps that have vulnerabilities, cross-site forgeries, SQL injections – all avenues of exploitation.  Traditional security is changing before our very eyes.  The NSFOCUS take on modern security operate across all these technologies, taking a look at every level, every payload, at how things are inter-relating, access and define security around that.  

Abernethy adds:

When I talk to people about security, it’s clear that point defenses are more important than ever before.  It’s important to witness how to use them based on new points of ingress coming in from all overnow.  Today, those lines have blurred, so having a product that claims to do everything to mitigate DDoS – it’s impossible to do and certainly not with current technology.  Technologies like IPS require lots of fine tuning and that’s where you need to be on the active defending side if you want to prevent stuff in real time. You don’t want to watch horses leave the barn.  NSFOCUS has a bigger approach in big edge defense.  That means all the things that are coming in and out, interrelation knowledge, identifying with algorthms and tricks to pick these issues up ASAP, notifying administrators or even sending upstream to Black Lotus which is one of our partners.

We’re big proponents of layered security. We recently announced a partnership with Black Lotus that gives this service provider an additional safety net for DDoS mitigation. NSFOCUS offers an on-premise device – think of it as a speed bump that absorbs the initial attack, giving our customers an opportunity to identify attacks quickly and then block them. The first thirty minutes is all about how to survive, the next layer up is at the service provider level. Then we have the massive scrubbing centers, which are operated by Black Lotus with additional support services from NSFOCUS, so that a massive attack can be sustained until the issues are resolved. True cleaning services mean that routing has to be done in the cloud. That’s a big difference because most services have a lag that forces service providers to provide continuous monitoring at a premium.”

Abernethy also mentions that analytic security is a significant industry breakthrough, but notes how high of a bar it sets.  That’s because many companies are getting close to this, but as a security practice it can’t be a primary defense.  The secure enterprise still needs gateways, tools, cleaning, all these things need in addition to analytic security to come together to provide a picture.  Unified dashboards from analytics are breaking down security-IT personnel silos in many places.  That’s important because such a big portion of DDoS attacks are actually smokescreens that divert attention away from attempts to extract data elsewhere in the enterprise.  Thus the need to split teams, execute DDoS mitigation and retain the possibility that something else is going on in the environment.  That means integrated review of ITS systems, packet captures, traffic port information, finding out if anything else is out of the norm during or close to the attack.   That’s where analytic security becomes an important and powerful tool in a secure enterprise.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU