On Friday of last week, malware known as Mirai attacked and disrupted major internet sites in the United States. The DDOS attack, which flooded sites with an overwhelming amount of internet traffic, slowed and stopped access for many services, came about as a result of a IoT devices having poorly secured default passwords that were easy to guess, making it simple for attackers to crack their logins and incorporate them into Mirai botnets.
This attack is yet another in a long line of DDoS attacks that have now reached the level of “unavoidable fact” for the day-to-day of digital business and operators. There is every reason to believe that DDoS attacks will do nothing other than grow in frequency and size for the foreseeable future.
It’s getting to be so common, in fact, that the DDoS attack community is industrialising. You can now buy a DDoS attack online for as little as five pounds, and bring it to bear on a business competitor. While most of those types of attacks are not of the massive variety, the frequency at which they are showing up is alarming, and they can still have clear and direct impact on customer experience, service quality, and digital business availability. While the small attacks are numerous and annoying, the larger scale attacks are much more significant. Last month, an American journalist and investigative reporter Brian Krebs’ website was targeted with a massive Internet of Things (IoT) botnet attack that saw rates exceeding 600 Gbps. The journalist was targeted because he investigated some bad actors who were running a DDoS-for-hire operation. This scale of threat vastly exceeds most enterprise Internet connections, leaving the only practical mitigation choices exclusively in the realm of service providers.
As an industry, the tech sector needs to take this challenge very seriously. The techniques and technologies for countering an expanding DDoS attack landscape are pretty well known, but there are some real technical challenges at hand. CloudFlare’s Marek Majkowski delivered a great presentation on this at the September 2016 Strange Loop conference and there’s no disputing that we are in an arms race. As attackers’ capacity and sophistication continues to increase, so must the means for detection and mitigation. New strategies must be embraced and technologies employed at multiple levels. Detection needs to be fast and accurate, with absolute minimal false positives and false negatives. Local mitigation appliances need to be powerful and cost effective for handling smaller attacks, coupled with serious horsepower for cloud-based solutions to handle the really large ones. And most important of all, complete DDoS protection requires flexibility to rapidly identify and adapt to changing attack patterns and new exploits, as they arise.
Kentik who provide visible solution to accurately recognise DDoS attacks as part of the broader network and security operations intelligence solution, delivered their platform for network traffic and performance monitoring in the form of Kentik Detect. The capabilities are broad, spanning NetOps, SecOps, and NetEng use cases, and include highly accurate DDoS detection. This unique big data-based SaaS solution keeps all raw flow data for 90 days, allowing a complete forensic data set on hand at all times. Kentik works with A10 Networks to close the loop on the mitigation half of the end-to-end DDoS protection story. DDoS detection alerting within Kentik Detect can be configured to directly signal Thunder TPS appliances regarding attack details, so remediation can begin without delay. While not required, this opens the door to full automation when dealing with well-known, limited scale attacks, so that valuable time and energy of network and security pros can be focused on handling the more difficult events. The takeaway here is that you need real firepower to deal with the real and growing threat of DDoS. You need scalable and flexible mitigation options, coupled with accurate and flexible detection. And the good news is today’s cutting edge tools vendors are there to help.