With the ongoing work to shut-down or neutralise botnets, a cyber-arms race has started with hacktivists and other cyber criminals constantly searching for new ways in which to amplify attacks. As a result, DDoS attacks are becoming increasingly common.
As the lines between the professional and social use of technology continue to blur, it is vital that we start to really recognise the significance of these attacks, how likely they are and how damaging they can be.
We have seen in recent news that PSN and other large organisations have been targeted in attacks and now it is more important than ever for organisations to wise up and not tempt DDoS attacks. PSN and similar services have huge customer bases and, due to their global nature, have a need to be available 24/7. This makes them very appealing targets for entities looking to create highly visible disruption or to steal large numbers of customer details.
Its an unfortunate fact that the DDoS threat has never been greater and is likely to continue to grow. As ever, the best protection is to be prepared for whatever will get thrown at you and DDoS mitigation should be part of your preparation. The challenge for organisations such as PSN and for any other large enterprise is twofold:
- How to defend against ever evolving threats
- How to do so effectively
Typically, enterprise organisations use a multi-layered approach to defence comprising of cloud based mitigation to help with volumetric attacks and on-premise mitigation to protect their network perimeter using technologies such as firewalls and intrusion prevention systems. This would be considered best practice.
The second challenge is how to defend effectively. The issue is companies typically have multiple autonomous systems in place, with limited integration and some key functional limitations at each layer. Cloud based solutions, for example, cannot process encrypted traffic unless the enterprise is willing to give the cloud provider access to their private certificate keys (which most are not), hence this traffic gets passed through.
Therefore if an attack is encrypted it is already past the first layer of defence. Most on-premise firewalls have the same limitation: encrypted traffic is allowed through because the firewall typically does not have the capability to inspect the traffic at an application level and so the attack traffic breaches the on-premise protections too.
Finally when we add volume to these attacks and blended attacks – multiple different attacks types at once – to the picture it’s easy to see how enterprises struggle to cope.
So whats the answer Contextually-aware defence. In other words, defences that are aware of your applications, how they function and have visibility into the traffic going to and from them including that which is encrypted. Ideally this awareness will span both the cloud and on-premise components, giving better integration and the best possible chance of mitigating attacks before they start impacting service.
Paul Dignan, Global Technical Account Manager, F5 Networks.