Upload File

data analytics and ddos mitigation: lessons learned

  • Home
  • Documents
  • Data Analytics and DDoS Mitigation: Lessons Learned
2
1 Data Analytics and DDoS Mitigation: Lessons Learned In the cyber security industry, IT is driving the use of data analytics to gain real‐time insight into trends, attacker behaviors and specific cyber security events. Real‐time data analysis can be a powerful tool to help Internet‐facing organizations build a stronger cyber security strategy. Defending against DDoS attacks is a real‐time challenge for DDoS mitigation service providers. Hundreds of millions of data points in multiple streams pour into a DDoS mitigation platform in real time during an attack. A DDoS mitigation provider must quickly make sense of this deluge of data and make precise decisions as to which data/traffic to allow and which to block. The Prolexic approach to DDoS data analytics Merely summarizing numerical data will not show if network traffic anomalies are malicious or not. Prolexic uses data analytics to draw informed conclusions and answer questions such as: Is a site under DDoS attack or is this another kind of network anomaly, such as a flash crowd? If under attack, what type of DDoS threat is this and which part of the customer’s infrastructure could be most affected? Where are the attacks coming from? Have we encountered these attackers before? What are the attack signatures? Have we seen them before? Are they changing? Figure 1: Prolexic leverages a wide variety of metrics and models to provide meaningful DDoS insight.

Upload: david-collins

Post on 07-Mar-2016

214 views

Category:

Documents


2 download

Report

DESCRIPTION

During a DoS or DDoS denial of service attack, Prolexic gathers hundreds of millions of data points from DDoS mitigation sensors. In this audio Prolexic shares what it has learned about using DDoS analytics to stop DDoS attacks.

TRANSCRIPT

Page 1: Data Analytics and DDoS Mitigation: Lessons Learned

1

DataAnalyticsandDDoSMitigation:LessonsLearned

Inthecybersecurityindustry,ITisdrivingtheuseofdataanalyticstogainreal‐timeinsightintotrends,attackerbehaviorsandspecificcybersecurityevents.Real‐timedataanalysiscanbeapowerfultooltohelpInternet‐facingorganizationsbuildastrongercybersecuritystrategy.

DefendingagainstDDoSattacksisareal‐timechallengeforDDoSmitigationserviceproviders.HundredsofmillionsofdatapointsinmultiplestreamspourintoaDDoSmitigationplatforminrealtimeduringanattack.ADDoSmitigationprovidermustquicklymakesenseofthisdelugeofdataandmakeprecisedecisionsastowhichdata/traffictoallowandwhichtoblock.

TheProlexicapproachtoDDoSdataanalyticsMerelysummarizingnumericaldatawillnotshowifnetworktrafficanomaliesaremaliciousornot.Prolexicusesdataanalyticstodrawinformedconclusionsandanswerquestionssuchas:

IsasiteunderDDoSattackoristhisanotherkindofnetworkanomaly,suchasaflashcrowd?

Ifunderattack,whattypeofDDoSthreatisthisandwhichpartofthecustomer’sinfrastructurecouldbemostaffected?

Wherearetheattackscomingfrom?Haveweencounteredtheseattackersbefore? Whataretheattacksignatures?Haveweseenthembefore?Aretheychanging?

Figure1:ProlexicleveragesawidevarietyofmetricsandmodelstoprovidemeaningfulDDoSinsight.

Page 2: Data Analytics and DDoS Mitigation: Lessons Learned

2

OurdataanalyticssystemProlexicacquiresbillionsofDDoSattackmetricsfromsensorsmonthly.Eachsensorsamplestensofthousandsofmetricseveryminuteandmaycapture30to40metricsforeachnetworkobjectorapplication.Somecustomershaveasmanyas30,000networkmetrics.OursystemdistillsthedataforourDDoSmitigationexpertstoanalyzeandactupon.Bycorrelatingthemetricsandshowingtheirrelationships,Prolexic’smitigationexpertscansearchonthedatainrealtimeandextractintelligencetohelpthemmakethebestandfastestdecisionsonhowtomitigatetheattack.

Whatwe’velearnedThreeofthelessonswehavelearnedare:

UsingdataanalyticsforDDoSmitigationrequiresalargecapitalinvestmentandamulti‐yearefforttobuildasystemthatcantakemyriadsourcesofinformationandpresentitinawaythatsupportsrapiddecisionmaking.

Automaticdecision‐makingalgorithmsarepronetofalsepositives.Soasgoodastoday’sanalyticssystemsare,forDDoSattacks,theycannotreplaceanexperiencedlivemitigationengineer.

Batch‐orientedanalyticssystems,suchasHadoop,havelatencythresholdsthataretooslowtosupportthereal‐timerequirementsofProlexic’scyber‐attackmitigationtimeframe.

GetthewhitepaperDataAnalyticsandDDoSMitigation:LessonsLearnedathttp://www.prolexic.com/ddosanalyticsformoredetailsandconclusions,including:

ThethreeimportantquestionstoaskofyourDDoSdata Theproblemoffalsepositives Thelatencychallengesofbatch‐orientedanalytics ThegapbetweenthecapabilitiesofautomatedsystemsandliveDDoSattackers HowProlexicmanagesthebigdataassociatedwithDDoSattacks Morelessonslearned

AboutProlexic

ProlexicTechnologiesistheworld’slargestandmosttrustedproviderofDDoSprotectionandmitigationservices.Learnmoreatwww.prolexic.com.

AboutPLXsert

ProlexicSecurityandEngineeringResponseTeam(PLXsert)monitorstheglobalmaliciouscyberthreatsandactivelyanalyzesDDoSattacksusingproprietarytechniquesandequipment.

http://www.prolexic.com/knowledge-center-white-paper-data-analytics-ddos-mitigation/np.html
http://www.prolexic.com/knowledge-center-white-paper-data-analytics-ddos-mitigation/np.html
http://www.prolexic.com

SNMP Reflected Amplification DDoS Attack Mitigation

Internet2 DDoS Mitigation Update · 2017-05-03 · Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, ... – Baylor.edu hit by DDoS attack in May

Multi-Layer DDoS Mitigation Strategies

Anomaly Detection and Mitigation. Outline DoS and DDoS Anomaly Detection and Mitigation Systems Cisco DDoS Anomaly Detection and Mitigation Solutions

DaaS : DDoS Mitigation-as-a-Service

Scalable DDoS mitigation · •Scalable DDoS Mitigation –BGP FlowSpec •Cloud DDoS Protection –F5 Silverline. DDoS Overview • Distributed denial-of‐service (DDoS) attacks

D3TLV17- Advanced DDoS Mitigation Techniques

DDOS MITIGATION - 2016.vnix-nog.vn · DDoS Mitigation Techniques Detection Detects bandwidth-related traffic anomalies Distributed Denial of Service (DDoS) attacks Volumetric DoS

Traffic Diversion Techniques for DDoS Mitigation

Service Provider Deployment of DDoS Mitigation

Ddos and mitigation methods.pptx

Radware DoS / DDoS Attack Mitigation System

Multi-Layer DDoS Mitigation Strategies - SYS-CON Mediares.cdn.sys-con.com/session/3207/Sagi_Brody.pdf · Multi-Layer DDoS Mitigation Strategies Application ... unintentionally launches

DDOS –Global threats and mitigation

DDoS Mitigation at CloudFlare - RIPE SEE4 Belgrade Serbia... · DDoS Mitigation at CloudFlare Martin J. Levy ... Same IP prefixes ... CloudFlare DDoS Mitigation - Martin J Levy 18

2017 Global DDoS Mitigation Products Market Leadership Award · Market Leadership Award GLOBAL DDOS MITIGATION PRODUCTS MARKET LEADERSHIP AWARD ... Arbor TMS is the DDoS mitigation

DDos Prevention and Mitigation

Prevention, Protection and Mitigation of DDoS Attacks

DDoS Attacks & Mitigation

Data Analytics and DDoS Mitigation: Lessons Learned

Meeting Towards Collaboration for DDoS Attack Mitigation

DDoS Attacks : Preparation Detection Mitigation

Universal DDoS Mitigation Bypass - Black Hat Briefings · DDoS Mitigation Lab Independent academic R&D division of Nexusguard building next generation DDoS mitigation knowledge and

DDoS Monitoring/Mitigation

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

DDoS Mitigation Strategies: The Automation Factor · DDoS Mitigation Strategies: The Automation Factor. ... implementing artificial intelligence ( AI)-based security technologies

DDoS Mitigation - DefensePro - RADWARE

Lecture 29: Bots, Botnets, DDoS Attacks, and DDoS Attack ...Delivery Networks (CDN) for DDoS Attack Mitigation 29.7.2 DDoS Attack Mitigation with Manual 65 Reconfiguration of BGP

DDoS MITIGATION BEST PRACTICES - Electric Lightwave › wp-content › uploads › 2016 › ... · 2 | DDoS MITIGATION BEST PRACTICES The DDoS landscape continues to change considerably

Level 3 DDoS Mitigation

DDoS Attack Mitigation Guide FortiDDoS

FastNetMon - ENOG9 speech about DDoS mitigation

Uncover the Burgeoning Market for DDoS Mitigation

DDoS Mitigation Support on CGSE - Cisco...DDoS Mitigation Support on CGSE Distributeddenial-of-service(DDoS)attackstargetnetworkinfrastructuresorcomputerservicesresources

Cisco DDoS Mitigation Service Provider Solutions...Cisco DDoS Mitigation Service Provider Solutions DDoS Protection Cisco Service Modules (cont.) •Guard/Detector MVP-OS Release 4.0