SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper



Similar documents
SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Arbor s Solution for ISP

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

DDoS Overview and Incident Response Guide. July 2014

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

How To Block A Ddos Attack On A Network With A Firewall

Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

TDC s perspective on DDoS threats

SHARE THIS WHITEPAPER

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

A Layperson s Guide To DoS Attacks

VALIDATING DDoS THREAT PROTECTION

Check Point DDoS Protector

Application DDoS Mitigation

DDoS Protection on the Security Gateway

FortiDDos Size isn t everything

Complete Protection against Evolving DDoS Threats

How To Protect Yourself From A Dos/Ddos Attack

DDoS Attack and Its Defense

Stop DDoS Attacks in Minutes

On-Premises DDoS Mitigation for the Enterprise

Acquia Cloud Edge Protect Powered by CloudFlare

Cheap and efficient anti-ddos solution

CloudFlare advanced DDoS protection

Radware s Behavioral Server Cracking Protection

Security Intelligenece: tracking obfuscated and unrecognized attacks Check Point Software Technologies Ltd.

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

First Line of Defense

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

Understanding and Defending Against the Modern DDoS Threat

SANS Top 20 Critical Controls for Effective Cyber Defense

Firewall Firewall August, 2003

Radware s Attack Mitigation Solution On-line Business Protection

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Stop DDoS Attacks in Minutes

How To Stop A Ddos Attack On A Website From Being Successful

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

Automated Mitigation of the Largest and Smartest DDoS Attacks

Enterprise-Grade Security from the Cloud

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Unified Security, ATP and more

Security Toolsets for ISP Defense

Cloud Security In Your Contingency Plans

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Bridging the gap between COTS tool alerting and raw data analysis

End-to-End Application Security from the Cloud

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

Survey on DDoS Attack Detection and Prevention in Cloud

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Distributed Denial of Service protection

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

10 Things Every Web Application Firewall Should Provide Share this ebook

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module

First Line of Defense

The Hillstone and Trend Micro Joint Solution

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

DDoS Protection Technology White Paper

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

NSFOCUS Web Application Firewall White Paper

First Line of Defense to Protect Critical Infrastructure

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

Security Solutions for the New Threads

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Automated Mitigation of the Largest and Smartest DDoS Attacks

An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators

DoS: Attack and Defense

WHITE PAPER Hybrid Approach to DDoS Mitigation

Transcription:

SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4 Reporting System...5 Vendor Expertise...5 Smart Network. Smart Business. 2

Top Selection Criteria for an Anti-DDoS Solution With the recent rise in DDoS attacks many companies claim to provide some form of DDoS protection ; however, there are vast differences between vendors in the technologies they employ and the security protection they provide. When selecting an anti-ddos vendor, ask the following questions to make sure that the vendor you select is right for your business: DDoS Attack Coverage What is the DDoS attack coverage that your vendor provides? Recent DoS attacks reveal that attackers launch more complex attacks that last for a longer duration using multiple attack tools in each attack. Attackers target multiple vulnerability points of the IT infrastructure such as the network, servers and the application layers. The network layer is targeted with volumetric network flood attacks such as UDP flood or ICMP flood, aiming to consume or misuse networking resources and ultimately saturate the Internet pipe of the victim. The server layer is targeted by SYN flood attacks and low & slow attack tools, which aim to misuse the server resources. And the application layer is targeted with a wide variety of attacks such as SSL based attacks, HTTP GET or POST attacks and application misuse attacks. Today s anti-ddos solutions must be able to detect and mitigate attacks on all three layers. Can your vendor protect from SSL based DDoS attacks? SSL based DDoS attacks target the secured online services of the victim. These attacks are easy to launch and difficult to mitigate, making them attackers favorites. In order to detect and mitigate DDoS SSL attacks, the anti- DDoS solution must first decrypt the traffic using the customer s SSL keys. This task is a CPU consuming task and should be done by dedicated hardware accelerators so it can meet the required traffic load. Since the customer s SSL keys are required for the decryption process, this task cannot be done outside of the customer s data center, e.g. in the cloud, and must be done on-premise. Can your vendor protect from application DDoS attacks? Instances of DDoS attacks that target application resources have grown recently and are widely used by attackers today. They target not only the well-known HTTP, but also HTTPS, DNS, SMTP, FTP, VOIP, and other application protocols that possess exploitable weaknesses allowing for DoS attacks. The most popular application DDoS attacks are HTTP GET and POST floods, where the attackers mimic the behavior of legitimate users that access the website to download a large image or to fill up a web form. By launching a well coordinated DDoS HTTP flood attack, the web servers of the victim are becoming so busy handling the attackers requests that they cannot process requests from legitimate users. Application DDoS attacks are harder to detect as they do not generate a lot of network traffic, and are complicated to mitigate as every transaction looks legitimate. Can your vendor protect from low & slow DDoS attacks? Low & slow DDoS attack tools generate slow rate and low volume attack traffic and therefore are hard to detect by standard anti-ddos solutions. These attack tools usually exploit a weakness in the HTTP protocol that allows them to open thousands of connections with the web servers without terminating any connection. This consumes all the available connections resources of the web server, causing it to stop handling new requests and prevent the service from legitimate users - hence achieving a denial of service. Smart Network. Smart Business. 3

Mitigation Technology How does your vendor protect the Internet pipe of the organization from volumetric DDoS attacks that threaten to saturate the Internet pipe? In some cases the DDoS attacks turn into volumetric attacks that threaten to saturate the Internet pipe of the organization. Such attacks must be mitigated from the cloud and not from the organization s premises. The best approach is to deploy a hybrid anti-ddos solution that can divert the attack from the organization s premises into the cloud while it shares information about the attack with the cloud mitigation. This is required in order to ensure smooth transition to the cloud and immediate mitigation. How does your vendor distinguish between legitimate users and attackers? Unlike other cyber security threats, a DDoS attack is composed of many legitimate requests and only the large volume of simultaneous requests actually constitute an attack. Since every request in a DDoS attack looks legitimate, the biggest challenge for anti-ddos mitigation is to distinguish between attacker requests and legitimate user requests. Standard anti-ddos solutions design their mitigation strategy on rate limit methodologies that are triggered once the traffic crosses a pre-defined threshold. This approach results in relatively high falsepositives and blocks legitimate users from accessing the services. Advanced anti-ddos solutions deploy more sophisticated mitigation technologies such as behavioral analysis that compares the current traffic to normal baselines and take intelligent decisions regarding the attack mitigation. In addition, there are mechanisms that challenge suspicious sources and based on the response from the source, it can be determined if the source is a Bot or a legitimate user. How does your vendor guarantee best quality of experience to legitimate users even under attack? The objective of attackers that launch DDoS attacks is to prevent the online services from legitimate users; therefore the mitigation solution must not only mitigate the attacks, but also guarantee best quality of experience to legitimate users during the prolong DDoS attack campaigns. The best approach to deal with this challenge is to separate the hardware resources that handle attacker requests and legitimate user requests in the mitigation solution, and to make sure that the resources for legitimate users are always available, even under severe DDoS attack. Where is your vendor DDoS mitigation solution deployed at the network? Does it protect other network elements such as firewall, IPS, ADC and WAF from DDoS attacks? Recent DDoS attacks taught us that traditional network security solutions such as firewall, IPS and WAF cannot stop DDoS attacks. All the organizations that became a target for DDoS attacks had firewalls and IPS devices in their infrastructure and yet their availability was hurt causing them to go offline. Although firewall, IPS, ADC and WAF solutions have essential roles, they were simply not designed to handle today s emerging DDoS threats and may become the bottlenecks themselves during a DDoS attack. According to Radware 2012 Global Application & Network Security Report, in 33% of DDoS attacks, the firewall or the IPS devices are the bottlenecks. Therefore, the anti-ddos mitigation solution must be deployed before all the other network elements so it can protect them during a DDoS attack. How quickly will your vendor detect and mitigate an attack? The ideal DDoS mitigation solution detects and blocks attacks at the perimeter of the victim organization s data center before the attack can impact IT infrastructure. Such a configuration of defenses allows for real-time protection. Solutions that are purely cloud-based and have no detectors in the organizations data center do not protect against an attack until attack traffic is manually redirected by an Internet Service Provider to flow through an MSSP for scrubbing. This process can take minutes or hours, is complicated to manage, and effectively leaves an organization and its customers exposed to a DDoS attack until the attack can be redirected for scrubbing. Smart Network. Smart Business. 4

Reporting System Does your vendor include a mechanism that provides real time information about an attack? Security Information and Event Managers (SIEMs) are the central nervous system by which security professionals gather critical insight about sophisticated DDoS attacks. The SIEM role is to detect, alert and report on any security incident or event that might be related to a DDoS attack. Advanced anti-ddos solutions must be well integrated with SIEM systems that are able to aggregate, normalize, and correlate data from multiple sources; to provide automated information gathering and risk assessment; to conduct real-time analysis and to provide real-time reports, logs, attack trends and additional information that can assist the security team to mitigate the attack. Vendor Expertise Does your vendor have a 24x7 emergency response team to help customers under DDoS attacks? Even with the best DDoS protection solution and a knowledgeable staff, DDoS attacks can become a major challenge to your business and can create unwanted emergency situations. With DDoS attacks that last for many days and new attack tools and techniques that emerge occasionally, the anti-ddos solution should be accompanied with an emergency response team of security professionals that are handling DDoS attacks everyday, and can support the customer s security team during the attack. Is your vendor technology market proven? Who else is using the technology? Is it used by leading cloud MSSPs that provide anti-ddos services? MSSPs that provide anti-ddos services are using 3rd party technologies and products in their attack mitigation data centers. The industry leading MSSPs are the most demanding customers when it comes to anti-ddos solutions, as they understand the nature of the attacks, the various mitigation technologies and the expectations of their customers. Therefore, it is wise to ask for MSSP references who are focused on providing anti-ddos services. Is your vendor a recognized authority on DDoS attacks? Make sure your vendor has a solid track record of industry awards, relevant certifications, expert industry commentary in the media, and publishable research on recent DDoS threats. 2013 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners. Smart Network. Smart Business. 5 PRD-DDoS-Selection-Criteria-WP-01-2013/04-US

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information