2

Click here to load reader

Data Analytics and DDoS Mitigation: Lessons Learned

Embed Size (px)

DESCRIPTION

During a DoS or DDoS denial of service attack, Prolexic gathers hundreds of millions of data points from DDoS mitigation sensors. In this audio Prolexic shares what it has learned about using DDoS analytics to stop DDoS attacks.

Citation preview

Page 1: Data Analytics and DDoS Mitigation: Lessons Learned

1

DataAnalyticsandDDoSMitigation:LessonsLearned

Inthecybersecurityindustry,ITisdrivingtheuseofdataanalyticstogainreal‐timeinsightintotrends,attackerbehaviorsandspecificcybersecurityevents.Real‐timedataanalysiscanbeapowerfultooltohelpInternet‐facingorganizationsbuildastrongercybersecuritystrategy.

DefendingagainstDDoSattacksisareal‐timechallengeforDDoSmitigationserviceproviders.HundredsofmillionsofdatapointsinmultiplestreamspourintoaDDoSmitigationplatforminrealtimeduringanattack.ADDoSmitigationprovidermustquicklymakesenseofthisdelugeofdataandmakeprecisedecisionsastowhichdata/traffictoallowandwhichtoblock.

TheProlexicapproachtoDDoSdataanalyticsMerelysummarizingnumericaldatawillnotshowifnetworktrafficanomaliesaremaliciousornot.Prolexicusesdataanalyticstodrawinformedconclusionsandanswerquestionssuchas:

IsasiteunderDDoSattackoristhisanotherkindofnetworkanomaly,suchasaflashcrowd?

Ifunderattack,whattypeofDDoSthreatisthisandwhichpartofthecustomer’sinfrastructurecouldbemostaffected?

Wherearetheattackscomingfrom?Haveweencounteredtheseattackersbefore? Whataretheattacksignatures?Haveweseenthembefore?Aretheychanging?

Figure1:ProlexicleveragesawidevarietyofmetricsandmodelstoprovidemeaningfulDDoSinsight.

Page 2: Data Analytics and DDoS Mitigation: Lessons Learned

2

OurdataanalyticssystemProlexicacquiresbillionsofDDoSattackmetricsfromsensorsmonthly.Eachsensorsamplestensofthousandsofmetricseveryminuteandmaycapture30to40metricsforeachnetworkobjectorapplication.Somecustomershaveasmanyas30,000networkmetrics.OursystemdistillsthedataforourDDoSmitigationexpertstoanalyzeandactupon.Bycorrelatingthemetricsandshowingtheirrelationships,Prolexic’smitigationexpertscansearchonthedatainrealtimeandextractintelligencetohelpthemmakethebestandfastestdecisionsonhowtomitigatetheattack.

Whatwe’velearnedThreeofthelessonswehavelearnedare:

UsingdataanalyticsforDDoSmitigationrequiresalargecapitalinvestmentandamulti‐yearefforttobuildasystemthatcantakemyriadsourcesofinformationandpresentitinawaythatsupportsrapiddecisionmaking.

Automaticdecision‐makingalgorithmsarepronetofalsepositives.Soasgoodastoday’sanalyticssystemsare,forDDoSattacks,theycannotreplaceanexperiencedlivemitigationengineer.

Batch‐orientedanalyticssystems,suchasHadoop,havelatencythresholdsthataretooslowtosupportthereal‐timerequirementsofProlexic’scyber‐attackmitigationtimeframe.

GetthewhitepaperDataAnalyticsandDDoSMitigation:LessonsLearnedathttp://www.prolexic.com/ddosanalyticsformoredetailsandconclusions,including:

ThethreeimportantquestionstoaskofyourDDoSdata Theproblemoffalsepositives Thelatencychallengesofbatch‐orientedanalytics ThegapbetweenthecapabilitiesofautomatedsystemsandliveDDoSattackers HowProlexicmanagesthebigdataassociatedwithDDoSattacks Morelessonslearned

AboutProlexic

ProlexicTechnologiesistheworld’slargestandmosttrustedproviderofDDoSprotectionandmitigationservices.Learnmoreatwww.prolexic.com.

AboutPLXsert

ProlexicSecurityandEngineeringResponseTeam(PLXsert)monitorstheglobalmaliciouscyberthreatsandactivelyanalyzesDDoSattacksusingproprietarytechniquesandequipment.

http://www.prolexic.com/knowledge-center-white-paper-data-analytics-ddos-mitigation/np.html
http://www.prolexic.com/knowledge-center-white-paper-data-analytics-ddos-mitigation/np.html
http://www.prolexic.com

(D)DOS DEMYSTIFIED - OARnet...DDoS Attack Customers DDoS Attack Volumetric Protection Cloud ISPa ISPb L3-4 DDoS mitigation DDoS Platform DDoS Platform L7 DDoS mitigation SSL Termination

(D)DOS DEMYSTIFIED - OARnet...DDoS Attack Customers DDoS Attack Volumetric Protection Cloud ISPa ISPb L3-4 DDoS mitigation DDoS Platform DDoS Platform L7 DDoS mitigation SSL Termination

Documents
Radware DoS / DDoS Attack Mitigation System

Radware DoS / DDoS Attack Mitigation System

Documents
Traffic Diversion Techniques for DDoS Mitigation

Traffic Diversion Techniques for DDoS Mitigation

Documents
SNMP Reflected Amplification DDoS Attack Mitigation

SNMP Reflected Amplification DDoS Attack Mitigation

Documents
Scalable DDoS mitigation · •Scalable DDoS Mitigation –BGP FlowSpec •Cloud DDoS Protection –F5 Silverline. DDoS Overview • Distributed denial-of‐service (DDoS) attacks

Scalable DDoS mitigation · •Scalable DDoS Mitigation –BGP FlowSpec •Cloud DDoS Protection –F5 Silverline. DDoS Overview • Distributed denial-of‐service (DDoS) attacks

Documents
DDoS Mitigation Strategies: The Automation Factor · DDoS Mitigation Strategies: The Automation Factor. ... implementing artificial intelligence ( AI)-based security technologies

DDoS Mitigation Strategies: The Automation Factor · DDoS Mitigation Strategies: The Automation Factor. ... implementing artificial intelligence ( AI)-based security technologies

Documents
DDoS Mitigation - DefensePro - RADWARE

DDoS Mitigation - DefensePro - RADWARE

Sales
DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Documents
Multi-Layer DDoS Mitigation Strategies

Multi-Layer DDoS Mitigation Strategies

Internet
Prolexic DDoS Analytics & DDoS Mitigation In Real Time

Prolexic DDoS Analytics & DDoS Mitigation In Real Time

Technology
Data Analytics and DDoS Mitigation: Lessons Learned

Data Analytics and DDoS Mitigation: Lessons Learned

Technology
Level 3 DDoS Mitigation

Level 3 DDoS Mitigation

Documents
DDoS Monitoring/Mitigation

DDoS Monitoring/Mitigation

Documents
DDoS Attack Preparation and Mitigation

DDoS Attack Preparation and Mitigation

Technology
DDoS Attack Mitigation Guide FortiDDoS

DDoS Attack Mitigation Guide FortiDDoS

Documents
DDOS mitigation software solutions

DDOS mitigation software solutions

Documents
DDoS Attack Detection & Mitigation in SDN

DDoS Attack Detection & Mitigation in SDN

Engineering
DDoS MITIGATION BEST PRACTICES - Electric Lightwave › wp-content › uploads › 2016 › ... · 2 | DDoS MITIGATION BEST PRACTICES The DDoS landscape continues to change considerably

DDoS MITIGATION BEST PRACTICES - Electric Lightwave › wp-content › uploads › 2016 › ... · 2 | DDoS MITIGATION BEST PRACTICES The DDoS landscape continues to change considerably

Documents
Ddos and mitigation methods.pptx (1)

Ddos and mitigation methods.pptx (1)

Internet
Ddos and mitigation methods.pptx

Ddos and mitigation methods.pptx

Technology
DDos Prevention and Mitigation

DDos Prevention and Mitigation

Technology
DaaS : DDoS Mitigation-as-a-Service

DaaS : DDoS Mitigation-as-a-Service

Documents
DDoS Mitigation Techniques - CHI-NOGchinog.org/.../06/CHI-NOG-03-DDoS-Mitigation-Techniques.pdf · 2014-06-15 · DDoS Mitigation Techniques Ron Winward, ServerCentral CHI-NOG 03

DDoS Mitigation Techniques - CHI-NOGchinog.org/.../06/CHI-NOG-03-DDoS-Mitigation-Techniques.pdf · 2014-06-15 · DDoS Mitigation Techniques Ron Winward, ServerCentral CHI-NOG 03

Documents
DDOS –Global threats and mitigation

DDOS –Global threats and mitigation

Technology
FastNetMon - ENOG9 speech about DDoS mitigation

FastNetMon - ENOG9 speech about DDoS mitigation

Internet
Internet2 DDoS Mitigation Update · 2017-05-03 · Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, ... – Baylor.edu hit by DDoS attack in May

Internet2 DDoS Mitigation Update · 2017-05-03 · Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, ... – Baylor.edu hit by DDoS attack in May

Documents
Getting started with the DDoS Mitigation portal...Getting Started with the DDoS Mitigation and Reporting Portal February 2021

Getting started with the DDoS Mitigation portal...Getting Started with the DDoS Mitigation and Reporting Portal February 2021

Documents
DDoS Mitigation for ISP subscribers Rajaram Pejaver November 23, 2010 De-DDoS

DDoS Mitigation for ISP subscribers Rajaram Pejaver November 23, 2010 De-DDoS

Documents
DDoS mitigation in the real world

DDoS mitigation in the real world

Technology
DDoS mitigation for systems processing

DDoS mitigation for systems processing

Internet