Click here to load reader
Upload
prolexic-technologies
View
50
Download
0
Embed Size (px)
DESCRIPTION
During a DoS or DDoS denial of service attack, Prolexic gathers hundreds of millions of data points from DDoS mitigation sensors. In this audio Prolexic shares what it has learned about using DDoS analytics to stop DDoS attacks.
Citation preview
1
DataAnalyticsandDDoSMitigation:LessonsLearned
Inthecybersecurityindustry,ITisdrivingtheuseofdataanalyticstogainreal‐timeinsightintotrends,attackerbehaviorsandspecificcybersecurityevents.Real‐timedataanalysiscanbeapowerfultooltohelpInternet‐facingorganizationsbuildastrongercybersecuritystrategy.
DefendingagainstDDoSattacksisareal‐timechallengeforDDoSmitigationserviceproviders.HundredsofmillionsofdatapointsinmultiplestreamspourintoaDDoSmitigationplatforminrealtimeduringanattack.ADDoSmitigationprovidermustquicklymakesenseofthisdelugeofdataandmakeprecisedecisionsastowhichdata/traffictoallowandwhichtoblock.
TheProlexicapproachtoDDoSdataanalyticsMerelysummarizingnumericaldatawillnotshowifnetworktrafficanomaliesaremaliciousornot.Prolexicusesdataanalyticstodrawinformedconclusionsandanswerquestionssuchas:
IsasiteunderDDoSattackoristhisanotherkindofnetworkanomaly,suchasaflashcrowd?
Ifunderattack,whattypeofDDoSthreatisthisandwhichpartofthecustomer’sinfrastructurecouldbemostaffected?
Wherearetheattackscomingfrom?Haveweencounteredtheseattackersbefore? Whataretheattacksignatures?Haveweseenthembefore?Aretheychanging?
Figure1:ProlexicleveragesawidevarietyofmetricsandmodelstoprovidemeaningfulDDoSinsight.
2
OurdataanalyticssystemProlexicacquiresbillionsofDDoSattackmetricsfromsensorsmonthly.Eachsensorsamplestensofthousandsofmetricseveryminuteandmaycapture30to40metricsforeachnetworkobjectorapplication.Somecustomershaveasmanyas30,000networkmetrics.OursystemdistillsthedataforourDDoSmitigationexpertstoanalyzeandactupon.Bycorrelatingthemetricsandshowingtheirrelationships,Prolexic’smitigationexpertscansearchonthedatainrealtimeandextractintelligencetohelpthemmakethebestandfastestdecisionsonhowtomitigatetheattack.
Whatwe’velearnedThreeofthelessonswehavelearnedare:
UsingdataanalyticsforDDoSmitigationrequiresalargecapitalinvestmentandamulti‐yearefforttobuildasystemthatcantakemyriadsourcesofinformationandpresentitinawaythatsupportsrapiddecisionmaking.
Automaticdecision‐makingalgorithmsarepronetofalsepositives.Soasgoodastoday’sanalyticssystemsare,forDDoSattacks,theycannotreplaceanexperiencedlivemitigationengineer.
Batch‐orientedanalyticssystems,suchasHadoop,havelatencythresholdsthataretooslowtosupportthereal‐timerequirementsofProlexic’scyber‐attackmitigationtimeframe.
GetthewhitepaperDataAnalyticsandDDoSMitigation:LessonsLearnedathttp://www.prolexic.com/ddosanalyticsformoredetailsandconclusions,including:
ThethreeimportantquestionstoaskofyourDDoSdata Theproblemoffalsepositives Thelatencychallengesofbatch‐orientedanalytics ThegapbetweenthecapabilitiesofautomatedsystemsandliveDDoSattackers HowProlexicmanagesthebigdataassociatedwithDDoSattacks Morelessonslearned
AboutProlexic
ProlexicTechnologiesistheworld’slargestandmosttrustedproviderofDDoSprotectionandmitigationservices.Learnmoreatwww.prolexic.com.
AboutPLXsert
ProlexicSecurityandEngineeringResponseTeam(PLXsert)monitorstheglobalmaliciouscyberthreatsandactivelyanalyzesDDoSattacksusingproprietarytechniquesandequipment.