Issue link: https://cp.revolio.com/i/760098
THE DATA CENTER JOURNAL | 9 www.datacenterjournal.com that, once solved, is solved for good. Instead, it's a high-stakes game of measures, countermeasures, counter-countermeasures and so on. "Attackers will always find new exploits and new attack methods." And in the context of one aspect of security—DDoS— "Staying ahead of them and their techniques requires adaptive, analytics-driven DDoS protection. Learning from the attack attempts that have occurred and taking advantage of heuristics and autonomic learning gives legitimate operators the upper hand against these threats." fighting the tide: ddos mitigation In a sense, dealing with DDoS attacks is like dealing with a flood: protecting oneself and one's property requires building bar- riers, diverting the deluge and, if possible, identifying and stop- ping the source. Of course, in the digital world, the nuances of such defensive measures are digital rather than physical, but the goals are in many ways the same. Some may be easier to achieve than others, however. Larson describes the evolution of DDoS mitigation as an evolution in response to the changing tactics of attackers. "Legacy approaches to DDoS mitigation have relied on disparate detection and mitigation engines, scrubbing centers, or manual intervention. As we've learned over the years, the time from detection to mitigation is crucial in reducing or eliminat- ing the impact of a DDoS attack. Without the proper solution in place, the result of a successful attack can be devastating to any business, and certainly those who rely on the Internet to operate." e initial wave of defenses from about 10 years ago, ac- cording to Larson, involved essentially dropping any traffic to the attack target until the attack ends. ey potentially saved some or most of the network but did little good for the actual subject of the attack. "is approach requires a lot of manpower and may prevent the DDoS attack from affecting the service provider or other downstream customers, but it carries with it the downside of perfecting the attack against the intended victims by complete- ly taking them offline to prevent collateral damage. Surprisingly, even though new solutions are available, many companies still use black-holing as an answer to DDoS attacks." e second wave of defenses "evolved into out-of-band scrubbing centers that detect DDoS threats and subsequently gen- erate alerts that require an operator to take action, which can take considerable time, possibly leaving the environment under attack in some cases for multiple hours. Because scrubbing centers re- quire a significant amount of human capital and equipment, this approach has remained out of reach for everyone except Tier One service providers." e third wave, according to Larson, delivers automation as well as in-line and on-site deployments at lower cost. "e technology responds in real-time to even the smallest DDoS attack, many of which would go unnoticed by a scrubbing center," he noted. targets of tomorroW e DDoS attack on the Dyn DNS service showed that hackers need not target broad swaths of companies to see widespread results from their efforts. Digital strikes on critical Internet functions can prevent access to otherwise operational services. "I think we will start to see a troubling trend of attack- ers targeting major Internet providers, DNS providers and other critical components of the Internet infrastructure," said Larson. "ose attacks may be large and volumetric in nature, or they may comprise shorter surgical bursts of sub-saturating attack techniques intended to disrupt and distract network operators for other malicious intent." As more business relies on network connectivity, the cost of these attacks also rises. Unfortunately, their scope seems to be growing: the October Internet outage showed that the victims, instead of just being a company or website here or there, can in- clude multiple services and/or geographical areas. In light of this new reality, the question is how the defenders will now respond. "I anticipate that 2017 will be the year of the ISPs coming under added pressure to provide DDoS-mitigation services to their customers," said Larson. "e current status quo allows malicious traffic carrying DDoS threats to flow freely over most provider networks, and as a result, most customers end up paying their provider for bandwidth that delivers potentially dangerous Internet content. But the technology exists for ISPs to turn this problem into a business opportunity. By providing DDoS-miti- gation tools as a service, deployed at the Internet edge, they can defeat this problem before it enters their customers' networks." conclUsions Although DDoS attacks are only one aspect of a broad and complicated security landscape, they are increasingly high profile, as the October attack that exploited an IoT botnet exemplified. e proliferation of connected devices means this malicious tech- nique can add even more muscle by commandeering unsecured devices. And that aspect of DDoS ties directly into the need for comprehensive security that starts with strong hardware design and soware development, ending with responsible use and maintenance by end customers. In between, service providers also have a role to play. Unfortunately, however, security will remain a back-and-forth struggle as each side tries to top the other with new attacks or new defenses. For now, DDoS is a weapon of choice for many hackers that will continue to make headlines. n "Staying ahead of them and their techniques requires adaptive, analytics-driven DDoS protection. Learning from the attack attempts that have occurred and taking advantage of heuristics and autonomic learning gives legitimate operators the upper hand against these threats."