Welcome!

Containers Expo Blog Authors: Elizabeth White, Pat Romanski, Cloud Best Practices Network, Derek Weeks, Jyoti Bansal

Blog Feed Post

Hybrid DDoS Needs Hybrid Defense

#DDoS  #infosec #cloud #F5 acquires Defense.Net

Everyone, no doubt, can easily find one of the myriad articles and reports indicating that the volume of DDoS attacks is on the rise. Not just the frequency of but the sheer size of these attacks are growing year over year at a frightening rate.

It should be no surprise, then, that surveys like TechTarget's 2014 IT Priorities Survey indicate that 45% of respondents will be adding new capacity in network security and 35% plan on adding threat detection and management, and financial institutions are now being required by regulators to have DDoS mitigation solutions in place.

Problematic, of course, is the sheer volume in terms of bandwidth that can be consumed by an attack. With bandwidth consumption often measured in the hundreds of gigabits per second thanks to the deadly combination of amplification and reflection attack techniques, many organizations targeted by such an attack will find that their Internet connectivity is a serious obstacle in mitigating these attacks. While emerging technologies software-defined architectures and network virtualization promise to address the immediate need for additional capacity for network-related services, the reality is that if connectivity is compromised, additional capacity that lies beyond the corporate perimeter is unlikely to provide the relief needed.

Put simply: if an attacker can throw enough malicious traffic at you to completely saturate your Internet pipe, there’s simply not much an on-premise solution can do by itself.

That's why many top analysts recommend as best practices a hybrid approach to preparing for (what we're told is the inevitable) DDoS attack.

The Hybrid DDoS Approach

A hybrid approach combines an off-premise (cloud) based DDoS detection and mitigation service with on-premise protections. Such an approach allows organizations to take advantage of the greater bandwidth capacity that lies along the Internet backbone where most cloud-based DDoS providers reside when attacks oversubscribe their own connectivity while maintaining a strong security posture on-premise that can handle most volumetric attacks and is better suited to addressing more insidious application-layer DDoS attacks.

Hybrid solutions provide the resilience and scale of cloud-based solutions with the granularity and always-on capabilities of on—premise solutions. More importantly, a well-integrated hybrid DDoS architecture enables organizations to more effectively and cost-efficiently deal with threats that occur infrequently but are far more dangerous. A SANS 2012 survey on Log and Event Management indicated that for the first time respondents reported they were "unable to detect active attacks in their networks." This frightening statistic is brought to you by attackers whose goal is to overwhelm systems using network-based attacks whilst hiding more advanced, application-layer attacks amidst the noise such volumetric attacks generate.

Moreover, these attacks are made more dangerous because of the way in which organizations (naturally) respond to a DDoS attack. It's quite common for organizations that find themselves under attack to focus on preventing service outages. As computationally expensive security network services start to fail in the face of overwhelming traffic, the response is often to shut them down. That means IPS, application firewalls and anti-fraud detection systems, among others, are eliminated from the critical path. The network DDoS traffic may be detected and rejected, for the most part, but suddenly the application-layer attacks hiding in the volumetric network attack are free to make their way back to applications. Basically, the application-layer defenses are treated as ballast and tossed aside in favor of keeping the network boat afloat.

A hybrid approach can take advantage of the additional capacity available in the cloud to ensure organizations aren’t overwhelmed by the excessive volume generated by some attacks while enabling the organization to protect itself against the more frequent but easily managed attacks. A pure cloud DDoS solution can be cumbersome to implement if used to mitigate every single DDoS attacks, but worth the cost in the face of an overwhelming attack. 

A hybrid approach is certainly the best architectural approach available today for organizations to cost-efficiently mitigate the risk associated with DDoS overall, and an integrated solution that provides both a cloud and on-premise solution ensures the onboarding process is seamless.

Complementary Technology for a Hybrid DDoS Architecture

F5 sees in Defense.Net the ability to provide just such a hybrid approach to mitigating DDoS attacks whether traditional bandwidth-consuming attacks or more modern, multi-vector attacks. By combining the cloud-based services of Defense.Net with an on-premise F5 Application Delivery Firewall (ADF), organizations will be better armed to detect and mitigate DDoS attacks at the network and application layers simultaneously. 

While Defense.Net supports traditional architectural deployments - asymmetric GRE configuration and a symmetric proxy configuration - it also supports a destination NAT configuration that eliminates GRE MTU and other challenges. This approach requires only inbound traffic to be inspected, which dramatically decreases its bandwidth requirements compared to symmetric DDoS technology. It further benefits organizations in reducing the latency incurred by traditional approaches, which means less of an impact on application performance and the quality of experience demanded to keep customers and employees satisfied. 

Defense.Net's multilayer approach to scrubbing and architectural flexibility is highly complementary with F5's technology as well as our architectural vision, Synthesis. By bringing together both a cloud-based and an on-premise solution, F5 is extending its portfolio of security services to include cloud-based DDoS as a service or in the cloud as part of a broader security architecture designed to provide comprehensive DDoS coverage for applications deployed anywhere, accessed at anytime from any device.

We are excited to have the Defense.Net team and its technology join the F5 family. 

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
Every successful software product evolves from an idea to an enterprise system. Notably, the same way is passed by the product owner's company. In his session at 20th Cloud Expo, Oleg Lola, CEO of MobiDev, will provide a generalized overview of the evolution of a software product, the product owner, the needs that arise at various stages of this process, and the value brought by a software development partner to the product owner as a response to these needs.
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, discussed the best practices that will ensure a successful smart city journey.
Technology vendors and analysts are eager to paint a rosy picture of how wonderful IoT is and why your deployment will be great with the use of their products and services. While it is easy to showcase successful IoT solutions, identifying IoT systems that missed the mark or failed can often provide more in the way of key lessons learned. In his session at @ThingsExpo, Peter Vanderminden, Principal Industry Analyst for IoT & Digital Supply Chain to Flatiron Strategies, will focus on how IoT depl...
Big Data, cloud, analytics, contextual information, wearable tech, sensors, mobility, and WebRTC: together, these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at @ThingsExpo, Erik Perotti, Senior Manager of New Ventures on Plantronics’ Innovation team, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it m...
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet and...
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus o...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, discussed the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
"LinearHub provides smart video conferencing, which is the Roundee service, and we archive all the video conferences and we also provide the transcript," stated Sunghyuk Kim, CEO of LinearHub, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...