Welcome!

Containers Expo Blog Authors: Elizabeth White, Automic Blog, Pat Romanski, Liz McMillan, Jyoti Bansal

Blog Feed Post

Hybrid DDoS Needs Hybrid Defense

#DDoS  #infosec #cloud #F5 acquires Defense.Net

Everyone, no doubt, can easily find one of the myriad articles and reports indicating that the volume of DDoS attacks is on the rise. Not just the frequency of but the sheer size of these attacks are growing year over year at a frightening rate.

It should be no surprise, then, that surveys like TechTarget's 2014 IT Priorities Survey indicate that 45% of respondents will be adding new capacity in network security and 35% plan on adding threat detection and management, and financial institutions are now being required by regulators to have DDoS mitigation solutions in place.

Problematic, of course, is the sheer volume in terms of bandwidth that can be consumed by an attack. With bandwidth consumption often measured in the hundreds of gigabits per second thanks to the deadly combination of amplification and reflection attack techniques, many organizations targeted by such an attack will find that their Internet connectivity is a serious obstacle in mitigating these attacks. While emerging technologies software-defined architectures and network virtualization promise to address the immediate need for additional capacity for network-related services, the reality is that if connectivity is compromised, additional capacity that lies beyond the corporate perimeter is unlikely to provide the relief needed.

Put simply: if an attacker can throw enough malicious traffic at you to completely saturate your Internet pipe, there’s simply not much an on-premise solution can do by itself.

That's why many top analysts recommend as best practices a hybrid approach to preparing for (what we're told is the inevitable) DDoS attack.

The Hybrid DDoS Approach

A hybrid approach combines an off-premise (cloud) based DDoS detection and mitigation service with on-premise protections. Such an approach allows organizations to take advantage of the greater bandwidth capacity that lies along the Internet backbone where most cloud-based DDoS providers reside when attacks oversubscribe their own connectivity while maintaining a strong security posture on-premise that can handle most volumetric attacks and is better suited to addressing more insidious application-layer DDoS attacks.

Hybrid solutions provide the resilience and scale of cloud-based solutions with the granularity and always-on capabilities of on—premise solutions. More importantly, a well-integrated hybrid DDoS architecture enables organizations to more effectively and cost-efficiently deal with threats that occur infrequently but are far more dangerous. A SANS 2012 survey on Log and Event Management indicated that for the first time respondents reported they were "unable to detect active attacks in their networks." This frightening statistic is brought to you by attackers whose goal is to overwhelm systems using network-based attacks whilst hiding more advanced, application-layer attacks amidst the noise such volumetric attacks generate.

Moreover, these attacks are made more dangerous because of the way in which organizations (naturally) respond to a DDoS attack. It's quite common for organizations that find themselves under attack to focus on preventing service outages. As computationally expensive security network services start to fail in the face of overwhelming traffic, the response is often to shut them down. That means IPS, application firewalls and anti-fraud detection systems, among others, are eliminated from the critical path. The network DDoS traffic may be detected and rejected, for the most part, but suddenly the application-layer attacks hiding in the volumetric network attack are free to make their way back to applications. Basically, the application-layer defenses are treated as ballast and tossed aside in favor of keeping the network boat afloat.

A hybrid approach can take advantage of the additional capacity available in the cloud to ensure organizations aren’t overwhelmed by the excessive volume generated by some attacks while enabling the organization to protect itself against the more frequent but easily managed attacks. A pure cloud DDoS solution can be cumbersome to implement if used to mitigate every single DDoS attacks, but worth the cost in the face of an overwhelming attack. 

A hybrid approach is certainly the best architectural approach available today for organizations to cost-efficiently mitigate the risk associated with DDoS overall, and an integrated solution that provides both a cloud and on-premise solution ensures the onboarding process is seamless.

Complementary Technology for a Hybrid DDoS Architecture

F5 sees in Defense.Net the ability to provide just such a hybrid approach to mitigating DDoS attacks whether traditional bandwidth-consuming attacks or more modern, multi-vector attacks. By combining the cloud-based services of Defense.Net with an on-premise F5 Application Delivery Firewall (ADF), organizations will be better armed to detect and mitigate DDoS attacks at the network and application layers simultaneously. 

While Defense.Net supports traditional architectural deployments - asymmetric GRE configuration and a symmetric proxy configuration - it also supports a destination NAT configuration that eliminates GRE MTU and other challenges. This approach requires only inbound traffic to be inspected, which dramatically decreases its bandwidth requirements compared to symmetric DDoS technology. It further benefits organizations in reducing the latency incurred by traditional approaches, which means less of an impact on application performance and the quality of experience demanded to keep customers and employees satisfied. 

Defense.Net's multilayer approach to scrubbing and architectural flexibility is highly complementary with F5's technology as well as our architectural vision, Synthesis. By bringing together both a cloud-based and an on-premise solution, F5 is extending its portfolio of security services to include cloud-based DDoS as a service or in the cloud as part of a broader security architecture designed to provide comprehensive DDoS coverage for applications deployed anywhere, accessed at anytime from any device.

We are excited to have the Defense.Net team and its technology join the F5 family. 

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
The 21st International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search and...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs oft...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus intern...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
Existing Big Data solutions are mainly focused on the discovery and analysis of data. The solutions are scalable and highly available but tedious when swapping in and swapping out occurs in disarray and thrashing takes place. The resolution for thrashing through machine learning algorithms and support nomenclature is through simple techniques. Organizations that have been collecting large customer data are increasingly seeing the need to use the data for swapping in and out and thrashing occurs ...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that Interoute has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Interoute is the owner operator of Europe's largest network and a global cloud services platform, which encompasses over 70,000 km of lit fiber, 15 data centers, 17 virtual data centers and 33 colocation centers, with connections to 195 additional partner data centers. Our full-service Unifie...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
SYS-CON Events announced today that DivvyCloud will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in rea...
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Systena America will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Systena Group has been in business for various software development and verification in Japan, US, ASEAN, and China by utilizing the knowledge we gained from all types of device development for various industries including smartphones (Android/iOS), wireless communication, security technology and IoT serv...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...