Welcome!

Containers Expo Blog Authors: Pat Romanski, Elizabeth White, Scott Sobhani, Liz McMillan, Stefan Bernbo

Blog Feed Post

Hybrid DDoS Needs Hybrid Defense

#DDoS  #infosec #cloud #F5 acquires Defense.Net

Everyone, no doubt, can easily find one of the myriad articles and reports indicating that the volume of DDoS attacks is on the rise. Not just the frequency of but the sheer size of these attacks are growing year over year at a frightening rate.

It should be no surprise, then, that surveys like TechTarget's 2014 IT Priorities Survey indicate that 45% of respondents will be adding new capacity in network security and 35% plan on adding threat detection and management, and financial institutions are now being required by regulators to have DDoS mitigation solutions in place.

Problematic, of course, is the sheer volume in terms of bandwidth that can be consumed by an attack. With bandwidth consumption often measured in the hundreds of gigabits per second thanks to the deadly combination of amplification and reflection attack techniques, many organizations targeted by such an attack will find that their Internet connectivity is a serious obstacle in mitigating these attacks. While emerging technologies software-defined architectures and network virtualization promise to address the immediate need for additional capacity for network-related services, the reality is that if connectivity is compromised, additional capacity that lies beyond the corporate perimeter is unlikely to provide the relief needed.

Put simply: if an attacker can throw enough malicious traffic at you to completely saturate your Internet pipe, there’s simply not much an on-premise solution can do by itself.

That's why many top analysts recommend as best practices a hybrid approach to preparing for (what we're told is the inevitable) DDoS attack.

The Hybrid DDoS Approach

A hybrid approach combines an off-premise (cloud) based DDoS detection and mitigation service with on-premise protections. Such an approach allows organizations to take advantage of the greater bandwidth capacity that lies along the Internet backbone where most cloud-based DDoS providers reside when attacks oversubscribe their own connectivity while maintaining a strong security posture on-premise that can handle most volumetric attacks and is better suited to addressing more insidious application-layer DDoS attacks.

Hybrid solutions provide the resilience and scale of cloud-based solutions with the granularity and always-on capabilities of on—premise solutions. More importantly, a well-integrated hybrid DDoS architecture enables organizations to more effectively and cost-efficiently deal with threats that occur infrequently but are far more dangerous. A SANS 2012 survey on Log and Event Management indicated that for the first time respondents reported they were "unable to detect active attacks in their networks." This frightening statistic is brought to you by attackers whose goal is to overwhelm systems using network-based attacks whilst hiding more advanced, application-layer attacks amidst the noise such volumetric attacks generate.

Moreover, these attacks are made more dangerous because of the way in which organizations (naturally) respond to a DDoS attack. It's quite common for organizations that find themselves under attack to focus on preventing service outages. As computationally expensive security network services start to fail in the face of overwhelming traffic, the response is often to shut them down. That means IPS, application firewalls and anti-fraud detection systems, among others, are eliminated from the critical path. The network DDoS traffic may be detected and rejected, for the most part, but suddenly the application-layer attacks hiding in the volumetric network attack are free to make their way back to applications. Basically, the application-layer defenses are treated as ballast and tossed aside in favor of keeping the network boat afloat.

A hybrid approach can take advantage of the additional capacity available in the cloud to ensure organizations aren’t overwhelmed by the excessive volume generated by some attacks while enabling the organization to protect itself against the more frequent but easily managed attacks. A pure cloud DDoS solution can be cumbersome to implement if used to mitigate every single DDoS attacks, but worth the cost in the face of an overwhelming attack. 

A hybrid approach is certainly the best architectural approach available today for organizations to cost-efficiently mitigate the risk associated with DDoS overall, and an integrated solution that provides both a cloud and on-premise solution ensures the onboarding process is seamless.

Complementary Technology for a Hybrid DDoS Architecture

F5 sees in Defense.Net the ability to provide just such a hybrid approach to mitigating DDoS attacks whether traditional bandwidth-consuming attacks or more modern, multi-vector attacks. By combining the cloud-based services of Defense.Net with an on-premise F5 Application Delivery Firewall (ADF), organizations will be better armed to detect and mitigate DDoS attacks at the network and application layers simultaneously. 

While Defense.Net supports traditional architectural deployments - asymmetric GRE configuration and a symmetric proxy configuration - it also supports a destination NAT configuration that eliminates GRE MTU and other challenges. This approach requires only inbound traffic to be inspected, which dramatically decreases its bandwidth requirements compared to symmetric DDoS technology. It further benefits organizations in reducing the latency incurred by traditional approaches, which means less of an impact on application performance and the quality of experience demanded to keep customers and employees satisfied. 

Defense.Net's multilayer approach to scrubbing and architectural flexibility is highly complementary with F5's technology as well as our architectural vision, Synthesis. By bringing together both a cloud-based and an on-premise solution, F5 is extending its portfolio of security services to include cloud-based DDoS as a service or in the cloud as part of a broader security architecture designed to provide comprehensive DDoS coverage for applications deployed anywhere, accessed at anytime from any device.

We are excited to have the Defense.Net team and its technology join the F5 family. 

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effi...
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Presidio has received the 2015 EMC Partner Services Quality Award from EMC Corporation for achieving outstanding service excellence and customer satisfaction as measured by the EMC Partner Services Quality (PSQ) program. Presidio was also honored as the 2015 EMC Americas Marketing Excellence Partner of the Year and 2015 Mid-Market East Partner of the Year. The EMC PSQ program is a project-specific survey program designed for partners with Service Partner designations to solicit customer feedbac...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profession...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
Ask someone to architect an Internet of Things (IoT) solution and you are guaranteed to see a reference to the cloud. This would lead you to believe that IoT requires the cloud to exist. However, there are many IoT use cases where the cloud is not feasible or desirable. In his session at @ThingsExpo, Dave McCarthy, Director of Products at Bsquare Corporation, will discuss the strategies that exist to extend intelligence directly to IoT devices and sensors, freeing them from the constraints of ...
Connected devices and the industrial internet are growing exponentially every year with Cisco expecting 50 billion devices to be in operation by 2020. In this period of growth, location-based insights are becoming invaluable to many businesses as they adopt new connected technologies. Knowing when and where these devices connect from is critical for a number of scenarios in supply chain management, disaster management, emergency response, M2M, location marketing and more. In his session at @Th...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
Apixio Inc. has raised $19.3 million in Series D venture capital funding led by SSM Partners with participation from First Analysis, Bain Capital Ventures and Apixio’s largest angel investor. Apixio will dedicate the proceeds toward advancing and scaling products powered by its cognitive computing platform, further enabling insights for optimal patient care. The Series D funding comes as Apixio experiences strong momentum and increasing demand for its HCC Profiler solution, which mines unstruc...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
IoT offers a value of almost $4 trillion to the manufacturing industry through platforms that can improve margins, optimize operations & drive high performance work teams. By using IoT technologies as a foundation, manufacturing customers are integrating worker safety with manufacturing systems, driving deep collaboration and utilizing analytics to exponentially increased per-unit margins. However, as Benoit Lheureux, the VP for Research at Gartner points out, “IoT project implementers often ...
When people aren’t talking about VMs and containers, they’re talking about serverless architecture. Serverless is about no maintenance. It means you are not worried about low-level infrastructural and operational details. An event-driven serverless platform is a great use case for IoT. In his session at @ThingsExpo, Animesh Singh, an STSM and Lead for IBM Cloud Platform and Infrastructure, will detail how to build a distributed serverless, polyglot, microservices framework using open source tec...
The idea of comparing data in motion (at the sensor level) to data at rest (in a Big Data server warehouse) with predictive analytics in the cloud is very appealing to the industrial IoT sector. The problem Big Data vendors have, however, is access to that data in motion at the sensor location. In his session at @ThingsExpo, Scott Allen, CMO of FreeWave, discussed how as IoT is increasingly adopted by industrial markets, there is going to be an increased demand for sensor data from the outermos...