THE NEED FOR LAYERED DEFENSE

0

Updated : December 28, 2014 05:30  pm,
By R. Narayan

img53DDoS attacks are but one of the several threat fronts in the IT landscape and the vendors offering thee solutions have been pushed into the limelight with increased need for such critical solutions

As the IT network has several layers, the threat frontiers are multiple as well. It is no surprise then that IT Networks are under constant siege from ever-increasing, multi-vector attacks. These include the rising volume and complexity of advanced persistent threats (APT); DDoS attacks and other threats; along with the demands of emerging technology trends like Internet-of-Things and biometrics. So companies need to have a layered security architecture in place right from the edge to the core of their networks because one weak spot is good enough for the compromise to happen. Further, with cloud service adoption on the rise, there is a need to secure applications that Businesses may be hosting on the public cloud.

Among the several threat scenarios, DDoS (Distributed denial of Service) attacks are one of the several threat fronts in the IT landscape. Most DDoS attacks focus on targeting the transport and network layers (layer 3 and layer 4 of the OSI model) and are usually comprised of volumetric attacks by botnets that are groups of infected PCs that aim to exhaust the resources of the target machines. Malicious traffic can flood the network and drain its resources temporarily. These attacks disrupt Businesses but once removed, do not leave any permanent damage. The Layer-7 Application-layer DDoS attacks are more complicated. They are difficult attacks to mitigate against because they mimic human behavior as they interact with the user interface.

In a recent report entitled Q3 2014 State of the Internet-Security Report from Akamai Technologies, which features analyses and insights into cyber threats around the world, including DDoS attacks, the volume of DDoS attacks has shot up. There are an increasing number of attacks greater than 100 Gbps (gigabits-per-second) and these large attacks are using multiple DDoS vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed. Further attackers have news methods and have refined the traditional methods.  The result is that the average DDoS attack bandwidth is on the rise every quarter.

Security vendors focusing on DDoS Mitigation solutions are now seeing better understanding of the threat scenario by Businesses in the region. These vendors are now seeking to enhance visibility and accelerate deployments of such solutions, through partners and through telcos.

Arbor Networks is a leading vendor in the DDoS space. The vendor believes the region is quite vulnerable to malicious attacks and therefore there is a need for better preparedness against such attacks which may include DDoS attacks. According to the vendor, while DDoS is not a new type of attack experienced by countries, governments and organizations, but is increasingly prevalent and evolving rapidly. In the past, certain verticals would be more susceptible to DDoS threats, with government, finance, gaming and e-commerce being at the top of the list. Today, however, any business or entity can be a target for any real or perceived threats.

“The region is becoming the focal point for hackers. There are many motivations including political and economic. This is helping awareness of Business continuity and how you can avoid the crisis in the first place,” says Mahmoud Samy, Regional Director, Arbor Networks, ME & CIS.

A10 networks is a leading vendor in the Application networking space. The vendor demonstrated its latest innovations in Distributed Denial of service (DDoS) Threat Protection Systems and high-performance, next-generation Application Delivery Controllers (ADCs) at the recently concluded edition of GITEX.

Glen Ogden, Regional Sales Director for the Middle East region at A10 Networks says, “Over the last few years, DDoS attacks have grown dramatically in frequency, size and complexity. Existing security strategies in place are not sufficient enough to address new breeds of DDoS attacks. It is clear that additional solutions are needed to complement existing security infrastructure in a layered defense model.”

According to Symantec Research, DNS based DDoS attacks is on the rise. In this kind of an attack, the attacker spoofs enquiries to domain name system (DNS) servers, hiding the source of the exploit and routing the response to the target. A small DNS query can be turned into a very significant volume of traffic that floods the target.

According to Infoblox, DDoS attacks are targeting DNS as a key vulnerability. Infoblox, the automated network control company, was an exhibitor at GITEX and showcased its latest DNS, DHCP, and IP Address Management (DDI), secure DNS and network automation technologies.

The company is working with its ISP customers and their enterprise customers to help them protect their DNS infrastructure and discuss the best ways to address these new DNS-centric DDoS attacks.

Cherif Sleiman, General Manager, Middle East at Infoblox says, “If your DNS infrastructure isn’t designed or configured properly, you could be either a victim or an accomplice to a DNS DDoS attack. In the past 15 years, we have seen attack vectors move from the Desktop to Network and to the Application layer.   In the past 18 months, DNS has become the latest target where it has become the second highest attack vector on the Internet slightly behind HTTP attacks.  In fact DNS is projected to surpass HTTP to become the number one attack vector within the next 12 months.”

He adds, “With Arbor networks, we have a joint architecture wherein, we can integrate solutions to tackle most of the threats in the DDOS space. We know that Arbor does a great job when it comes to volumetric attacks. Infoblox are the experts when it comes to DNS security. So integrating our solutions together providers a more holistic solution.

The economic damage of DDoS attacks can be quite significant. Arbor Networks’ WISR report found that on average, organizations faced 1-10 attacks per month meaning their ARO (Annual Rate of Occurrence) could be anything between 12 to 120 incidents. An internet services provider could according to the WISR report form Arbor Network face at least 12 DDoS attacks a year. According to industry research, the average cost of a DDoS attack outage is in the neighborhood of $1 million. The ALE (Annual Loss Expectancy) for such an organization therefore is an imposing $12 million.

Arbor offers a range of products and services to counter the DDoS threat scenario. Arbor Cloud-DDos protection service lets you offer best-in-class DDoS defense from the customer premise to the cloud. The on-premise solution provides always-on protection against application layer attacks. The could-based solution protects against large volumetric attacks. Arbor’s cloud signaling intelligently links both environments together. Meanwhile, attack mitigation is provided by Arbor’s experienced attack specialists.

It also has ATLAS, a globally scoped threat analysis network portal that displays host/port scanning activity, zero-day exploits/worm propagation, security events, vulnerability disclosures and dynamic botnet/phishing infrastructures. It provides actionable intelligence to Arbor customers about their network security. Arbor’s ATLAS threat monitoring infrastructure collects data from over 300 service providers as well as other internet operators, totaling an astounding 90 Tbps of global traffic intelligence.

“We have a worldwide network called Atlas. This consists of our response team and installed base of customers worldwide. We have more than 905 of tier 1 and tier 2 companies over the years as our customers. We trace threats worldwide and provides alerts,” says Mahmoud.

He adds, “We work with operators who are our partners to educate their customers so that they are aware before the problems arise. We work with the majority of telcos here- Etisalat, Oredoo, STC etc who are our customers. We would also be working with Etisalat as a managed service to their customers.”

To mitigate DDoS attacks, A10 Network offer the Thunder TPS (threat Protection System) that protects against multiple classes of attack vectors, including volumetric, protocol, resource and advanced application-layer attacks, which are detected and mitigated to prevent a service from becoming unavailable.

“Attacks are not only occurring more frequently, but with greater volumes and increased sophistication. Thunder TPS provides sophisticated, high-performance features to mitigate the largest and most complex DDoS attacks while optimizing rack space and power consumption, ensuring that data center resources are used efficiently and effectively,” says Glen.

A10’s Thunder TPS product line of Threat Protection Systems provides high-performance, network-wide protection against distributed denial of service (DDoS) attacks, and enables service availability against a variety of volumetric, protocol, resource and other sophisticated application attacks.

With DDoS mitigation capacity ranging from 10 to 155 Gbps, (and up to 1.2 Tbps in a cluster), Thunder TPS ensures that the largest DDoS attacks can be handled effectively.

Glen adds, “What is unique is our ability to deliver smallest form factor platform- such as a 1 rack unit capable of delivering up to 155 Gbps. Because of its scalability, we can deliver a no license model. Everybody else in our line of Business have a licensing model – every functionality to be switched on requires a separate license and a support uplift.”

The Trinzic Network Services and Management family of products from Infoblox enables companies to manage, control, and optimize DNS, DHCP, and other services. End of last year, Infoblox also launched Advanced DNS Protection solution, the first Domain Name System (DNS) appliance with integrated defenses against Distributed Denial of Service (DDoS) attacks, cache poisoning, malformed queries, tunneling and other DNS security threats. By building defense directly into a fortified DNS server, the Infoblox solution can deliver protection that is stronger, more intelligent and more comprehensive than what is possible today with separate external security solutions.

“Security of DNS infrastructure should be a top priority for organizations in the Middle East, but unfortunately statistics show that DNS servers and zone data are often neglected, which leave enterprises vulnerable to attacks. These attacks go well beyond DNS DDoS. There are multitudes of different attack vectors, which most DNS servers cannot detect or protect against. The Advanced DNS Protection solution from Infoblox offers intelligent defense against the widest variety of attack types—not just volumetric attacks—to ensure secure, resilient, and trustworthy DNS services,” says Sleiman.

These are some of the companies that are trailblazers in their domains, niches in the past but now very much in the foreground as the awareness of the need for multi-layered network security drives customer demand. And since DDoS and DNS attacks should be dealt with as part of an overall security strategy, the partners of these companies in the channel have a key role to play as well in educating and consulting their customer in deployments of the right solutions.