What Brought Sony’s Playstation Network Down, Could Happen To You!(Part 2 of 2)

In part 1 of my blog, I shared on the key considerations and approach when you perform a DDOS threat assessment for your organization. In the 2nd part of of blog, I will share the different approaches to protect your organisation against DDOS attacks.

Finding the Best Approach for Your Organization

Typically an organization will choose 3 approaches, whether to manage their traditional on-premise firewall router solution themselves, or installing filtering infrastructure (within their data centers, or external purchase of an ISP’s service), or employing a cloud-based DDoS defense solution. All these approaches have its’ pros and cons.

Approach 1 – Traditional On-premise Firewall Router Solution

This first option is the most basic approach to fight against any DoS attack, used by most organization. However, considering the advances of DoS techniques and methods, this option has its’ limitations in terms of filters, bandwidth and staffing. Speaking of the filter, this type of solution applies indiscriminate basic filtering only. This procedure will be insufficient to accompany rate-limiting on the network and transport layers with the absence of deep packet inspection which functions to help flag attacks. This approach still utilizes manual detection on most parts leading to sluggish response times in the middle of an attack.

This first scenario is also weak at its bandwidth and routers support leading to more vulnerable system. Another problem is link capacity, which becomes the holdup with on-premise solutions. Today common attacks are commonly scaled at higher speed access than link capacities. According the report [http://gadget.widgetstudy.com/fighting-prolexic-successfully-the-largest-ddos-attack-packets-per-second-ever-documented-in-asia/], the DOS attacks are scaling to millions of packet per second whilst a typical high-end border router could only support 70,000 packet per second throughput.

Approach 2 – Intelligent Filtering Platform

This approach may be obtained by deploying it themselves or purchasing such service from your existing ISP (if it is available).

Using this approach, the intelligent filters will be an entrance for all internet traffic, in which the filters apply one or more techniques such as statistical modeling, active challenge validation, deep packet inspection and rate-based anomaly detection. These techniques are aimed to ensure legitimate traffic through while protecting networks and applications from DoS attacks.

Though the intelligent filtering solution is better that the previously mentioned on-premise solution, you might still realize that this approach does not scale well. This approach can’t guarantee the robustness of your system when Internet traffic from several ISPs data centers comes through your computing service.  This filtering technology may no longer be effective attacked by the full capacity of attack vectors. Though this option comes with more flexibility, filtering technology is not efficient and effective against large attacks due to its necessity to provide filters and bandwidth for each data center.

Meanwhile, compare to above on-premises intelligent filtering, your ISP may offer more bandwidth in their DoS defense solution. They can also increase their scale in order to generate greater network capacity as well as, their upstream guarantees such procedures to remove downstream and risks of circuit congestion access. The defect, however, is that your ISPs can only set protection against DoS attacks that come through their networks. You will need to deploy multiple intelligent solutions in order to obtain complete DoS protection which drives up cost and complexities.

Approach 3 – Cloud-based DDoS Protection

For an organization that needs to stay online 24×7, 365 days, both on-premises routers/ firewalls protection and intelligent filtering will no longer be sufficient to shield your infrastructure from threatening DDoS attacks. The solution will filter all incoming traffic and eliminate any necessity to utilize multiple solutions for each ISP.  The beauty of this solution is it is able to provide cross-ISP correlation to detect and mitigate the impact of recurring attacks. This approach is believed as the most effective and easily maintained solution. It manages the protection and provide expert access to dedicated experts who can help in cases of operational problems.

This solution  employs large-capacity scrubbing centers and reliable filters equipped with intelligent mitigation tools. Multiple intelligent filtering platforms are now common in this business, augmented with additional proprietary mechanism to in second-detection. The security guarantee is leveraged seeing that some providers build mutual relationships in order to set collective alarm for attacks and particular new vectors. The relationships create cross-sector framework for threat intelligence in order to assist identifying emerging threats more accurately and effective countermeasure to new attack vectors more rapidly.  It is also prudent to make sure that the provider has working relationship with respective security agencies such as FBI, Interpol in cases if you decide to take legal actions against the attackers.

Appoint the Best Service Provider for DDoS Solutions

 Considering potential loss due to DDoS attacks, organization should implement appropriate level of protection against the attacks. While cost is still a primary concern in investing to a security solution, you should be actually be looking at the true value of the approach that suit your organization. Although, the costs of the cloud based approach may seems exorbitant initially, be aware of the hidden cost of DDoS protection, which includes an array of operational cost related to maintaining shield against DDoS attacks and continue maintenance of infrastructure and expertise to reduce the impact of those attacks.

Your decision to outsource DDoS protection will be wise if you carefully select a specialized service provider whose proven track record in DDoS protection. Your organization can benefit from the economies of scale, free from burdening our staffs of unnecessary worry about such attacks, and empower them with their creativity to perform high value projects to support the business growth.

After you have done that, you can breathe easier knowingly that at least your company will not be in the headlines for the wrong reasons.