Industry-Leading Tools to Mitigate DDoS Threats

Feb. 17, 2023
New tools can help data center operators fight back against DDoS and emerging network security threats.

This concludes our article series on DDoS protection in a connected world. This week we'll shift our focus from experiencing DDoS attacks to defending against them.

So far, we’ve covered the evolution of DDoS and how it impacts data centers and cloud ecosystems. Now, let’s dive into specific DDoS attacks and how to defend against them.

There are three types of DDoS attacks on which we will focus.

  1.  Volume-Based Attacks. The strategy here is to flood networks with heavy volumes of data. Think of it as a pileup on a freeway. This massive amount of additional network traffic will consume bandwidth, shut down services, prevent users and customers from accessing essential services and sites, and bring a business down to a crawl. For data center providers, a massive DDoS attack could slow down several clients sharing bandwidth. There are various ways a volumetric attack can happen, including botnets, reflection, and amplification, and the attack often uses connectionless UDP as the delivery method. While this attack can be easy to detect, it can get very challenging to mitigate.
  2. Network Protocol Attacks. Network protocol layer attacks aim to exploit your network’s protocol weaknesses. You could be in trouble if you have poorly configured layer 3 and 4 policies. Simple attacks can include SYN floods or pings of death, and more sophisticated attacks go after higher-layer SSL handshake renegotiations.
  3. Application Layer Attacks. At the application layer, we use many services to allow the app to run. The Application layer attacks aim at application platforms, web servers and services, APIs, libraries, and even the application itself. These attacks are usually a lot more targeted and planned out in advance. Malicious actors will do their homework to understand the application, user interaction, app behavior, and potential weaknesses.

As a data center provider, you already have much to worry about. However, keeping your networks safe is a crucial business aspect you can’t ignore. Telecommunications and network management have come a long way. And our ability to lock down and segment networks has advanced as well. However, right alongside are the malicious actors advancing their tactics as well.

For data center providers, DDoS attacks are now more dangerous than ever. Malicious actors want the data that data centers store. So, what happens when a DDoS attack is just the tip of the spear?

Now that you have a solid framework on DDoS threats, it’s key to broaden our perspective on these attacks. Specifically, what happens when a DDoS attack is only a distraction?

DDoS as a Smokescreen

To begin, there will usually be a motive for an attack. In today’s connected world, a DDoS attack may be launched for more reasons than just taking down a website or a service. We mentioned smokescreens in a previous article. Usually, a malicious actor, sometimes a nation-state, will launch a DDoS attack to remove security resources and use the attack as a smokescreen to access other parts of the network. When DDoS is used as a smokescreen, these other activities may be happening:

How Do You Detect Malicious Traffic?

There are two critical methods for detecting malicious traffic. DDoS attack traffic should be mitigated as close to the network edge as possible.

  1. Analyzing the metadata of traffic flow data — best for volumetric attacks
  2. Packet inspection — effective for all three types of attacks

To detect these attacks, consider the following:

Outside of solid development practices, detection might require the analysis of a packet’s payload (GET vs. PUT) to detect if an attack is happening against an application or an app service.

What Should I Be Looking for in a DDoS Solution?

There’s never a silver bullet regarding the security of an entire infrastructure. However, there are vital considerations when selecting a solution for DDoS protection. Narrowing it down a bit, here are three critical considerations for data center providers when choosing a DDoS solution:

If you’re a data center, service provider, or an organization that’s rapidly scaling out, there are two additional points to consider:

Download the entire special report, The Security Gap: DDoS Protection in a Connected World, featuring A10, for an exclusive real-world data center provider use case where modern DDoS solutions impact network protection and creates a business opportunity.

About the Author

Bill Kleyman

Bill Kleyman is a veteran, enthusiastic technologist with experience in data center design, management and deployment. Bill is currently a freelance analyst, speaker, and author for some of our industry's leading publications.

Courtesy of AFL

Hyperscale Rising

Alan Keizer and Keith Sullivan of AFL explore the growth and evolution of hyperscale computing from being a nice-to-have to a must-have.

White Papers

Dcf Vertiv Wp Cover 2022 08 15 13 47 38

Vertiv’s Approach to Environmental, Social and Governance Matters

Aug. 16, 2022
Vertiv presents their approach to environmental, social, and corporate governance (ESG) including what they’re doing for the planet, for their people, and for their neighbors....