Page 11 - Cyber Warnings
P. 11
DDoS Defense: Can You Tell Friend from Foe?
By Avi Freedman, CEO of Kentik
In many organizations, networks are at the core of the business, enabling not only internal
functions such as HR, supply chain, and finance but also the services and transactions on which
the business depends for revenue. That makes network availability critical.
Any interruption of access from the outside world turns off the revenue spigot, impacting profit
and creating a bad user experience that can damage customer satisfaction and result in
permanent loss of patronage. The worse the outage, the worse the damage.
That’s why speed is so important in detecting, diagnosing, and responding to Denial of Service
(DoS) and Distributed Denial of Service (DDoS) attacks.
One of the chief challenges in responding to an attack is to distinguish friend from foe. Without a
way to drill down into traffic details and examine host-level traffic behavior, it can be difficult to
tell the difference.
Traditional network analysis technologies based on pre-cloud architectures have been too
limited in their compute and storage capacity to do more than perform pre-defined alerting and
summary reports.
That’s just not enough information to really get to the heart of what’s happening in a complex
networking scenario.
Fortunately, new big data techniques allow us to dig deep into huge volumes of network traffic
details so that it’s possible to understand what is really going on.
With a properly implemented big data platform, you can pivot your views of data to rapidly gain
insight, in operational timeframes, so you can act to mitigate an attack or remediate a more
innocent but still painful network issue.
We’ll examine data that is readily available through common network traffic flow telemetry
exports such as those provided by routers and switches enabled by NetFlow, sFlow or IPFIX.
Starting at the Top
Let’s say we’re seeing symptoms of an attack in our infrastructure. We’ll use traffic flow
summary data to quickly scan total traffic in bits per second just to see if anything stands out.
11 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
