Articles

Automation Puts Time on Your Side In DDoS Attacks

NETSCOUT Articles

Issue link: https://read.uberflip.com/i/1321201

Contents of this Issue

Navigation

Page 0 of 1

That's especially true in today's cloud and enterprise environments, where the combination of greater dependence on internet connectivity and a wider range of security threats can overwhelm network and security operations teams. Security teams, in particular, are under increasing pressure to make critical, on-the-fly judgements about which threats are real and which mitigation measures to deploy – all while the clock is ticking. That makes automation a high priority in the selection of a DDoS defense solution. An intelligent solution can buy you precious time by detecting attacks early and automatically deploying the appropriate countermeasures. But automation must fundamentally block attacks while not blocking legitimate traffic, and it must inform the operator what was blocked and why. In other words, to be effective it must lead users to the right answer, provide context and supporting analytics and, most importantly, be human-guided – not 'black box'. ARBOR NETWORKS DDOS SOLUTIONS LEVERAGE AUTOMATION IN THREE WAYS 1. Built-In Countermeasures Arbor Networks APS, our inline, always-on DDoS solution for enterprise and datacenter applications, incorporates more than 30 built-in automated countermeasures, each designed to detect and automatically engage on specific types of attacks based on our deep experience and knowledge of the attack landscape. When APS detects a particular attack, such as a TCP Syn flood, blacklisted hosts or multiple connection attempts from a single host, it will automatically enable/disable the right countermeasures to mitigate those attack types and provide detailed analytics and reporting on the events. If an attack happens to be in progress when the APS is initially deployed, its countermeasures can still activate immediately because it doesn't require learning times and baselining. Although these built-in countermeasures are designed to work effectively right out of the box, many can also be custom- configured to trigger on the basis of user security policies and risk thresholds. AUTOMATION PUTS TIME ON YOUR SIDE IN DDoS ATTACKS During a DDoS attack, time is unforgiving. A few seconds can mean the difference between a successful mitigation and costly network downtime. Anything that accelerates your mean time to detect (MTTD) and respond (MTTR) to an attack is to your advantage.

Articles in this issue

view archives of Articles - Automation Puts Time on Your Side In DDoS Attacks