Use Cases

Intelligently Automating DDoS Response


Issue link:

Contents of this Issue


Page 0 of 1

l USE CASE l S E C U R I T Y Intelligently Automating DDoS Response Challenge As DDoS attacks have increased in frequency and complexity, ISP network or security operations teams face an increasing challenge. The latest attack tools can change the attack vectors used within a given attack automatically, every few minutes or seconds, making it necessary for those managing attacks to continuously monitor and tweak their defenses. This increases the operational overhead of the DDoS threat – the number one threat to network availability for ISPs and their customers. Risk Black-box automation either works or it doesn't. Every ISP has a different network, they have many different customers with different expectations around DDoS defense, and the DDoS attacks they have to deal with are changing all of the time. Black-box automation is not the answer, as shown by a recent Heavy Reading survey which highlighted the importance of configurability and reporting when customers are looking for automated capability. Solution Arbor's Active Threat Level Analysis System (ATLAS ® ) is one of the world's most extensive threat intelligence gathering platform, delivering near real-time visibility into threat activity across the Internet. More than simply collecting and analyzing data, the Arbor Security Engineering and Response Team (ASERT) curates this threat intel into threat policies and countermeasures delivered via the ATLAS Intelligence Feed (AIF) directly into the Arbor Edge Defense (AED) and Sightline/Threat Mitigation Systems (TMS) intelligent DDoS mitigation systems. NETSCOUT ® has invested in Intelligent Automation. When we automate a process, we allow our automation to be configurable so that our customers can adapt it to their environment and situation. We ensure that the reasons for any automated decisions are clear and logged appropriately giving an audit trail. And, we provide full reporting on the impact that an automated response has to traffic. Arbor Sightline With Sentinel automates DDoS defense in this way, allowing network operators to speed up attack response and reduce the operational overhead plus cost of dealing with attacks. During a DDoS attack, time is of the essence. A few seconds can mean the difference between a successful mitigation and costly service downtime. Anything that accelerates your mean time to detect (MTTD) and respond (MTTR) to an attack is to your advantage. That makes automation a high priority in the selection of a DDoS defense solution. An intelligent solution can buy you precious time by detecting attacks early and automatically deploying the appropriate countermeasures. But automation must block attacks while not blocking legitimate traffic, and it must inform the operator what was blocked and why. In other words, to be effective it must lead users to the right answer, provide context and supporting analytics and, most importantly, be human-guided – not 'black box'.

Articles in this issue

Links on this page

view archives of Use Cases - Intelligently Automating DDoS Response