Preparing for Battle with DDoS Attacks

Avi Freedman, Co-Founder and CEO of Kentik

No website manager wants to be the target of a Distributed Denial of Service (DDoS) attack, but such attacks happen all the time so it's important to have a defensive strategy in place in case your site does come under fire.

The first challenge that most people face when dealing with a potential DDoS attack is simply understanding what's happening. Is it a misconfiguration, is it an attack, or is it someone hammering our website trying to get information? So first off, what's going on?

The second major hurdle is that a lot of companies don't have enough infrastructure to internally protect themselves. They either need to engage a cloud service provider for analytics, detection and mitigation, or they need to take a hybrid approach with some protections deployed internally and some in the cloud. Most of the 15-year-old DDoS protection technologies run on appliances that you can only put in one place on your network, so they've got a limited amount of information that they can process and store, and only for a limited amount of time.

The really big challenge with DDoS attacks - and with network planning and most network analytics cases in general - is that you don't always know in advance what you want to ask the system. That's why you really should have a Big Data approach that can take all the data from the infrastructure, store it and give you actionable insights, but also let you explore the data in ad hoc ways that you didn't expect.

Most of the tools on the market today only allow you to view your network in one specific way, but a Big Data approach lets you drill down into the data from multiple vantage points. The way that practitioners want to interact with the visibility plane is akin to how we use Google Maps 360-degree view. You look at something and say, "Oh, that's interesting. Let me scroll it over here to see where this leads." Well, if you don't have a way to view the data, you can't answer those new questions. A well-designed big data solution solves this.

Ideally, such a Big Data platform isn't a silo unto itself, but instead takes in data, provides certain functions, and integrates with the other tools and software that you need. A Big Data visibility platform can actually keep all of the data that you may need in the future - especially if you don't know in advance what use you are going to make of that data.

With a Big Data architecture, website practitioners can build in automated alerts to detect DDoS attacks and other anomalies in real-time. They can also use Big Data platforms to monitor software-defined networks and track any changes in SDN behavior, and to get a handle on the growing Internet of Things. The key is to get positioned for what's coming next, because something new will inevitably come along.

You will also need to ensure that the data is consumable in the ways that you want. Ideally, you can both store and consume data with an on-premises platform, if that is your security requirement. Or you can outsource with a cloud vendor to run the platform if you really want to stay focused on your core business mission. The point here is to take proactive steps to prepare for attacks in worst-case DDoS scenarios, but realize that there is more than one technology path to get there, and each can be both plausible and effective.

The absolute explosion in the number of connected devices means there is going to be a huge increase in the total volume of traffic using the Internet and hitting networks in the coming years. That's why it is so urgent to get out in front of this problem now by preparing a strategy to track, characterize and understand what is normal network behavior versus abnormal.

Digital enterprises, Web companies and service providers know that their packets are their revenue, so their packets must be protected. They need to stay relentlessly focused on website performance with fail-safe availability. If their infrastructure isn't working, they lose the traffic along with the associated revenue, and the brand suffers as well.

In this context, security becomes an existential threat to a web business. The question is, do you have the tools to be able to understand whether your business can continue into tomorrow? When it comes to network monitoring solutions, it's best to deploy a Big Data architecture that will help future-proof your network from new types of attacks.