If your IT job is all about maintaining network performance, then you no doubt understand the stark reality that distributed denial of service (DDoS) attacks are on the rise.
From denial of service attacks to network-level infiltration attempts, it’s getting increasingly complicated for companies when it comes to achieving a high-level of critical-infrastructure security; Gartner recently notes that high-bandwidth DDoS attacks are becoming the new norm and will continue wreaking havoc on unprepared enterprises.
It’s the primary reason why the Cloud Signalling Coalition (CSC) recently formed to help tackle these escalating network threats. The CSC is the brainchild of Burlington, MA-based, Arbor Networks and according to senior director Rakesh Shah, whether application-layer or cloud-based, DDoS attacks are forcing network security approaches to evolve accordingly.
Looking at recent news of high-profile data infiltration and DDoS attacks in the corporate financial services world for example, it’s safe to say network threat levels have grown, says Shah, adding that real world threats from so-called “hacktivist” groups such as Anonymous can represent millions in potential financial losses and irreparable brand damage. Shah notes what’s truly interesting (or scary) is that these malicious groups are becoming ever more tech savvy: “There are definitely changing the vectors to have the most impact on the network. So if they go after a bank for example, rather than just launching a simple flood attack, they are really changing the variance or characteristics of the attack dynamically – be it packet per second or layering in a bandwidth attack. These are pretty sophisticated organizations who are doing this.”
The majority of DDoS services out there involve logging into a portal or picking up the phone when there’s an attack, which isn’t the most efficient approach, says Shah. And under the premise that threat detection and mitigation requires the collaboration of all stakeholders – from the customer premise to the service provider cloud — the CSC (of which Allstream is a member) operates with access to real-time monitoring in mind.
Defined by Arbor Networks as a set of threat mitigation strategies and technical capabilities, cloud signalling attempts to effectively contain DDoS attacks via a coordinated response between service provider and the data centre. This is accomplished, Shah notes, through the coordination of CPE security devices, via a console, with upstream ISPs existing DDoS services to help prevent volumetric DDoS attacks.
Comprised of managed service providers (in-cloud), data centre operators and private and public organizations, the CSC is about looking at proactive methods of preventing both larger volumetric DDoS attacks in the service provider or MSSP cloud as well as application layer attacks, which are a lot harder to detect and stop in the cloud, he notes.
Breaking it down in a general perspective, experts note that thwarting DDoS attacks can come down to developing a sound DDoS mitigation strategy. This can involve reviewing and understanding the various forms of blended network and applications threats that are out there and planning accordingly.
With the idea of fostering “proactive ways to block harmful traffic without impeding legitimate traffic,” CSC members can thus have deliver a collaborative approach where service providers can offer managed security services designed to boost threat response times.
“Success for the CSC would be defined as deploying best practices around DDoS attacks,” says Shah.