F5 Blog

 
Archive Search Articles

The Next Generation of DDoS Protection is Hybrid

The term hybrid, in technology, has come to mean composing some thing from two or more seemingly disparate things. Hybrid cloud, for example, brings together SaaS, IaaS, and on-premise as the basis for a new, diversified corporate computing environment. While diverging from the traditional, scientific definition, the use of “hybrid” to describe these new entities is nonetheless commonplace, if not entirely accurate for those of us whose superpower is, in fact, pedantry.

Security, too, is experiencing the pressure associated with “hybrid”, particularly when it comes to DDoS attacks. That’s because the attacks themselves are largely hybrid; comprised of both traditional volumetric and application-focused attacks, as was noted by SANS Institute back in 2014:

The most damaging DDoS attacks, which mix saturated attacks with targeted, application-specific attacks, have much the same frequency (39%) as targeted (42%) and volumetric (41%) alone. DDoS attacks tend to use a small set of Internet ports, but a variety of techniques to cause damage.

DDoS attacks are rapidly evolving in severity, complexity and sophistication. According to one recent report, 64% of attacks employed multiple attack types.  This moves the needle on the scale of difficulty companies face in identifying and defending against denial of service attacks. Combined multi-layered attacks employ volumetric, bandwidth saturation, authentication-based and application level attempts to disrupt, deny, degrade or destroy internet facing information or application resources. 

Defending todays’ attacks requires multi-pronged approach with a combination of on-prem, out-of-band and cloud technologies along with centralized management, analytics and advanced methods to detect increasingly sophisticated attackers. How quickly organizations discover and stop these threats is key to ensuring continuity of services and reducing the financial impact on business.

-- SANS Institute (emphasis mine)

This trend has remained largely the same, with the technique now often referred to as smokescreening, which in other industry surveys has been experienced by 55% of DDoS targets. Nearly 26% of those lost customer data, and nearly half wound up with malware/viruses installed as a result.

With success rates like that you can bet this hybrid attack model will continue to put into play.

So how do you defend against these attacks? You fight fire with fire and go with a next-generation hybrid DDoS protection approach. That means a solution that marries traditional volumetric defenses with application-specific protection as well as adopting the ability to leverage both on-premise and cloud-based scrubbing to fend off those attacks that might otherwise overwhelm the corporate Internet connection. Basically, you need on-premise protection that can detect an imminent bandwidth saturating attack and activate an on-demand, cloud scrubbing service capable of absorbing the volume to prevent disruption of business.

But a modern approach is more than just having a cloud-based option readily available. Next-generation hybrid security architectures must streamline the process of moving seamlessly from on-premise to cloud-based scrubbing in the face of an attack. This new breed of hybrid DDoS protection should be able to detect attacks and act automatically, shifting scrubbing duties from on-premise to cloud when business disruption is imminent as defined by technical and business parameters.

The result is a multi-layered approach to defending corporate apps, data, and networks. It’s a next-generation solution combining the power of a specialized appliance with the expertise of a built-for-DDoS protection cloud-scrubbing service. It’s a comprehensive solution that takes advantage of on-premise dynamic behavioral analysis to identify and mitigate attacks, machine-learning to detect evasive threats or traffic anomalies, and powerful automation capabilities to boost efficiency. Application- specific threats are discovered based on data stream logic, aggregated signals from HTTP, and the boundaries of TCP requests, transactions, server health, and similar characteristics.

And when the volume peaks on-premise, threatening to disrupt business by slowing down or stopping access to apps both corporate and consumer, volumetric attack traffic can be seamlessly redirected to an on-demand, cloud-based scrubbing service with nearly infinite scale to alleviate the pressure created by such frontal assaults on the business. 

That’s the power of specialization. By combining a focused on security DDoS protection appliance

with a focused on DDoS protection cloud service, you get the best of both worlds. Which is really the point of a hybrid approach: combining the best attributes of two different models to form a single, comprehensive and efficient solution. Welcome to the new normal.