intelligent

As packets attempt to enter the network , it is important to automatically , and accurately , classify them in real time ; to determine whether they are treated as ‘ good ’ or ‘ bad ’ traffic . This granular level of analysis is essential . The inspection of all traffic , at the packet level , enables the system to provide an accurate , un-interrupted flow of good traffic .

Mitigation is the next area . Having identified the DDoS attack traffic , it is imperative to block it quickly and accurately . DDoS protection which relies on security professionals analysing the data and making relevant policy updates , or swinging attack traffic via a cloud protection service , cannot react in real-time and prevent attacks from impacting business . Only with always-on automatic protection , is it possible to reduce the time to mitigation , from the tens of minutes of legacy solutions , to the seconds required to defeat modern attacks . Time-to-mitigation is critically important , as cybercriminals only need seconds to cripple services or take websites offline .

Alongside these two priorities , it is important that infosec teams , or contracted MSSPs , have direct experience with dealing with DDoS .

There are many types of attack vectors used for DDoS and each has a different profile . Increasingly , attacks comprise of multiple vectors , either used in succession , in parallel , or a combination of the two . The cybercriminals will use whatever attack profile is necessary to complete their objective . Security teams need to know what every attack looks like – both during and after it occurred . Comprehensive visibility is key to understanding the adversary and being able to confidently communicate to the business what happened and how well the defences functioned .

Questions such as ‘ how long was an attack ?’, ‘ how large was it ?’, ‘ which vectors did it use in an attempt to break through ?’ and ‘ was every part of the attack successfully mitigated ?’ all need to be answered with confidence and evidence . It is critical to have a DDoS protection solution that not only automatically blocks all types of DDoS attacks , but also provides comprehensive visibility into each attack , delivering the intelligence and forensics needed to prepare against emerging threats .

Stay agile

As the impact of the pandemic has shown , organisations need to have a degree of flexibility built into any DDoS protection strategy . When it comes to security solutions , it ’ s rarely a case of one size fits all and DDoS solutions are no exception . Some solutions only operate in the cloud , some are located on-premises but must sit out-ofband because they are not high-performance enough to inspect all traffic and not all are highly automated or can scale to the needs of every environment .

A good first step is to run a free test demonstration of any DDoS protection system which will at least give your organisation a benchmark of the current level of protection – and provide recommendation of where security can be improved . �

WHEN IT COMES TO SECURITY SOLUTIONS , IT ’ S RARELY A CASE OF ONE SIZE FITS ALL AND DDOS SOLUTIONS ARE NO EXCEPTION .

Ashley Stephenson , CTO for Corero Network