Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is a hybrid DDoS defense strategy the best option for enterprises?

Choosing between on-premises and cloud DDoS services can be challenging, so why not use both? Expert Dan Sullivan explains.

How does hybrid distributed denial-of-service protection differ from traditional DDoS protection in terms of security?...

My organization is wary of adopting a complete cloud or traditional DDoS prevention strategy and thinks a combination of the two may be better.

The history of information security is a repeating pattern of emerging malicious threats leading to the creation of countermeasures, which in turn triggers a response by attackers to create new techniques that avoid or circumvent the latest countermeasure. The history of denial of service follows this pattern with the latest cycle, leaving many organizations vulnerable to sophisticated distributed denial-of-service (DDoS) attacks.

The latest incarnation of DDoS attacks are easy to deploy and use a simple strategy: generate such a large volume of malicious traffic that target devices are overwhelmed. Some attacks take advantage of vulnerabilities in commonly used Internet services, such as the Network Time Protocol (NTP). Attackers can send malicious messages to an NTP server and force it to send large volumes of data (e.g., hundreds of records describing servers that have contacted the NTP server) to a target device.

In addition to these volumetric attacks, some attackers are turning to application-level attacks that overwhelm an application without necessarily saturating network capacity.

The take away from long- and short-term history is that the precise mechanisms of DDoS attacks are constantly changing and therefore difficult to keep up with. This situation lends itself to specialized cloud services provided by vendors that specialize in DDoS, cloud DDoS and hybrid DDoS attacks by monitoring the state of attack methods and can detect volumetric attacks.

Application attacks, however, are more specific. In terms of the OSI network model, monitoring lower levels of the OSI stack is useful for detecting and mitigating volumetric attacks, but are less effective at countering application-level attacks. On-premises technologies with application-specific evaluation criteria are a better option for application-level attacks.

Security and business decision makers are in a difficult position. Volumetric attacks can quickly overwhelm network resources, so automated, cloud-based responses may be the best option. Applications can also be overwhelmed, but application owners may be rightly concerned about automatically shifting and filtering traffic to line-of-business, mission-critical applications.

A combination of the two approaches -- a hybrid DDoS strategy -- allows organizations to take advantage of the strengths of each approach while countering the weaknesses of each. Even with hybrid DDoS countermeasures, there are challenges to countering traditional and cloud DDoS attacks; there is a risk of incorrectly identifying legitimate traffic as malicious and disrupting business operations.

History has demonstrated that the types of attacks we can expect will change over time -- as will the countermeasures we have to deploy.

Ask the Expert:
Want to ask Dan Sullivan a question about cloud security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn the difference between traditional and cloud pen testing

This was last published in June 2015

Dig Deeper on Cloud Network Security Trends and Tactics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close