Arbor

ITNewsAfrica logo


Latest News       Profile      Arbor Networks Website       Contacts       IT News Africa


linkedin   twitter icon   facebook


 

 

Opinion Article

Lessons from ‘The Art of War’: intelligent automation maximises speedy response in the fight against DDoS attacks

Learning from the days of ancient China - Arbor Networks reminds us that speed is of the essence in DDoS attack mitigation

JOHANNESBURG – June 11, 2018 – Some 500 years BC (544–496 BC), the Chinese general, military strategist and philosopher, Sun Tzu wrote that ‘speed is the essence of warfare’. These words are as true in today’s age of cyberattacks, in which Distributed Denial of Service (DDoS) attacks are rising in size, frequency and complexity, as they were in ancient China.

This is according to Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman, who says, “Data from Arbor Networks’ Active Threat Level Analysis System (ATLAS) shows that a DDoS attack occurs somewhere in the world every six seconds. We can learn from Sun Tzu’s teachings in today’s cyberwarfare world. Speed is truly of the essence in stopping the attack on the network to minimise its impact, and at these moments, the best defence against the modern-day DDoS attack is an automated, intelligently layered approach to DDoS attack detection and mitigation.”

Hamman says an analysis of recent trends has shown that many DDoS attacks are increasing in complexity, but at the same time they are over very quickly, lasting for less than 30 minutes. He continues, “The modern-day DDoS attack – as illustrated by the Mirai Botnet - is a multi-vector threat which employs three different types of attacks, namely: volumetric attacks, which employ speeds of up to 800 Gbps and saturate links; TCP state exhaustion attacks, which attack load balancers, firewalls and IPSs; and application layer attacks, which are low and slow stealth attacks that crash application servers.

“Within this context, you need to take a layered approach to network protection. Additionally, automation is a key requirement of your DDoS defence. To stop high volume, large attacks that target Internet connectivity, your defence system must use the cloud, away from the intended target before local protection is overwhelmed. Application-layer and state-exhaustion attacks need to be detected and mitigated on-premise close to where the applications or services reside.”

He points out that to defend against such a multi-layered DDoS attack and minimise an organisation’s downtime, a hybrid or multi-layered approach is required. It is critical, he stresses, for this solution to have an intelligent form of communication to integrate the in-cloud and on-premise layers (Arbor’s Cloud Signaling capability), backed by continuous up-to-date global threat intelligence.

Hamman gives the following example of intelligent automation using a hybrid DDos defence deployment, which combines an on-premise protection with cloud-based mitigation.

The on-premise inspection data management system (IDMS) is customised using specific applications running in a specific datacentre. These local, customised policies are continuously sent to a cloud-based DDoS protection service. When an attack occurs that is larger than the capacity of the on-premise protection, a digital signal is then sent to the cloud-based DDoS protection. Thereafter, attack traffic is automatically re-routed to a cloud-based scrubbing centre, where previously-sent customised protection policies are automatically applied to the attack traffic. The intelligent automation consists of pre-matching customised protection policies to specific applications running in the datacentre, and thus having a faster response from the cloud DDoS protection service when an attack occurs that is larger than the on-premise protection can handle.

Hamman concludes, “It’s by no means a stretch of the imagination to equate modern DDoS attacks – and how to fight back - with the tactics employed during war. To give just a couple of examples, Iran was blamed for a hack of the British Parliament in 2017, which briefly took systems offline, while in November last year, the head of Britain’s National Cyber Security Centre, Ciaran Martin, warned that Russia had targeted British energy, telecoms and media sectors. There are many security experts who believe that Russia in particular has integrated cybersecurity into a wider range of activities, which are often termed ‘hybrid warfare’ and which is part of a wider trend to use information as a weapon.

“And so, as Arbor continuously looks to perfect our network protection solutions, we can look to Ancient China once more and Sun Tzu’s words when he wrote: ‘The art of war is of vital importance to the State. It is a matter of life and death, a road either to safety or to ruin. Hence it is a subject of inquiry which can on no account be neglected’. To paraphrase his words into a modern-day context, the importance of your network protection is critically important and cannot be underestimated or neglected.”

[Textbox]

Sun Tzu is widely credited as the author of ‘The Art of War’, an influential work of military strategy that has affected both Western and Eastern philosophy, and which continues to influence aspects of modern life even today, for example in business and sports teachings as well as actual military operations.

[Close textbox]

For more information about Arbor in Africa, please contact Bryan Hamman at bhamman@arbor.net.

About Arbor NetworksArbor Networks, the security division of NETSCOUT, helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context so customers can solve problems faster and reduce the risks to their business.

To learn more about Arbor products and services, please follow us on Twitter @ArborNetworks. Arbor’s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal.

Trademark Notice: Arbor Networks, the Arbor Networks logo and ATLAS are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners.

Contacts

icomm, Vivienne Fouché, +27 (0) 82 602 1635, vivienne@pr.co.za, www.icomm-pr.co.za




 

Home    About Arbor Networks     Website     ITNewsAfrica.com

 

COMPANY PRESS OFFICE

ITNewsAfrica logo

 
 
Download Button