Data Analytics and DDoS Mitigation: Lessons Learned
-
Upload
david-collins -
Category
Documents
-
view
214 -
download
2
description
Transcript of Data Analytics and DDoS Mitigation: Lessons Learned
![Page 1: Data Analytics and DDoS Mitigation: Lessons Learned](https://reader031.fdocuments.in/reader031/viewer/2022020419/568bd8541a28ab2034a2f4fa/html5/thumbnails/1.jpg)
1
DataAnalyticsandDDoSMitigation:LessonsLearned
Inthecybersecurityindustry,ITisdrivingtheuseofdataanalyticstogainreal‐timeinsightintotrends,attackerbehaviorsandspecificcybersecurityevents.Real‐timedataanalysiscanbeapowerfultooltohelpInternet‐facingorganizationsbuildastrongercybersecuritystrategy.
DefendingagainstDDoSattacksisareal‐timechallengeforDDoSmitigationserviceproviders.HundredsofmillionsofdatapointsinmultiplestreamspourintoaDDoSmitigationplatforminrealtimeduringanattack.ADDoSmitigationprovidermustquicklymakesenseofthisdelugeofdataandmakeprecisedecisionsastowhichdata/traffictoallowandwhichtoblock.
TheProlexicapproachtoDDoSdataanalyticsMerelysummarizingnumericaldatawillnotshowifnetworktrafficanomaliesaremaliciousornot.Prolexicusesdataanalyticstodrawinformedconclusionsandanswerquestionssuchas:
IsasiteunderDDoSattackoristhisanotherkindofnetworkanomaly,suchasaflashcrowd?
Ifunderattack,whattypeofDDoSthreatisthisandwhichpartofthecustomer’sinfrastructurecouldbemostaffected?
Wherearetheattackscomingfrom?Haveweencounteredtheseattackersbefore? Whataretheattacksignatures?Haveweseenthembefore?Aretheychanging?
Figure1:ProlexicleveragesawidevarietyofmetricsandmodelstoprovidemeaningfulDDoSinsight.
![Page 2: Data Analytics and DDoS Mitigation: Lessons Learned](https://reader031.fdocuments.in/reader031/viewer/2022020419/568bd8541a28ab2034a2f4fa/html5/thumbnails/2.jpg)
2
OurdataanalyticssystemProlexicacquiresbillionsofDDoSattackmetricsfromsensorsmonthly.Eachsensorsamplestensofthousandsofmetricseveryminuteandmaycapture30to40metricsforeachnetworkobjectorapplication.Somecustomershaveasmanyas30,000networkmetrics.OursystemdistillsthedataforourDDoSmitigationexpertstoanalyzeandactupon.Bycorrelatingthemetricsandshowingtheirrelationships,Prolexic’smitigationexpertscansearchonthedatainrealtimeandextractintelligencetohelpthemmakethebestandfastestdecisionsonhowtomitigatetheattack.
Whatwe’velearnedThreeofthelessonswehavelearnedare:
UsingdataanalyticsforDDoSmitigationrequiresalargecapitalinvestmentandamulti‐yearefforttobuildasystemthatcantakemyriadsourcesofinformationandpresentitinawaythatsupportsrapiddecisionmaking.
Automaticdecision‐makingalgorithmsarepronetofalsepositives.Soasgoodastoday’sanalyticssystemsare,forDDoSattacks,theycannotreplaceanexperiencedlivemitigationengineer.
Batch‐orientedanalyticssystems,suchasHadoop,havelatencythresholdsthataretooslowtosupportthereal‐timerequirementsofProlexic’scyber‐attackmitigationtimeframe.
GetthewhitepaperDataAnalyticsandDDoSMitigation:LessonsLearnedathttp://www.prolexic.com/ddosanalyticsformoredetailsandconclusions,including:
ThethreeimportantquestionstoaskofyourDDoSdata Theproblemoffalsepositives Thelatencychallengesofbatch‐orientedanalytics ThegapbetweenthecapabilitiesofautomatedsystemsandliveDDoSattackers HowProlexicmanagesthebigdataassociatedwithDDoSattacks Morelessonslearned
AboutProlexic
ProlexicTechnologiesistheworld’slargestandmosttrustedproviderofDDoSprotectionandmitigationservices.Learnmoreatwww.prolexic.com.
AboutPLXsert
ProlexicSecurityandEngineeringResponseTeam(PLXsert)monitorstheglobalmaliciouscyberthreatsandactivelyanalyzesDDoSattacksusingproprietarytechniquesandequipment.