DDoS attacks are evolving exponentially and Big Data can come to rescue

What was once in a blue moon phenomenon for systems, and a minor irritation in the functioning has now become an existential threat – DDoS attacks!

As you might know, a distributed denial of service (DDoS) is an intentional attack on a system by inducing meaningless traffic through data requests by installing viruses or malware on the application hosting environment.

DDoS attacks severe in nature may hurt the reputation (and thus the revenue) of the enterprise as they lead to extended downtimes affecting the availability and performance of the applications. The only way to counter DDoS attacks is through timely detection and even timelier response from the NetOps and SecOps teams.

The latest DDoS attacks are so ingeniously executed that they have gone from Mbps to Gbps to a mind-boggling Tbps speed in a short duration of time. It is safe to say that the engineers of such attacks have upgraded themselves to cloud level before the enterprise data security can transition from scale-up architecture to scale-out architecture (cloud).

Why present day DDoS protection techniques are falling shot?

To determine the features that need to go into the making of a robust and fast DDoS protection system, it is necessary to evaluate the factors influencing the exponential growth of DDoS attacks.

The hackers are having a field day making DDoS attacks systems because:

1. The arena of DDoS attacks has expanded from being a pastime for individual hackers to a global market with rival brands and other entities spending money to sabotage enterprises. Apart from organizations, any gamer or activist can also bring about an attack for a few bitcoins.
2. No domain in the enterprise is spared from DDoS attacks.
3. The tools for DDoS attacks are open-sourced. E.g. Lizard stressor, Mirai.
4. The hackers are working at constantly improving the DDoS attack technologies using latest techniques like AGILE. They are also using DDoS attacks as distractions or ‘baits’ to target deeper levels of applications.
5. As the enterprises are not prepared to handle big data generated by IoT, the DDoS attacks are targeting these cloud systems at unfathomable speeds of tera-bytes.

On the other hand, enterprises are inching at a snail pace towards improving DDoS attacks, with most being stuck in the pre-cloud era.

Let’s take a rational look at where enterprises are falling short:

1. The most used counter measure is to scan, detect, and evaluate all traffic through a legacy solution that is ridiculously expensive. Only some enterprises can afford these inline solutions.
2. An alternative that is being adopted nowadays is to have the traffic monitored through out of the band Linux-based applications. This approach implemented in the scale-up environments fails largely because of limited compute and memory capacities.
3. Scanning all traffic is a static policy that is either overly broad. Identifying security threats requires a manual intervention after continuous monitoring of scanned traffic. The resulting analysis is a mixture of false negatives and false positives with very few hits. This slow reactive waterfall process keeps the resources busy ‘reacting’ rather than ‘planning ahead’.
4. As the scale-up DDoS prevention solutions are not equipped to deal with big data, there is minimal logging and only a few summary reports are generated.
5. Although these solutions share space with other network monitoring tools, they are heavily soiled making them vulnerable to the same flaws shared by the hosting and storage environment. This hampers their speed, efficiency, and memory making it impossible to track and analyze attack history.

What makes a robust DDoS security solution?

The need of the hour for DDoS security solutions is to make the switch to big data practices to remove the storage and memory constraints imposed by the legacy scale-up systems.

If some basic changes (which are long overdue) are implemented, there will be a tremendous improvement in the DDoS attack handling capabilities of enterprise applications. Let’s take a look at them:

1. Big data Analytics systems can maintain a log of malicious and suspicious IPs that has initiated DDoS attacks in the past. This makes it possible to have adaptive base lining of such IPs leading to increased accuracy in anomaly detection.
2. Big data Analytics systems can handle huge chunks of data thus making it possible to have complete logs of raw data, which can be analyzed to derive exploratory analytics that help enterprises stay one step ahead of the DDoS attackers.
3. These solutions are cloud-based and operated through APIs allowing for a specific response to a DDoS attack, rather than static policy implementation. API-based solutions can also collaborate with multiple vendors and low-cost mitigation systems.
4. They provide unified visibility in that they can provide insights into a lot of other information in addition to the DDoS attack data. They can help in monitoring traffic flow, network performance, routing data, and device/interface data.

To conclude

Enterprises are lagging in developing advanced countermeasures for the ever evolving DDoS attacks that are already making use of cloud-based technologies. Big data can help bridge this gap, by removing the limitations imposed by legacy security solutions. It is advisable to contact a big data service provider which is based DDoS protection platform that is available as a SaaS, rather than developing an in-house custom solution to reduce cost overheads and receive the best-in-class security.

About The Author: Aaron Jacobson, Application Developer at Technoligent – a big data service providing company. Aaron has the knowledge of App and web development and he can work with big data analytics very well. Technoligent has a team of application developer and Aaron has the responsibility of a leader. Aaron has the M.S. Degree in Computer Science. Contact me on technoligent@nexcorp.in.