A new approach to taming DDoS
Network-based and automated DDoS remediation is a pressing need with a telco business opportunity at its core. Let’s design for success.
I won’t spend much time telling you what you already know: network security is a huge problem and approaching crisis-stage as everything from industrial know-how to state security becomes more online and vulnerable.
DDoS is but one segment, but hugely important since it can take down even well secured applications, for commercial gain, political goals or ransom. If these problems can be mitigated or reduced, money ought to be plentiful.
That’s a great business opportunity.
Looking broadly at security, we see consistent evidence from multiple sources, including the U.S. Federal Bureau of Investigation (“FBI”) and Nokia’s own data from a major analysis by Deepfield, recently made public.
Some trends may be simplified for emphasis:
- Security attacks, and those employing DDoS in particular, are not using new and unknown methods, but employing the same tricks and vulnerabilities by the same set of perpetrators.
- Most vulnerabilities come from known weaknesses, and from errors and omissions that can often be traced to manual methods that are inherently imperfect
- Cloud, IoT and other macro trends are adding complexity to the secured environment, and new tools for perpetrators to apply at scale.
Yes, this is greatly simplified (and interested readers can gain more insights in Appledore’s security research stream) but it’s also true. And if the challenge is that perpetrators are employing cheap and automated attack methods to overwhelm defenses; and that they are exploiting known vulnerabilities, as well as common misconfiguration errors, the mitigation imperatives are twofold, in order to fight fire with fire, and win:
- Employ automation to reduce errors, and speed remediation, early, at scale
- Design an infrastructure with the scale and cost structure to reduce or eliminate DDoS affordably
In this Research Note, we argue for a new posture and approach that leverages lots of buzzwords, but in a very practical way – with economics and a business opportunity at its core.
By employing big data analytics, ML, automated responses, and Netconf/Flowspec (or any similarly programmable) router, and by leveraging modern high-performance routing chips that can cleanse DDoS at vastly lower cost (cleansing infrastructure, backhaul) the industry has the opportunity to both “win” the war with DDoS attackers, and to create a new business and revenue stream.
Rather than repeat the Research Note here, we hope that we have wet your appetites to read more about our position on DDoS and then to read more broadly about the Sea Change we believe is taking place in security more broadly, and network operators’ opportunity therein.
In closing I encourage the industry (service providers, suppliers) to think about DDoS in two much larger contexts:
- First, as a part of the evolution of security from manual silos to an automated holistic security architecture
- Second, as part of the similar evolution in networking to SDN, automated configuration, and constant ML-based intelligence gathering that can then be acted upon, automatically. In this context, DDoS is just one specialized application of big-data analytics and ML, of SDN and of automated network configuration.