Gaming companies outsmart DDoS attack with new software security solutions

#News(Security) [ via IoTForIndiaGroup ]

The outdated defense

Hardware mitigation solutions were not designed for the cloud and IoT era and are, unfortunately, too simplistic to keep up with these types of sophisticated threats. When gaming companies suffer these DDoS attacks, the current common defense is to backhaul all traffic suspected of being infected to a scrubbing center where racks of purpose-built mitigation machines clean it in a single pass through. Attack detection starts with a baseline measure for what constitutes “normal” and then looks for anomalies, such as sudden large spikes in traffic. The affected traffic is then re-directed and backhauled to the scrubbers.

There is nothing elegant about this approach; it is slow and it suffers from a lot of false positives, meaning the unnecessary backhauling of large amounts of uninfected traffic. The detection hardware lacks the raw compute power required to perform the additional analytics needed to separate out the false positives. And, as the scale of DDoS attacks escalates, these inefficiencies become increasingly costly to gaming companies, since the system has to spend resources fighting phantom attacks, instead of identifying and dealing with other attack vectors.

A more efficient solution

A more elegant and faster approach exists using software-based multi-dimensional analytics, making detection more precise. They combine real-time network telemetry with advanced network analytics and other data such as DNS and BGP (among others) to see down to the source of attack traffic in real time. Multi-dimensional analytics provide visibility into cloud applications and services and can instantly identify where the traffic is originating, determining whether it is friend or foe. Additionally, big data approaches to traffic modeling can help compare a potential event to past attack profiles and be more precise about what degree of variability from ‘normal’ is OK. Armed with this kind of analysis, it becomes possible to create simple, effective filters at the peering edge of the network for the zombie PCs, IoT devices and/or cloud servers that are carrying out the attack.

The offending traffic doesn’t have to be sent to the scrubbers; it is simply blocked at the edge. And every vector of the attack can be identified, pinpointing the attack endpoints and allowing for surgically precise mitigation. The ability to identify the endpoints of the attack in real-time means that rapidly changing attack vectors can also be identified and counteracted as the attackers attempt to play cat and mouse with network security operations.

This is a high stakes game that is escalating with the spread of inexpensive, insecure cloud services (<10 GB) and IoT devices. DDoS botnets have evolved beyond infecting PCs and now use IoT devices and Linux servers in the cloud. This new arsenal of weapons is giving hackers a completely different level of power than they’ve had before. Fortunately, software security solutions built around deep network analytics and big data techniques are also game changers. For those gaming companies that have employed them, they can meet the threats with confidence, for now, with the winning approach.

Read More..