In our recent webinar, I discussed with Maya Canetti, Allot’s Director of Product Management, how intensified DDoS attacks against service providers have become highly destructive. We considered the newest threats, why traditional security solutions can’t cope with the rapidly changing nature of these threats, and what can be done to best protect networks.
Note: If you don’t see your question answered below, feel free send us a comment below.
Q: Why is machine learning so critical to DDoS Mitigation?
A: The DDoS threat landscape is constantly changing. DDoS mitigation solutions that work by recognizing known vectors and threat techniques can be effective on repeated attacks. The problem is that they won’t work for new, unknown methods. Machine learning and artificial intelligence address this gap. By progressively learning standard network behavior and ongoing attack patterns, machine learning enables software solutions to detect new kinds of anomalous behaviors and identify them as zero-day attacks that must be instantly thwarted.
Q: How can an inline solution handle network asymmetry?
A: Most inline solutions use a distributed architecture where every unit is capable of detecting and mitigating only based on the traffic it sees. In asymmetric environments, traffic usually traverses through more than one unit in which case it will be more challenging to detect attacks because a single unit does not see the full picture of all traffic. The Allot DDoS Secure solution uses a centralized architecture which allows clustering sensors into a single logical unit, so that if flows are coming from one sensor and traverse back from another they will be seen together as if through a common sensor. This architecture can therefore handle traffic asymmetry well.
Q: Are outbound attacks coming from my network really a threat?
A: During 2016, a Singapore operator was hit by a massive DDoS attack coming from its network launched by Mirai infected IoT devices that disabled the network and forced users offline. The network was well protected from the outside with multiple defenses, but the operator did not anticipate the potential of IoT to generate outbound attacks from within the network. Another troubling aspect of outbound attacks is the risk of getting placed into DNS IP blacklists which then jeopardize your service reputation when users are not be able to access certain services through your network etc.
Q: What is unique about the Allot DDoS Mitigation Solution?
A: Allot’s DDoS Secure mitigation solution uniquely combines the following features: It is a real-time, always-on system that inspects all inbound and outbound traffic to automatically and surgically block attacks within seconds, without introducing any latency and without blocking any legitimate traffic. It has unlimited scalability and uses machine learning capabilities to identify even unknown zero-day attacks. Because it is integrated into a DPI solution, it can ensure that network elements are never overwhelmed and end-user quality of experience is maintained, even under the most severe attack conditions.
Q: What does the Allot solution consider to be a small attack?
A: The allot DDoS Secure solution starts detecting attacks from 1000 packets per second which correspond to ~10 Mbps. Most DDoS Solutions rely on NetFlow sampling that use sampling ratios of 1:10,000 and therefore cannot detect attacks below 1 Gbps. Most attacks are small, and it is important to mitigate them because firstly they consume bandwidth, preventing its use by legitimate traffic, and secondly, a small attack of a few hundred Mbps can disrupt an enterprise network, so if you are an Enterprise or a service provider that delivers DDoS Protection service to the Enterprise, mitigating those small attacks is important.
Click here to find out more about Allot DDoS Secure.