DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
Distributed denial of service (DDoS) attacks have consistently been a chief concern of security teams. However, common misconceptions still exist. Some view that DDoS attacks are merely nuisances or inconveniences – that they are volumetric and straightforward to defend against – and that the DDoS defenses most organization use today are fully capable of rendering these threats obsolete. With examples like the recently discovered HTTP/2 rapid reset vulnerability, that couldn’t be further from the truth.
As we covered in our security advisory, the HTTP/2 rapid reset vulnerability has been widely reported, and it is making waves in the cybersecurity space, causing record-breaking DDoS attacks. Attacks leverage this vulnerability to inflict resource exhaustion on intended targets, but the vulnerability allows attackers to execute DDoS attacks in an unusual manner. It can bypass traditional methods of detection, such as rate limiting, because the rapid reset doesn’t necessarily send a large number of packets. Instead, each of these packets contains hundreds or thousands of headers that initiate and reset connections with the server in a continuous cycle. The server then goes through a clean-up process for each reset stream, and the accumulation of these clean-up processes results in attackers achieving the end goal – a slowdown or outright failure of the intended target.
Attacks using the HTTP/2 vulnerability are just one well-known example of how threat actors are using new and creative attack methods. And a multi-step mitigation process is needed. Capturing attack behavior and identifying malicious entities is the first step, but it must be followed by a machine learning (ML)-enhanced analysis to stop future attacks from being successful.
Top analyst research firms point to DDoS as the number-one type of threat incident, and for good reason. DDoS attacks are easier than ever to execute due to the proliferation of IoT devices and the rise of DDoS-as-a-service. Additionally, while AI is being leveraged in DDoS defenses, it is also being leveraged by attackers. If anything, the above reasons point to the fact that modern DDoS attacks will continue to be a critical concern given their evolution in frequency, intensity, and complexity. They are often used as smokescreens for ransomware and malware attacks and can ultimately lead to services becoming unavailable. This results in limited or no access to data, which is the lifeblood of organizations. Given how critical it is to protect networks and data, a new and more holistic DDoS defense strategy is required.
To combat modern DDoS attacks, it’s not just about eradicating zero-day ML-enhanced threats with ML-enhanced methods. It is also about proactively bolstering DDoS defenses with more accurate, in-depth, and proactive threat intelligence that is also ML-enhanced. Machine learning allows for expedited adjustments and accelerated learning because a machine can sift through volumes of data much faster than a human can. By correlating the information and recognizing patterns in the data, machines can rapidly evolve, even as the threats evolve. The best way to use machine learning in practice is through threat intelligence; so much of the alerts and information collected are just noise without the ML-enhanced analytics. Therefore, AI and ML are integral to detection, mitigation, and threat intelligence, and can enhance accuracy and response times.
The newly announced A10 Defend solution portfolio provides a holistic foundation for new and advanced DDoS protection with AI-enhanced zero-day detection capabilities, analytics and proactive DDoS threat intelligence to protect against new and previously unknown attacks. A10 Defend integrates ML technologies to provide scalability, efficacy, and industry-specific threat intelligence. This comprehensive DDoS solution enables intelligent and automated detection, mitigation, orchestration, and proactivity in both service provider and enterprise environments, including both on-premises and cloud workloads.
A10’s security research team has extensive experience tracking the origins of DDoS attacks and the weapons used in them, and we’ve applied that knowledge to build the A10 Defend portfolio. A10 Defend is a comprehensive suite of products designed to predict, identify, detect, and mitigate cybersecurity threats in the most demanding environments. It is the latest evolution of DDoS protection to help customers ensure maximum uptime and deliver optimal user and subscriber experiences.
Follow the link to learn more about A10 Defend.