Closing the DDoS Floodgates
It was one of the most brutal and far-reaching DDoS attacks yet. Dozens, if not hundreds, of websites and services were down most of Friday, October 21 due to a distributed denial of service (DDoS) attack on Dyn. Big name outages, including Spotify and Twitter, were among the victims, as well as many organizations that couldn’t access corporate applications or services.
This is just one example of how DDoS attacks have become one of the most common and easily executed threats now facing networks. This type of attack has plagued businesses for years, but it has recently taken over media headlines as high-profile organizations report falling victim to large-scale attacks. Such attacks can bring networks to a screeching halt for up to 320 hours at a time, inflicting considerable damage to a company’s sales, service offerings and reputation.
Traditional approaches to network security focus largely on absorbing increased traffic or diverting it, taking action to defend the network only after an attack is already in progress. But a more pragmatic approach is to recognize an attack before it takes hold of the network and neutralizing the threat before it begins. This can be achieved through having a clear, wide-reaching view of the network infrastructure.
A network monitoring platform can detect warning signs and enable the network and IT teams to take a proactive approach. The team can use a network monitoring platform to monitor firewall and load balancing activity, providing crucial advanced warning they can use to detect and mitigate threats, stopping them in their tracks.
Speed-at-scale, real-time monitoring allows operations teams to alert IT departments of an attack using both a granular and full picture view of their infrastructure. Network monitoring provides alerts when random ports are flooded with packets or when spoofed requests from a variety of sources attack a target server.
A network monitoring platform also makes it possible for IT staff to set up accurate thresholds for questionable network traffic by reviewing historical data. For example, a rule can be set so that traffic is automatically blocked when a specific number of packets cross a barrier in less than a specified number of seconds.
Monitoring network activity in this way is rapidly becoming an essential first line of defense against the growing threat of DDoS attacks. This agility helps teams identify debilitating attacks before resources are exhausted and the server is forced to go offline.
Ultimately, mitigating the threat of DDoS attacks is about paying attention to the details of network traffic. A granular perspective of metrics, flows and logs will equip organizations with as much data as possible to detect and mitigate attacks before they are capable of causing the very real damage that we saw take down the giants on October 21.