Big Data for DDoS Defense
Avi Freedman Talks Attacks and Solutions in Cisco Live 2016 Interview
This is the second in a series of posts related to discussions that Kentik video-recorded with BrightTalk at Cisco Live 2016. In this post, Kentik CEO Avi Freedman talks about the attributes that are required or desirable in a network visibility solution in order to effectively protect one's digital business from DDoS and other forms of attacks and service interruptions. Excerpts of what Avi had to say are posted below; for the full video check out our BrightTalk channel:
DDoS attacks have become an increasing problem, especially visible up to the C-suite and even to the Board level. Criminals have had a much easier time getting access to the resources needed to be able to attack companies sufficiently to actually stop their business, especially if they're digitally transforming or most of their business and their revenue flow already depends on the network infrastructure.
So the main pain points that people have when dealing with DDoS attacks are, number one, what's going on? Is it a misconfiguration, is it a denial of service attack, or is it something against our web site to try to get information. So first, what's going on?
Second, a lot of companies don't have enough infrastructure to actually protect internally. So either they need to engage a cloud service for analytics and/or detection, or they need to do something that's more like the hybrid approach that people take in cloud computing. Most of these are 15-year-old technologies that run on appliances that you put in one place on your network. And they've got a limited amount of information that they can process and store for a limited amount of time.
The big challenge with DDoS attacks, with network planning, with most of the network analytics cases is you don't always know in advance what you want to ask the system. So you really need a Big Data approach that can take all the data from the infrastructure, store it, give you insights, but also let you explore the data ad hoc in ways that you didn't expect.
Kentik's solution is Big Data based. Most of the tools out there let you see your network in one specific way. But the way that practitioners actually want to interact with the visibility plane is like you would use Google Maps. It's, you look at something and you say, “Oh, that's interesting. Let me scroll it over here.” Well, if you don't have the data anymore, you can't answer those questions.
So it's really an iterative process that people want to get to. Once they have it, they never want to go back.
With Kentik, the time to value is five to 15 minutes. That's the time it takes to log in, set up an account, and start exporting data from infrastructure that you already have. And then within a couple of seconds of our receipt of the data it's available for you to get alerts on, and to dig into at any level of detail that you want.
That's very different from current solutions, which typically require a proof of concept, a sales process, equipment to be dropped in, change controls to be applied, and then even once it's running, the data is typically hours out of date and not available at the granularity that you need.
Most of our customers are digital enterprise, SaaS companies, Web companies, or service providers. They know that their packets are their revenue. So when we talk to executives, we talk about customer experience, and customer success, which is what the fastest-growing enterprise companies in the world use. They relentlessly focus on the performance and the ability of their customers to use their services. So that's the first message that we talk about.
The second is just availability, and absolute magnitude of revenue. If your infrastructure isn't working, you lose the traffic right then, you lose that revenue, and also your brand suffers.
And the third is security. It's really an existential threat. Do you have the tools to be able to understand whether your business can continue into tomorrow?
When you're looking at network visibility solutions, if you want to have a future-proof system the key is to look for something that can really be a platform. That means that it isn't a silo in-and-of-itself, and that it takes data, provides certain functions, and integrates with the other tools that you need. Or even with your own software that you need to write.
Make sure that it can actually keep the data that you need. Especially if you don't know in advance what you're going to need to use the data for. And make sure that it's consumable in the ways that you want. Ideally, it's something you either can run on premises, if that's your security requirement, or can outsource to a cloud or SaaS vendor to run for you, if you want to be able to just focus on your business mission.
Want to learn more about the industry's only purpose-built Big Data SaaS for network traffic analysis? See for yourself what you can do with Kentik by signing up for a free trial. And if you're inspired to get involved, we're hiring!