Understanding Cloud DDoS Detection: A Tutorial
Overview of Cloud DDoS Detection
Cloud DDoS detection is the application of cloud computing scale to the process of detecting and mitigating Distributed Denial of Service (DDoS) attacks. By utilizing cloud-scale compute and storage resources, cloud DDoS makes it possible to collect and examine network flow data in highly granular fashion, at cloud-scale and with superior baselining intelligence. The combination of scale, granularity and baselining smarts ensures greater accuracy in stopping DDoS attacks than is possible with legacy DDoS detection appliances.
Cloud DDoS detection has evolved because the limiting, scale-up architecture of appliance-based DDoS detection is no longer sufficient to track the massive amount of flow records and individual IP addresses that operationally characterize today’s digital business networks.
The primary goal of a DDoS attack is to either limit access to an application or network service, thereby denying legitimate users access to the services. There are many types of DDoS attack schemes that are used today and they are steadily becoming more sophisticated. However, their common goal is to overwhelm targeted network resources with traffic or requests for service from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by identifying and blocking a single IP address. The sheer distribution of attacking sources also makes it very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
Knowing that a DDoS attack is taking place is the first critical step in avoiding or stopping it. In order to detect an attack in progress, one has to collect enough network traffic information to perform an analysis to figure out if the traffic is legitimate or not. This action can be performed manually by a network engineer or automatically through mechanisms built into the DDoS detection mechanism. DDoS detection is vital to stopping or mitigating attacks. Two critical success criteria for eliminating a threat in the shortest amount of time is 1) speed of detection and 2) accuracy of detection. This makes fast and effective detection mechanisms an important ingredient for implementing a consistently effective DDoS defense.
The DDoS Threat
DDoS attacks are rapidly increasing in frequency and size. While mega attacks that last for many hours and reach 200 Gbps or more make the news, the vast majority of attacks last under an hour and are less than 1 Gbps in volume. Smaller attacks often happen without being noticed, though they may be harbingers of larger attacks to come. Mid-sized attacks are more readily felt, but distinguishing between a friendly surge in normal traffic and an attack is key to timely response.
Large attacks are fairly obvious, and in these cases diagnosing the traffic is important to understand network entry points and sources. In all cases, a clear assessment is important to understand the best way to mitigate the attack.
How Cloud Deployed DDoS Detection Improves Accuracy
The key to solving DDoS detection accuracy issue is utilizing big data in the cloud. By using a scale-out system with far more compute and memory resources, a cloud approach to DDoS detection can continuously scan network-wide data on a multi-dimensional basis without constraints.
Cloud-scale big data systems make it possible to implement a far more intelligent approach to the problem making a new hybrid model possible, where DDoS detection is performed by a best-of-breed, cloud service that automates the triggering of RTBH, on-premises and cloud-based mitigation appliances. Big data detection systems also provide the added benefit of deep, forensic analytics, plus the ability to incorporate network performance, planning and other capabilities.
On Kentik & More Reading
Kentik Detect offers the industry’s only big data network visibility and DDoS protection solution built from the ground up on big data and delivered as a cost-effective SaaS. Kentik Detect offers the industry’s most accurate big data DDoS detection, and can automatically trigger mitigation via RTBH, Radware DefensePro or A10 Thunder TPS mitigation.
For more information on how big data delivers 30% greater DDoS detection speed and accuracy, check out the blog post on Big Data for DDoS Protection, read the PenTeleData case study, or download The Case for Big Data-Powered DDoS Protection white paper. Know you want to get big data-powered DDoS protection today? Start a free trial.