In a traditional DDoS prevention model, out-of-band appliances detect DDoS attacks based on NetFlow, sFlow, IPFIX, and BGP data. The appliance then signals the network, via network control plane or element management protocols, to either drop traffic at the network edge or redirect traffic to a cloud DDoS mitigation device.
Over time, only a fraction of total traffic will need to be mitigated. So dedicating one or more appliances to detection and selectively pushing traffic to mitigation maximizes the cost-efficiency of the total solution. The approach makes sense on paper, but the drawback inherent in all such appliance-based DDoS defense solutions is that they are fraught with poor detection accuracy.
Fortunately, cloud-scale big data systems make it possible to implement a far more intelligent solution to the problem of DDoS attacks by:
This scalable, adaptive big data approach to monitoring and anomaly detection has been field-proven as far more accurate than legacy approaches in real-world deployments where customers have used both kinds of DDoS defense solutions. Kentik’s big data approach delivers not only more accurate anomaly detection, but also makes it possible to store detailed raw flow records and related data to detect elusive low volume, multi-vector attacks. Volumetric attacks periodically cover up more intrusive, exploratory attacks.
Cloud DDoS defense is the application of cloud computing scale to the process of detecting and mitigating DDoS attacks. By utilizing cloud-scale compute and storage resources, cloud DDoS makes it possible to collect and examine network flow data in highly granular fashion, supporting superior baselining intelligence. The combination of scale, granularity, and baselining ensures greater detection accuracy, saving network operators time and money.
Cloud-scale big data systems also make it possible to implement a far more intelligent approach to the problem making a new hybrid model possible, where DDoS detection is performed by Kentik’s best-of-breed, cloud service that automates the triggering of RTBH, and then mitigation can be handled by on-premises mitigation applicances or cloud-based DDoS mitigation solutions—such as Cloudflare Magic Transit.
As infrastructure, traffic, and threats evolve, you can use Kentik’s flexible analytics capabilities to provide the deeper intelligence that enables an agile DDoS defense. All alerts generated by Kentik are linked to dashboards, making it possible to access powerful visualizations and filtering to help you dig into the origin and nature of attacks, returning answers to multidimensional queries in seconds, across billions of unsummarized flow records correlated with BGP and GeoIP. By combining automated mitigation with exceptionally accurate detection, Kentik provides a modern approach to implementing cost-effective, fast-to-deploy, real-time protection against DDoS attacks.