Intelligent Approaches to the New DDoS Threat

(Original post 11-05-2013: Juniper Networks Partner Watch)

As the owner of a leading integrator of technology solutions for SMB to enterprise customers, I’m concerned about data security. Over the past year, you’ve likely heard news about multiple distributed denial of service (DDoS) attacks on high-profile enterprises like financial firms, banks, and even portions of China’s Internet service. According to IDC, DDoS attacks are making a resurgence and exposing new vulnerabilities in IT security infrastructures.

Most of the DDoS attacks that hackers perpetrate today are volumetric attacks by botnets that generate a bandwidth flood, rendering the target’s website or application unavailable. Most firewalls and other traditional security measures are unable to prevent these attacks, because they’re often unable to differentiate between legitimate and illegitimate traffic and soon become overwhelmed by the volume.

Other sophisticated cyber criminals perpetrate insidious “low and slow” attacks, which can be very difficult to identify because hackers are careful to cover their tracks as they penetrate the network. And when these infiltrations occur slowly over a span of several days or weeks, they’re less likely to arouse suspicion.

I’m pleased to see that Juniper has developed Junos DDoS Secure and Junos Web App Secure to address these threats. These solutions include device fingerprinting that can gather information on more than 200 attributes, deception techniques that make hacking even more costly and time consuming, real-time attack tracking and recording, and attack blocking that doesn’t interfere with your customers’ ability to access your site. While many security protection mechanisms include IP address blocking, it’s a brute-force technique that eliminates availability for many of your legitimate users, which we consider unacceptable from a business management perspective.

Juniper also takes a non-signature-based approach, which simplifies management because you’re not required to create a signature for every attack, and you’re not limited to identifying known attackers. Their early detection techniques allow you to identify hackers when they’re still in the reconnaissance phase and before the attack ever begins.

InterVision is also investing in the Juniper infrastructure, and we recently acquired these security solutions for our own lab, which gives us the ability to demo the technology for our customers. If you’re interested in viewing a demo, please contact me at Jason@intervision.com.