The term hybrid, in technology, has come to mean composing some thing from two or more seemingly disparate things. Hybrid cloud, for example, brings together SaaS, IaaS, and on-premise as the basis for a new, diversified corporate computing environment. While diverging from the traditional, scientific definition, the use of “hybrid” to describe these new entities is nonetheless commonplace, if not entirely accurate for those of us whose superpower is, in fact, pedantry.
Security, too, is experiencing the pressure associated with “hybrid”, particularly when it comes to DDoS attacks. That’s because the attacks themselves are largely hybrid; comprised of both traditional volumetric and application-focused attacks, as was noted by SANS Institute back in 2014:
“The most damaging DDoS attacks, which mix saturated attacks with targeted, application-specific attacks, have much the same frequency (39%) as targeted (42%) and volumetric (41%) alone. DDoS attacks tend to use a small set of Internet ports, but a variety of techniques to cause damage. DDoS attacks are rapidly evolving in severity, complexity and sophistication. According to one recent report, 64% of attacks employed multiple attack types. This moves the needle on the scale of difficulty companies face in identifying and defending against denial of service attacks. Combined multi-layered attacks employ volumetric, bandwidth saturation, authentication-based and application level attempts to disrupt, deny, degrade or destroy internet facing information or application resources. Defending todays’ attacks requires multi-pronged approach with a combination of on-prem, out-of-band and cloud technologies along with centralized management, analytics and advanced methods to detect increasingly sophisticated attackers. How quickly organizations discover and stop these threats is key to ensuring continuity of services and reducing the financial impact on business.”
This trend has remained largely the same, with the technique now often referred to as smokescreening, which in other industry surveys has been experienced by 55% of DDoS targets. Nearly 26% of those lost customer data, and nearly half wound up with malware/viruses installed as a result.
With success rates like that you can bet this hybrid attack model will continue to put into play.
So how do you defend against these attacks? You fight fire with fire and go with a next-generation hybrid DDoS protection approach. That means a solution that marries traditional volumetric defenses with application-specific protection as well as adopting the ability to leverage both on-premise and cloud-based scrubbing to fend off those attacks that might otherwise overwhelm the corporate Internet connection. Basically, you need on-premise protection that can detect an imminent bandwidth saturating attack and activate an on-demand, cloud scrubbing service capable of absorbing the volume to prevent disruption of business.
But a modern approach is more than just having a cloud-based option readily available. Next-generation hybrid security architectures must streamline the process of moving seamlessly from on-premise to cloud-based scrubbing in the face of an attack. This new breed of hybrid DDoS protection should be able to detect attacks and act automatically, shifting scrubbing duties from on-premise to cloud when business disruption is imminent as defined by technical and business parameters.
The result is a multi-layered approach to defending corporate apps, data, and networks. It’s a next-generation solution combining the power of a specialized appliance with the expertise of a built-for-DDoS protection cloud-scrubbing service. It’s a comprehensive solution that takes advantage of on-premise dynamic behavioral analysis to identify and mitigate attacks, machine-learning to detect evasive threats or traffic anomalies, and powerful automation capabilities to boost efficiency. Application- specific threats are discovered based on data stream logic, aggregated signals from HTTP, and the boundaries of TCP requests, transactions, server health, and similar characteristics.
And when the volume peaks on-premise, threatening to disrupt business by slowing down or stopping access to apps both corporate and consumer, volumetric attack traffic can be seamlessly redirected to an on-demand, cloud-based scrubbing service with nearly infinite scale to alleviate the pressure created by such frontal assaults on the business.
That’s the power of specialization. By combining a focused on security DDoS protection appliance
with a focused on DDoS protection cloud service, you get the best of both worlds. Which is really the point of a hybrid approach: combining the best attributes of two different models to form a single, comprehensive and efficient solution. Welcome to the new normal.
About the Author
Related Blog Posts
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.