Data Analytics and DDoS Mitigation: Lessons Learned

151
-1

Published on

During a DoS or DDoS denial of service attack, Prolexic gathers hundreds of millions of data points from DDoS mitigation sensors. In this presentation Prolexic shares what it has learned about using DDoS analytics to stop DDoS attacks.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
151
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Analytics and DDoS Mitigation: Lessons Learned

  1. 1. Data Analytics and DDoS Mitigation: Lessons Learned www.prolexic.com
  2. 2. www.prolexic.com Real-time Data Analysis During a DDoS Attack • IT is driving the use of data analytics to gain real- time insight into DDoS attacks to understand: – Trends – Attacker behaviors – Specific cyber security events • Hundreds of millions of data points in multiple streams pour into a DDoS mitigation platform during a denial of service attack • Mistakes in data analysis could damage the customer’s website performance and accessibility 2 May 2013 www.prolexic.com
  3. 3. www.prolexic.com Prolexic’s Approach to DDoS Data Analytics • Prolexic analyzes DDoS attack data in real time, every hour of every day • We use this data to answer questions like these: – Is a site under DDoS attack or is this another kind of network anomaly, such as a flash crowd? – What type of DDoS threat is this and which part of the customer’s infrastructure could be most affected? – Where are the attacks coming from? Have we encountered these attackers before? – What are the attack signatures? Have we seen them before? Are they changing? 3
  4. 4. www.prolexic.com Prolexic Acquires Billions of DDoS Attack Metrics from Sensors Monthly 4
  5. 5. www.prolexic.com Prolexic Data Distilled for Live Experts to Act Upon 5
  6. 6. www.prolexic.com Lessons Learned: Data Analytics for DDoS Mitigation • Analytics for DDoS mitigation requires: – Large capital investment – Multi-year effort • Automated decision making is prone to false positives – Need human DDoS mitigation experts to interpret data • Batch-oriented analytics systems such as Hadoop have latency thresholds that are too slow for real-time analysis • More value is delivered when real-time attack metrics are distilled into situational analyses, not summaries 6
  7. 7. www.prolexic.com Lessons Learned: Data Analytics for DDoS Mitigation, continued • Data analytics for DDoS mitigation must show definitive conclusions that translate to meaningful real-time alerts • There is a gap between what the automated correlation and reasoning engines can do and what human DDoS attackers can do • Human experts are needed to counter human attackers in real-time • Download the white paper for more details and analysis. 7
  8. 8. www.prolexic.com Conclusions: Data Analytics and DDoS Mitigation • DDoS protection requires accessibility to real- time attack data • Using data analytics without live human expertise is ineffective • Data must be presented in a way that technicians can understand the attack situation quickly • Data analytics will fail as a strategic cyber security tool if you don’t understand: – What questions to ask – How to measure and correlate the data to provide useful answers 8
  9. 9. www.prolexic.com Download the Free White Paper • Download the white paper Data Analytics and DDoS Mitigation: Lessons Learned • The white paper includes: – The three important questions to ask of your DDoS data – The problem of false positives – The latency challenges of batch-oriented analytics – The gap between what automated mitigation systems can do and what DDoS attackers can do – How Prolexic manages the big data associated with DDoS attacks 9
  10. 10. www.prolexic.com About Prolexic • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. • Prolexic has successfully stopped DDoS attacks for more than a decade. • We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers. 10
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×