Data Analytics and DDoS Mitigation: Lessons Learned


Published on

During a DoS or DDoS denial of service attack, Prolexic gathers hundreds of millions of data points from DDoS mitigation sensors. In this presentation Prolexic shares what it has learned about using DDoS analytics to stop DDoS attacks.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Data Analytics and DDoS Mitigation: Lessons Learned

  1. 1. Data Analytics and DDoS Mitigation: Lessons Learned
  2. 2. Real-time Data Analysis During a DDoS Attack • IT is driving the use of data analytics to gain real- time insight into DDoS attacks to understand: – Trends – Attacker behaviors – Specific cyber security events • Hundreds of millions of data points in multiple streams pour into a DDoS mitigation platform during a denial of service attack • Mistakes in data analysis could damage the customer’s website performance and accessibility 2 May 2013
  3. 3. Prolexic’s Approach to DDoS Data Analytics • Prolexic analyzes DDoS attack data in real time, every hour of every day • We use this data to answer questions like these: – Is a site under DDoS attack or is this another kind of network anomaly, such as a flash crowd? – What type of DDoS threat is this and which part of the customer’s infrastructure could be most affected? – Where are the attacks coming from? Have we encountered these attackers before? – What are the attack signatures? Have we seen them before? Are they changing? 3
  4. 4. Prolexic Acquires Billions of DDoS Attack Metrics from Sensors Monthly 4
  5. 5. Prolexic Data Distilled for Live Experts to Act Upon 5
  6. 6. Lessons Learned: Data Analytics for DDoS Mitigation • Analytics for DDoS mitigation requires: – Large capital investment – Multi-year effort • Automated decision making is prone to false positives – Need human DDoS mitigation experts to interpret data • Batch-oriented analytics systems such as Hadoop have latency thresholds that are too slow for real-time analysis • More value is delivered when real-time attack metrics are distilled into situational analyses, not summaries 6
  7. 7. Lessons Learned: Data Analytics for DDoS Mitigation, continued • Data analytics for DDoS mitigation must show definitive conclusions that translate to meaningful real-time alerts • There is a gap between what the automated correlation and reasoning engines can do and what human DDoS attackers can do • Human experts are needed to counter human attackers in real-time • Download the white paper for more details and analysis. 7
  8. 8. Conclusions: Data Analytics and DDoS Mitigation • DDoS protection requires accessibility to real- time attack data • Using data analytics without live human expertise is ineffective • Data must be presented in a way that technicians can understand the attack situation quickly • Data analytics will fail as a strategic cyber security tool if you don’t understand: – What questions to ask – How to measure and correlate the data to provide useful answers 8
  9. 9. Download the Free White Paper • Download the white paper Data Analytics and DDoS Mitigation: Lessons Learned • The white paper includes: – The three important questions to ask of your DDoS data – The problem of false positives – The latency challenges of batch-oriented analytics – The gap between what automated mitigation systems can do and what DDoS attackers can do – How Prolexic manages the big data associated with DDoS attacks 9
  10. 10. About Prolexic • Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services. • Prolexic has successfully stopped DDoS attacks for more than a decade. • We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers. 10
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.