Professional Documents
Culture Documents
AI SecurityBegins EN2013
AI SecurityBegins EN2013
1. Asecurity
re optimized for other
problems
brought to light the fact that existing security devices are not
sufficient to protect enterprise data centers from Distributed
3. Cin-cloud
annot integrate with strategy, they lack a vital capability—these solutions do not
security solutions. protect the availability of services. Additionally, these products
Because they are stateful, are themselves often the target of DDoS attacks.
they are part of the
DDoS problem and
Data center operators are starting to understand that availability of services begins
not the solution
with security. If your data center is not available, network integrity and confidentiality
will get you nowhere because it will not help your customers, business or your brand.
This article will examine why IPS devices and firewalls are insufficient to protect data
center availability, and will describe a best practice for combating DDoS threats to
availability of services and applications.
When it comes to protection against DDoS, many enterprises and data center opera-
tors have a false sense of security. They think they have secured their key services
against attacks simply by deploying IPS devices or firewalls in front of their servers. In
reality, such deployments can actually expose these organizations to service outages,
having a direct impact on customer satisfaction and therefore, revenue. Typical users
of data center and cloud services expect on-demand services. When business-critical
services are not available, enterprises and data center operators can lose millions
of dollars and potentially damage important customer and partner relationships.
Availability of services is critical and can be pose a major barrier to cloud adoption.
ARBOR INSIGHT
In 2010, for the first time, volumetric DDoS attacks topped the 100 Gbps barrier
and an alarming 77% of respondents detected application layer attacks. Nearly
49 percent of respondents reported a firewall or IPS outage due to a DDoS attack.
Application-layer attacks are low bandwidth, difficult to detect and target both end
customers and network operators’ own ancillary supporting services, such as HTTP
Web services and domain name system (DNS). DNS has become a favorite attack
target and vector. Nearly one-third of the report respondents have experienced
customer-impacting DDoS attacks on their DNS infrastructure over the course of a
year from 2009–2010. Due to the relative lack of attention to DNS protection and
scalability by many network operators, DNS has emerged as one of the easiest ways
to take a server, application or data center down via DDoS.
Hackers love cloud infrastructures because these involve a small number of service
providers who are responsible for delivering, distributing and hosting a large amount
of content. This allows their attack to create the collateral damage effect. If they attack
one of the providers or anyone who is operating on a shared infrastructure of that pro-
vider, it is possible for them to damage or negatively impact any number of consumers
using that shared infrastructure. When one domain is attacked, those hundreds of
thousands of domains can go off-line or experience connectivity issues. The damage
is not isolated or limited to a partitioned area. Do the math. Attack one target and a
million domains can be affected. The ripple effect is staggering.
It’s important for today’s cloud-based data center to implement a multi-layered security
solution that can simultaneously protect its network infrastructure, IP-based services
and data, as all of these are vulnerable to attacks or compromise. This multi-layered
protection is the only to safeguard the data center infrastructure, the applications and
services, and finally, the data that drives the business, the brand and the revenue.
Corporate Headquarters
76 Blanchard Road
Burlington, MA 01803 USA
Toll Free USA +1 866 212 7267
T +1 781 362 4300
Europe
T +44 207 127 8147
Asia Pacific
© 2013 Arbor Networks, Inc. All rights reserved. Arbor Networks, the Arbor Networks logo, Peakflow, ArbOS, How
T +65 6299 0695
Networks Grow, Pravail, Arbor Optima, Cloud Signaling, ATLAS and Arbor Networks. Smart. Available. Secure. are
all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners.
www.arbornetworks.com AI/SECURITYBEGINS/EN/ 0213