Ever been hit by digital security attacks and not been allowed access? This DDos method of attack is increasing. We speak to Mohammed Al-Moneer, Regional Director, MENA at A10 Networks to find out what you can do about it
Distributed denial of service, or more commonly abbreviated as DDoS, is a classic form of cyber-attack in the world of enterprises. The last 18 months have ushered in the era of supercharged, colossal DDoS attacks capable of reaching 1Tbps and more. IT professionals across the world have taken notice and are ready to combat this. Whilst there are many ways to fight DDoS attacks, like scaling and bandwidth metric analysis, the best methods are proactive and reactive deployment modes.
The question now is, which is the better deployment mode? Both have pros and cons, so perhaps the best way to answer this question is to break it down and see what fits best for your business.
“To figure out which of these methods is best for enterprises, we should first explain what ‘proactive’ and ‘reactive’ methods of deployment actually mean,” says Al-Moneer. “Like the name implies, the proactive mode of DDoS defence is when your defences are constantly looking for potential attackers. A proactive mode uses an in-line tool that has 100 percent visibility through packet analysis. It checks the credentials of every piece of traffic received and uses pre-determined information and behavioural indicators to decide what could be a bot or an attack and blocks it while allowing regular, human traffic through.
“Operating with a reactive mode, you leverage the flow data that is available from the edge routers and switches and perform meta-data analysis to try to detect anomalies. If this packet analysis gets a hit on something dangerous, like a DDoS attack, it then reacts by inserting the mitigation device. This means the mitigation of traffic only activates once a danger has been detected, rather than all the time.”
Based on those definitions, which is the best for business?
“Proactive often sounds better, as it is always on and active. Proactive also has the highest resolution detection capabilities available. Some examples of where proactive is used are with real-time applications like those found with voice, video and gaming software, or when protecting critical things like DNS infrastructure.
“All good things have a downside, however, and for a proactive mode, it is the price. As the system is always on and requires 1:1 capabilities, it can be expensive to set-up and maintain. This is especially true when you have a bigger network.
Al-Moneer explains that on the flip-side, a reactive mode uses flow that is already built into the network for its analysis and mitigation is only put in-line during times of attack. This makes it more cost-effective for smaller networks that don’t leverage real-time applications to build defences and oversubscribe your mitigation capabilities. Reactive mode, however, does have limited resolutions of flow, meaning it may take slightly longer to identify an attack. The time to react is also often slower.
“Both modes have the same responsibility of surgically mitigating attack traffic and both need to be able to differentiate what is normal and what is a bot.”
So now we answer the question of which is better? Like most decisions, it comes down to your business’ specific needs says Al-Moneer, “Can you pay more to have an always-on defence or will your business be ok with the more affordable solution? To decide this, factors such as the size of your network, company finances and the importance of what you are trying to defend all need to be considered.”
There are plenty of good solutions out there from industry leading companies which can supply both proactive and reactive modes to protect enterprises from cyber-attacks. With solutions that can scale based on the attack and leverage virtualisation and the cloud to better defend against DDoS attacks. Many businesses will be secure regardless of which deployment model you choose. Just make sure your business has at least one of these solutions, otherwise, you won’t be prepared for that eventual attack.
About: Mohammed Al-Moneer is Regional Director, MENA at A10 Networks. Mohammed has held various sales leadership positions at networking and other high tech companies. Most recently at Infoblox, he served as regional manager for Saudi Arabia, where he leveraged his success in leading the services business to drive operational efficiencies and innovation and achieve exceptional growth. Prior to that, he worked as territory sales manager for enterprise servers, storage and networking at Hewlett-Packard.