Are your systems vulnerable to a complex cyber-attack?

Building resilience against distributed threats at government level
Bryan Hamman, Arbor Network’s territory manager for sub-Saharan Africa.
Arbor Network
Bryan Hamman, Arbor Network’s territory manager for Sub-Saharan Africa.

Today’s Distributed Denial of Service (DDoS) attacks have grown in complexity and now employ a combination of volumetric, TCP-state exhaustion and application-layer attack vectors.

Without the right protection in place, an advanced, high-volume DDoS attack could bring your business to a grinding halt by interrupting access to your applications and services. So if the attacks are coming in layers, then prepare to fight fire with fire and protect your networks in layers too.

This is according to Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman, who says, “Arbor Networks recommends a layered approach to security to avoid any downtime. This includes its Arbor Cloud DDoS Protection for Enterprises solution, which provides in-cloud protection from volumetric DDoS attacks while ensuring your networks remain operational.”

Haman says the trend for DDoS attacks is not favourable for enterprises, with volumetric attacks growing and the increasing popularity of reflection/ amplification attacks adding a new layer of complexity. He adds, “Arbor Cloud DDoS Protection for Enterprises (Arbor Cloud) provides cloud-based traffic scrubbing services tightly integrated with on-premise DDoS mitigation defence. This multi-layered approach to DDoS protection is an enterprise best practice for mitigating today’s dynamic DDoS threats.”

The practicalities of layered protection against today’s DDoS attacks
Hamman clarifies that, as part of a layered approach to DDoS protection, Arbor Cloud provides in-cloud protection from advanced and high-volume DDoS attacks without interrupting access to your applications and services. He says, “Arbor Cloud’s on-demand traffic scrubbing service, staffed by Arbor’s DDoS security experts, defends against volumetric DDoS attacks that are too large to be mitigated on-premise. In addition, Arbor Cloud’s on-premise component, Arbor Networks APS, provides always-on, in-line, packet-based DDoS attack detection and mitigation.”

The Arbor APS can detect and stop all types of DDoS attacks. However, in the event of a large volumetric DDoS attack that will overwhelm internet-facing circuits and local protection, the Arbor APS can automatically notify and re-route attack traffic to an Arbor Cloud scrubbing location where the attack is mitigated. It does this by using a feature called Cloud Signaling.

“Thus,” continues Hamman, “the combination of Arbor APS on-premise, Cloud Signaling and Arbor Cloud offers the most comprehensive protection from today’s multi-pronged DDoS attacks.”

In addition, the Arbor Cloud Flow-Based Detection option offers an alternative to the Arbor APS on-premise. Via flow collection and analysis, DDoS attacks are automatically detected and a Cloud Signal is sent to the Arbor Cloud for in-cloud mitigation. A deployment could have the combination of both Arbor APS and Flow-Based Detection for on-premise automated DDoS attack protection.

On-demand, cloud-based traffic scrubbing
Hamman notes that when an attack occurs, speed and agility are critical to business continuity. He says, “In the event of a volumetric attack, the on-premise APS serves as the first line of defence detecting the attack. As the attack approaches your bandwidth capacity and APS signals for Arbor Cloud to take over, Arbor Cloud then re-routes inbound traffic to one of Arbor’s four global scrubbing centres for cloud-based mitigation.

“The scrubbing centres have collectively multi-Tbps of DDoS mitigation capacity at your disposal. When this occurs, Arbor Cloud’s 24×7 Security Operations Center (SOC) works hand-in-hand with your security / IT teams to quickly block malicious DDoS traffic while returning all of your legitimate traffic back to your data centre.”

Arbor Cloud provides global IPv4 and IPv6 scrubbing capacity and can handle today’s largest and most complex attacks.

Staff Writer