Lessons from ‘The Art of War’: intelligent automation maximises speedy response in the fight against DDoS attacks
Some 500 years BC (544–496 BC), the Chinese general, military strategist and philosopher, Sun Tzu wrote that ‘speed is the essence of warfare’. These words are as true in today’s age of cyberattacks, in which Distributed Denial of Service (DDoS) attacks are rising in size, frequency and complexity, as they were in ancient China.
This is according to Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman, who says, “Data from Arbor Networks’ Active Threat Level Analysis System (ATLAS) shows that a DDoS attack occurs somewhere in the world every six seconds. We can learn from Sun Tzu’s teachings in today’s cyberwarfare world.
Speed is truly of the essence in stopping the attack on the network to minimise its impact, and at these moments, the best defence against the modern-day DDoS attack is an automated, intelligently layered approach to DDoS attack detection and mitigation.”
Hamman says an analysis of recent trends has shown that many DDoS attacks are increasing in complexity, but at the same time they are over very quickly, lasting for less than 30 minutes. He continues, “The modern-day DDoS attack – as illustrated by the Mirai Botnet – is a multi-vector threat which employs three different types of attacks, namely: volumetric attacks, which employ speeds of up to 800 Gbps and saturate links; TCP state exhaustion attacks, which attack load balancers, firewalls and IPSs; and application layer attacks, which are low and slow stealth attacks that crash application servers.
“Within this context, you need to take a layered approach to network protection. Additionally, automation is a key requirement of your DDoS defence. To stop high volume, large attacks that target Internet connectivity, your defence system must use the cloud, away from the intended target before local protection is overwhelmed. Application-layer and state-exhaustion attacks need to be detected and mitigated on-premise close to where the applications or services reside.”
He points out that to defend against such a multi-layered DDoS attack and minimise an organisation’s downtime, a hybrid or multi-layered approach is required. It is critical, he stresses, for this solution to have an intelligent form of communication to integrate the in-cloud and on-premise layers (Arbor’s Cloud Signaling capability), backed by continuous up-to-date global threat intelligence.
Hamman gives the following example of intelligent automation using a hybrid DDos defence deployment, which combines an on-premise protection with cloud-based mitigation.
The on-premise inspection data management system (IDMS) is customised using specific applications running in a specific datacentre. These local, customised policies are continuously sent to a cloud-based DDoS protection service.
When an attack occurs that is larger than the capacity of the on-premise protection, a digital signal is then sent to the cloud-based DDoS protection. Thereafter, attack traffic is automatically re-routed to a cloud-based scrubbing centre, where previously-sent customised protection policies are automatically applied to the attack traffic. The intelligent automation consists of pre-matching customised protection policies to specific applications running in the data-centre, and thus having a faster response from the cloud DDoS protection service when an attack occurs that is larger than the on-premise protection can handle.
Hamman concludes, “It’s by no means a stretch of the imagination to equate modern DDoS attacks – and how to fight back – with the tactics employed during war. To give just a couple of examples, Iran was blamed for a hack of the British Parliament in 2017, which briefly took systems offline, while in November last year, the head of Britain’s National Cyber Security Centre, Ciaran Martin, warned that Russia had targeted British energy, telecoms and media sectors.
There are many security experts who believe that Russia in particular has integrated cybersecurity into a wider range of activities, which are often termed ‘hybrid warfare’ and which is part of a wider trend to use information as a weapon.
“And so, as Arbor continuously looks to perfect our network protection solutions, we can look to Ancient China once more and Sun Tzu’s words when he wrote: ‘The art of war is of vital importance to the State. It is a matter of life and death, a road either to safety or to ruin. Hence it is a subject of inquiry which can on no account be neglected’. To paraphrase his words into a modern-day context, the importance of your network protection is critically important and cannot be underestimated or neglected.”
Sun Tzu is widely credited as the author of ‘The Art of War’, an influential work of military strategy that has affected both Western and Eastern philosophy, and which continues to influence aspects of modern life even today, for example in business and sports teachings as well as actual military operations.