49½ pounds of DDoS attack visibility

As Chief Security Evangelist for Corero Network Security my main charter is to travel the globe evangelizing the cyber-security problem with regards to DDoS attacks and cyber threats. In doing so, I have the unique opportunity to highlight the Corero First Line of Defense solution that has been designed to protect the Internet connected business from the global epidemic of DDoS. This year alone, I will have traveled to 10 different countries and presented to at least 40,000 people.

In my travels I always bring an attack and defense “demonstration kit” with me which weighs 49½ lbs for good reason—purposely falling just shy of the 50lb mark to avoid the overweight charges for checked baggage! This kit enables me to demonstrate the entire DDoS attack spectrum – live, in front of any audience. This is the real deal, the same attacks, carried out by using the same attack tools as your typical DDoS hacktivist, no smoke and mirrors for this traveling salesman.

Without a doubt, I have checked this kit hundreds of times with the airlines both in the U.S. and abroad. TSA and other-country airport security forces have had a field day inspecting the contents, and questioning my intentions. Somehow, I always manage to get to my final destination with my trusted travel companion.

The kit contents are quite simple, the most important component being the Corero First Line of Defense appliance. It is paired with an off-the-shelf Firewall, an Ethernet switch, cables, and (6) USB to Ethernet NICs, all neatly organized in an indestructible rolling case. My laptop serves as both the attacker and the victim through the use of Oracle VM VirtualBox. I can run up to six virtual machines simultaneously and normally have three (3) attackers, two (2) victims and one (1) machine acting as a good user.

So, why do I bring this kit with me everywhere? It finally occurred to me a few months ago – it’s all about attack and defense “visibility”. In order to demonstrate a DDoS attack using the real tools the attackers are using requires a physical kit, like mine. Audiences from all industries, network and security professionals of all ranks have observed what DDoS attack traffic actually looks like because of one unique component that’s in my kit – the Corero First Line of Defense. It is the purpose-built technology that enables a whole new level of visibility and protection into DDoS attack traffic.

The Corero technology provides unparalleled visibility into what a DDoS attack actually looks like. It can easily highlight any DDoS attack (L3 through L7) in real-time and provides a view of network and application traffic that no other technology can deliver. Combined with sFlow and leveraging Splunk software for big data analytics and advanced visualization capabilities, Corero has raised the bar when it comes to the visibility into malicious traffic on your network.

So why is visibility important? The answer is an easy one to deliver. When you’re under a DDoS attack or when one of your customers comes under attack, “end-point pipe” visibility is the key to quick mitigation. You cannot proactively defend a network if you cannot detect, analyze and respond to the attack and this level of visibility is critical to proper DDoS protection.

Understanding where the attack is coming from, what the attackers are using, what the attackers are targeting, and ultimately what the effects of the attack are cannot be derived from rudimentary Firewall logs. You must have a First Line of Defense that provides complete visibility, and we deliver that to our customers – it’s always a real eye opener when we deploy our appliance inline, and immediately begin to showcase all the attack traffic that threatening our customers’ networks.

So, when people ask why I lug this rig around with me through airports, through security checkpoints, and deal with the extra burden of babysitting this travel companion, the answer is simple; the Corero First Line of Defense solution delivers unparalleled visibility into what the attacks actually look like and provides the user with the tools to immediately defeat the attack. The visibility is truly unique to any other DDoS solution in the market today and by displaying these capabilities to audiences across the globe, I am enabling security professionals to take the next steps in eradicating DDoS as a threat to their business.

I hope to see you in the audience next time.