Don’t Dig a Well When Your House is on Fire

Relying on human intervention to mitigate DDoS attacks is like digging a well when your house is on fire. When it comes to ensuring service availability and maintaining uptime and SLAs, hosting providers should use minimal (if any) manual intervention when defending against a DDoS attack. Instead, real-time DDoS mitigation will allow providers to eliminate data center outages and collateral damage within the hosted environment. The following is a real-world example of real-time DDoS protection, utilizing purpose built DDoS protection technology, coupled with sophisticated visibility, reporting and analytics capabilities.

Shown below is a week-long snap shot of all traffic going into a hosting data center. This data center has 10 Gbps of Internet connectivity and 100s of hosted customers. During the time period of Jan 16th to Jan 21st, just two IP addresses belonging to a single hosted customer in this data center came under a series of DDoS attacks. There are a few key things to note about these attacks:

  • There were more than 20 attack occurrences during the week
  • All attacks stayed below the data center link capacity of 10 Gbps and most were less than a third (3 Gbps) of the link capacity
  • The attackers employed multiple attack vectors, including two well-known reflection and amplification attacks (SSDP or Universal Plug-n-Play and NTP Monlist)
  • Attack durations varied from few minutes to few hours

DDoS Protection

Just imagine if this hosting provider did not have in-line DDoS protection. Here’s what they would be dealing with instead:

  • The customer servers being attacked would quickly become unavailable to the hosted customer’s legitimate users
  • The data center bandwidth available to the rest of the hosting provider’s customers would be severely reduced, i.e. collateral damage
  • The provider’s IT staff would be digging through the haystack of security events just to diagnose what is going on

By the time the provider discovers the attack and calls the fire department (i.e. engage cloud based DDoS protection) the damage would already be done. Besides, is the provider going to call the fire department 20 times in a week? Clearly, there needs to be a better solution to this problem. A DDoS protection system, deployed on-premises and in-line is the only way to stop DDoS attacks in real-time. Luckily, the provider mentioned above had the Corero SmartWall® Threat Defense System protecting his data center. During this week-long attack, the provider’s hosted customers didn’t miss a beat, maintained service availability, and continued with normal operations, even while the attacks were targeting their network.

Hosting providers can eliminate the ‘middle of the night wake up calls’ and frenzied reactions when a DDoS attack is threatening the availability of their customers. Learn more about real-time DDoS protection to keep your network up so you don’t have to worry about putting out that DDoS fire!