stephen.gates@corero.com

About Stephen Gates

Steve is a key security evangelist for Corero Network Security, having delivered hundreds of presentations and attack/defense demonstrations across the Globe. Steve has more than 25 years of computer networking and security experience with an extensive background in the deployment and implementation of next-generation security technologies. Steve is a recognized Subject Matter Expert on DDoS attack tools and methodologies including defense technologies and approaches. You can usually find Steve speaking to network and security professionals within highly regarded organizations such as; InfraGard, ISSA, ISACA, Tech-Security Conferences, Interop, SecureWorld, RSA, SANs, IANS, GTRA and numerous other venues.

Posts by Stephen Gates

DDoS Defense as-a-service: A new Revenue Opportunity

In the past 12 months Corero has worked with many organizations world-wide; helping to solve their DDoS dilemma by deploying Corero’s SmartWall Threat Defense System (TDS).  Today Corero’s technology is protecting large swaths of the internet against the ill-effects of DDoS attacks.  As more-and-more service providers,...

Read more

Groups like DD4BC are just the beginning!

The group calling themselves “DDoS for Bitcoin” (DD4BC) continues to extort money from a host of companies located all over the globe, and today very few organizations are able to adequately protect themselves from DD4BC’s tactics. The group’s extortion campaigns have been increasing recently which include a preemptive...

Read more

DDoS Defense Initiatives – It looks like everyone is getting involved!

Over the past few weeks news feeds all over the world have been pulsating about the recent DARPA announcement.  On August 14th, 2015 the U.S. Defense Advanced Research Projects Agency (DARPA) announced an initiative called Extreme DDoS Defense (XD3).  Interestingly enough, DARPA is not the only U.S. government agency calling for research...

Read more

Upping Their Game - Three New DDoS Attack Methods already in 2015

The stakes have been raised even higher as organizations prepare for three new methods of DDoS attacks that have emerged in the last six months alone. The reflective/amplified category of DDoS attack has been around for nearly four years, but once again attackers are finding new methods of launching their assaults within this attack...

Read more

Optimizing Carrier DDoS Mitigation Scenarios - Part 2- Peering Point Deployment

In an in-line peering point DDoS protection deployment scenario, SmartWall ® Network Threat Defense Appliances (NTD) are deployed on each of the Service Providers’ peering points to their upstream Internet bandwidth providers.  This ensures always-on DDoS attack mitigation services while benefitting from the highest levels of...

Read more

The DDoS Opportunity Awaits

In the late 1990’s a large number of DSL providers were raising millions of dollars in venture capital to build their DSL networks in the United States. in order to offer broadband Internet access to local consumers. Many subscribers were still utilizing dial-up services and the demand for faster Internet connections and more available...

Read more

DDoS – A Global Epidemic

Corero’s Q4, 2014 DDoS Trends and Analysis Report highlights that organizations are faced with DDoS attack attempts at an alarming frequency. For example, Corero’s customers on average are experiencing up to four DDoS attacks per day –up to 351 DDoS attacks per quarter.  What we find even more interesting is that 96% of the...

Read more

The Attack of the Baby Monitors!

Most of us who operate in the world of DDoS attacks have known about the reflective/amplified DDoS attack vector for several years.  As a matter of fact Corero was warning the public that this attack vector was coming nearly 5 years ago; before the first attack of this type was ever observed. Today it seems the attackers will do whatever is...

Read more

Black Hole Routing – Not a Silver Bullet for DDoS Protection

As ISPs, Hosting Providers and Online Enterprises around the world continue suffering the effects of  DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?” Traditional techniques of defense include SYN-cookies, SYN-proxy, redirects, challenges, and...

Read more

DDoS vs. Natural and Man-Made Disasters

When researching the topic, Do cyber-attacks, especially DDoS attacks result in more outages than natural or man-made disasters, I stumbled upon a 2013 annual report from The European Union Agency for Network and Information Security (ENISA).  According to their website, “ENISA is a centre of network and information security expertise...

Read more

The Do-No-Harm Approach to Real-Time DDoS Protection

The vast majority of Corero customers require always on DDoS protection to ensure service availability for their customers—ensuring that all good user traffic flows unimpeded, while DDoS attack traffic is mitigated in real-time.  The Corero SmartWall® Threat Defense System (TDS) allows for always-on DDoS protection with a unique and...

Read more

DDoS – whose responsibility is it?

As organizations around the globe become more-and-more reliant on the Internet, a serious weakness has begun to emerge in our connected world.  Since its inception, the Internet has been all about availability; when the Internet goes down, businesses that rely on that availability go down with it. DDoS attacks are single handedly the most...

Read more

Gaming Provider – Looking for new options?

As industry statistics suggests, many gaming providers are under DDoS attack continuously - each and every day.  Gamers are said to be one of the highest profile targets on the Internet, while at the same time their business models require 100% uptime.  These two facts manifest into quite the conundrum for today’s gaming providers....

Read more

Why DDoS scrubbing-lanes?

With regards to scrubbing-lane approaches, years ago Internet Service Providers (ISP) realized, “Yes DDoS is a problem we will have to deal with now and in the future”.  From some reports as early as the year 2000 ISPs began observing DDoS attacks traversing their networks. How did they see the effects of DDoS attacks - way back...

Read more

Return on Investment vs. Return on Availability

In my discussions with organizations looking to protect their business from the wrath of DDoS attacks, I often hear the same question, “How do we obtain a Return on Investment (ROI) on a DDoS protection solution?”  Years ago I would attempt to delineate a potential ROI model, often on the fly.  On several occasions, I worked...

Read more

Experiencing Pain you can’t Explain?

Last week I attended the Corero annual sales kickoff at our HQ in Hudson, MA. While there, I had the opportunity to spend several days with one of our most seasoned security engineers, David B.  He was discussing his experience regarding a hosting provider who was currently evaluating the Corero SmartWall® Threat Defense System (TDS) as a...

Read more

The biggest threat to your SLAs - DDoS Attacks (Part II)

It’s obvious that latency and outages caused by DDoS attacks can severely impact uptime measurements.  A sustained outage caused by an attack could result in an organization losing or reducing its uptime certifications. The reality of the impact of DDoS to a provider’s APS ratings is staggering if you put it into...

Read more

The biggest threat to your SLAs - DDoS Attacks (Part I)

It is no secret that Hosting Providers live and die by the Service Level Agreements (SLAs) and uptime guarantees they offer to their customers.  Organizations select providers, and remain loyal when SLA thresholds are continuously met.  Hosting Providers are fighting an up-hill battle in striving to meet these aggressive guarantees....

Read more

Hope for the best, but plan for the worst.

From my time spent in the military back in the 1980’s I remember many of the lessons learned.  The title of this blog is one of them. Without a plan, all of the hope in the world solves little, if anything and hope simply cannot replace a good plan. Hope is not a strategy for success. With the recent news pertaining to Lizard Squad...

Read more

Interview with Corero CTO, Dave Larson – It’s Game On for DDoS

The Gaming Industry, given its high-volume, high-transactional environment, requires 24/7 accessibility. Any downtime or interruption has a significant financial and reputational impact. The Gaming Industry thrives on the Internet, which makes them especially sensitive to DDoS attacks not only by motivated attackers, but also competitors and poor...

Read more

'Twas the Night Before Payday

Enjoy a little bit of Holiday Fun!  Watch the Video   'Twas the night before payday, when all through the net Most attackers were stirring, increasing the threat. Tomorrow’s targets were chosen, sighted in their crosshairs, In hopes the victims, soon would be theirs.   Evading the law, and even the...

Read more

Change is inevitable – Time to re-write the playbook

Hopefully most of you in the industry have noticed that the approach to DDoS protection has changed dramatically over the last few years. What was once considered a good defensive posture is now proving to be sub-par protection against today’s sophisticated and adaptive DDoS attacks.  The days of firewalls, IPS’s and other...

Read more

Why would anyone launch a DDoS attack against us?

During my travels across the globe I meet lots of people, and it always amazes me when individuals continue to believe that they are not susceptible to a DDoS attack. I frequently hear, “Why would anyone attack us, why should we plan for an impending DDoS attack?”  Believe it or not statistics show that over 40% of online...

Read more

SSDP Amplified Attacks, a Sitting Duck against Sophisticated DDoS Analytics

The craftiness of cyber attackers never ceases to amaze me and now a new kid on the block has emerged – the SSDP Reflective/Amplified DDoS attack.   Many people may wonder what SSDP is.  SSDP otherwise known as the Simple Service Discovery Protocol is a network based protocol used for the advertisement and discovery of network...

Read more

49½ pounds of DDoS attack visibility

Why is visibility important? The answer is an easy one to deliver. When you’re under a DDoS attack or when one of your customers comes under attack, “end-point pipe” visibility is the key to quick mitigation. You cannot proactively defend a network if you cannot detect, analyze and respond to the attack and this level of visibility is critical to proper DDoS protection.

Read more

First Line of Defense Against DDoS Attacks in a Hosting Environment

Hosting Providers and Datacenters must overcome the challenges associated with a wide range of hosting requirements; maintaining highly available applications, mission critical systems and maximum levels of reliability. Unfortunately, DDoS attacks threaten their ability to do so. This is problematic as a Web hosting, co-location and datacenter...

Read more

Specially Crafted Packet DoS Attacks, Here We Go Again

One of the unique types of Denial of Service (DoS) attacks involves the usage of specially-crafted packets.  Most cybersecurity professionals are already familiar with volumetric and amplified DDoS attacks, but more recent attention has been surrounding fragmented and application-layer DDoS attacks. However, few understand what a...

Read more

A Real Story About Successful DDoS Mitigation

If you’re a cybersecurity professional, you may be all too familiar with the risks associated with DDoS attacks. Over the years, the threat landscape has had detrimental effects on organizations. Including, system downtime, brand damage, loss of customer confidence, and ultimately negatively impacting your bottom line. These implications can...

Read more

Securing the Data Center and Generating Revenue - #Winning

Corero CTO, Dave Larson, spoke recently to an audience of Hosting Providers during a (Web Hosting Industry Review) WHIR hosted webinar event.   Dave addressed the audience alongside WHIR editor, Nicole Henderson, and explained how hosting providers have a new opportunity to increase their revenue and customer base.  After an...

Read more

Attack of the Month Video Blog Series: Blended DDoS Attacks

It’s no surprise that today's hackers are getting increasingly smarter. Unfortunately, traditional defenses aren't enough to fight against the different types of DDoS attacks, which are more sophisticated and common place. Hackers are now carrying out a combination of DDoS attacks, known as Blended DDoS attacks, to maximize...

Read more

Cash is King!

As early as 2005, government and other Internet security experts were openly discussing the concept of ‘Maybe the Cloud Can Help Secure the Internet’.  Should the ISPs, Hosting Providers, Colocation and other bandwidth providers get involved in helping to secure the Internet? According to an article still floating around the...

Read more

Best Common Practice - 38, Perhaps Wise Beyond Its Years

Perhaps a little known fact in the inner workings of what we know as the World Wide Web, is that ability to spoof Service Provider source IP addresses and send traffic into the Internet using a fake or pseudo IP address is quite a common practice. Most often used for malicious purposes and cyber security experts would agree that Source IP spoofing...

Read more

Life in the Fast Lane

Many of us buy premium gas at gas stations, premium seats on airlines, premium upgrades at hotels and premium groceries at boutique retailers.  If individuals or their respective businesses are willing to pay for a premium service, why would anyone oppose it?  I ask this question as we await a ruling from the FCC as it relates...

Read more

What’s Hiding Behind that DDoS Attack?

Multi-vector patterns of DDoS attacks are becoming more commonplace in the world of cyber warfare. From the volumetric attacks aimed to fill your pipe and squeeze your Internet bandwidth down to nothing, to the low and slow application layer attacks that sneak right through traditional defenses – combination attacks are becoming the norm....

Read more

Attack of the Month Video Blog Series: Network Layer Attacks In ICS

In the world of Industrial Control Systems (ICS) system outage or infiltration can result in system downtime, loss of productivity and loss of revenue, as well as loss of confidentiality, integrity and availability. Additionally, system outage or infiltration could possibly result in loss of life often due to the critical nature of these devices....

Read more

New DDoS Warning Issued - Banking Industry Beware

The Federal Financial Institutions Examination Council (FFIEC), today released advisory statements warning Financial Institutions of risks associated with cyber-attacks on ATM's, credit card authorization systems and the continued DDoS attacks against public-facing websites. It is encouraging to see continued awareness and general guidance...

Read more

DDoS Attacks - A Mainstream Occurrence and Disruption to Your Business

Corero recently partnered with John Pescatore, Director of Emerging Security Trends with the SANS Institute in developing a survey program designed to shed more light on organizations’ experiences with DDoS attacks. What we uncovered does not come as a surprise to those well entrenched in the DDoS defense space. The results continue...

Read more

Vulnerable WordPress Servers, A Real Cause for Concern

Attacks against, and attacks used to manipulate WordPress servers have been seeing more of their fair share of publicity over the last several months.  As we dig a little deeper into the two attack scenarios, a few key points come to light. In the spring of 2013 many WordPress servers located in both Hosting Centers and DMZs throughout the...

Read more

Attack of the Month Video Blog Series: NTP Reflective Attacks

NTP or Network Time Protocol attacks have been taking center stage as of late. What’s interesting here is that the move to exploit UDP based protocol suggests that we (the good guys) are raising the security bar and thus making it more difficult to successfully exploit DNS amplification attacks. NTP is another critical Internet service...

Read more

Attack of the Month Video Blog Series: Application Layer DDoS Attacks

Happy Valentine's Day everyone. For the LOVE of DDoS defense, I'm pleased to share with you another video blog, this time focused on Application Layer attacks. Today's 5 minute session I will cover Application Layer attacks in more detail: What are these attacks? Why are they an emerging threat, or continue to be a...

Read more

Attack of the Month Video Blog Series: Reflective (Amplified) DDoS Attacks

Happy New Year everyone! I'm pleased to kick off 2014 with another dynamic video blog post. Today's video discusses the real threat of Reflective, or as some call them, Amplified DDoS Attacks.  As you may recall from our initial v-blog post the goal for these 5 minute sessions is to dissect and analyze a specific attack type each...

Read more

Attack of the Month Video Blog Series: Pre-Attack Recon Scans

I'm pleased to introduce myself to the Security Bistro community and hope that you welcome this video blog with open arms. The Corero Network Security team and I are excited to introduce a reoccurring  monthly video post that aims to dissect and analyze the various cyber attack types that are infiltrating network environments across the...

Read more