The Importance of DDoS Attack Visibility
The field of cyber forensics is getting much more attention lately, mostly because of the keen debate over Russia’s hacking of U.S. political party networks. The public, media and politicians all demand “evidence” of the hacking. Fortunately, sophisticated cyber-security forensics tools are available to assist with this. We cannot pretend to know what evidence the U.S. intelligence agencies have uncovered, but at least we know that they do have the technology and the cyber security experts to get at least close to the truth (even if they won’t or can’t share it publicly.)
However, when it comes to Distributed Denial of Service (DDoS) attacks, based on political or other motives, forensic evidence is typically much harder to come by. Tracing the origins of such attacks is difficult because the source is either a legitimate third-party server, running a service which has been leveraged by an attacker as part of a reflection/amplification attack, or is a direct flood attack from a single device, or a botnet of many devices in which the IP source addresses are easily spoofed to ones which cannot be associated with the attacker. For this reason, it is critical to have a DDoS protection solution that not only blocks all types of DDoS attacks, but also identifies the type of attack vectors, analyzes the digital fingerprint, and gathers intelligence to prepare against emerging threats.
The Corero SecureWatch® Analytics portal, part of the SmartWall Threat Defense System, does exactly that, by capturing and indexing data on all the traffic the system sees when under attack, and during peacetime, to enable detailed analysis of any security incidents. It continuously records traffic for subsequent analysis of network flows and trends, providing detailed visibility into detected threats and patterns over time.
As sophisticated threats continue to evolve, effective security analysis requires continuous visibility into the traffic flowing between the protected network and the Internet. Analysis of past events is valuable to help prepare for future threats. You don’t need merely attack mitigation, you need visibility into attacks.
For more information, contact us.
Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.