With the rise and potentially devastating consequences of Distributed Denial of Service (DDoS) attacks, cyber criminals continue to seek out new methods of perpetrating them - e.g. through amplification variants. DDoS attacks are also used more and more not only for financial gain, but also as a means of discrediting and disabling competitors, or to simply create headlines.
Building defenses against DDoS attacks is no longer just a matter of using the best mitigation solution. In the past twelve months we’ve seen the rise of ransomware-driven attacks and other Advanced Persistent Threats (APT) related to DDoS. This is why many DDoS vendors have developed new and updated anti DDoS solutions to protect enterprises against these bigger, smarter and more diverse DDoS attacks and the distribution of botnets.
Our cyber security experts selected the five best anti-DDoS solutions for 2019.
Of course simply deploying a black-box or anti-DDoS node is not enough to solve the challenges surrounding DDoS. Every enterprise has its own specific challenges, demanding their own custom DDoS protection solution. This is why it is important to look at DDoS from the perspective of general hardening and prevention - e.g. mitigation of APTs.
1. Anti-DDoS security assessments, optionally combined with RTBH/Flowspec integration
Placing a black box and expecting it to fully protect you from any DDoS attack is (unfortunately) not how DDoS protection works. That’s why a crucial, yet regularly overlooked, element of DDoS protection is having an experienced engineer assessing your setup first.
A DDoS specialist can highlight any current issues or vulnerabilities and gives extensive advice on the best solution for your specific situation. Whether it’s hardware or software related, most of the time numerous factors play an important role in hardening your network and optimising the environment in which the attacked host and/or application resides.
That’s why ramping up your defenses against DDoS and reducing vulnerabilities can sometimes mean that small and relatively simple design changes are required. Changes to existing environments or configurations, for example, could already be the right DDoS solution for you. An Anti-DDoS Security Assessment often means establishing quick wins requiring little or no investment.
This is why regularly assessing your hardware, setup and environment, even though it is not a vendor solution, is at the top of this list.
2. Combination: Arbor Networks Sightline (former SP) and Threat Mitigation System (TMS), Sightline Insight
Arbor Networks is on its way to completing the second decade of its Anti-DDoS lifespan. The classical combination of Arbor Networks Sightline and Arbor's TMS continues to prove its effectiveness across many industries.
Arbor Sightline is an anomaly detection system. It is based on sampled netflow, capable of performing enhanced reporting, alarming, automated mitigation in multiple phases and can even be triggered by their Availability Protection System (APS). An extra powerful feature is that any third party script or application for mitigations can be triggered by external and existing logic.
Known for its peering and routing analysis capabilities, Arbor Networks Sightline adds faster network insights, improving your business security posture. In addition the Arbor Insight option is available now. Storing 100% of all netflow data in a performant, big-data setup, while seamlessly integrated with Sightline, allows for a new level of reporting, alerting and visibility for both peering-analysis, threat-visibility and mitigation!
RTBH and Flowspec are mitigation methods that are both included with Sightline. Optionally it can be enhanced with Threat Mitigation System (TMS) appliances such as an external scrubbing centre, offering APT awareness and filtering. This is without a doubt a vital component of the Arbor Networks DDoS-solution.
Customers have a choice of deploying both Arbor Networks Sightline and TMS virtualised, on hypervisor and bare metal, therefore lowering Total Cost of Ownership (TCO) from day one.
Benefits of Arbor and the ATLAS Intelligence Feed
Important to note is that TMS’s detection service also makes use of (and helped set up) the ATLAS Intelligence Feed (AIF), providing insight and expert analysis for DDoS protection. With the Arbor Security Engineering & Response Team (ASERT), dedicated to discovering and analysing emerging threats and developing targeted defenses, Arbor has both visibility and remediation capabilities at nearly every tier one operator and a majority of service provider networks globally. ASERT shares this operationally viable intelligence with hundreds of international Computer Emergency Response Teams (CERTs) and with thousands of network operators via inband security content feeds. Being part of ATLAS, actively monitoring Internet threats around the clock and around the globe via ATLAS, ASERT gives you another good reason to consider Arbor’s anti-DDoS solutions.
With DDoS attacks becoming more advanced, using a sandbox is becoming more important to protect against APTs such as ransomware and botnets that are, for example, shared via email attachments. These have to be analysed at an advanced level, which not all virus scanners can do at scale. Virus scanners simply can not handle the vast amounts of data that virus databases contain anymore. That’s why advanced tools such as the FortiSandbox need to be used to execute behavioural analyses.
Anyone using the FortiSandbox security fabric appliance will acknowledge its strong added value for any Fortinet user. FortiSandbox inspects and executes potential malware and other suspicious code within a protected environment. When something suspicious is detected, a notification is sent reporting the details.
This Advanced Threat Protection solution inspects behavioural patterns before allowing exposure to the user. FortiSandbox offers a combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss. And all that comes at a reasonable (relatively low) price point.
FortiSandbox also extends advanced threat protection to your next generation firewall, web application firewall, secure email gateway, and endpoint protection platform. Support protocols and applications are:
- Sniffer mode: HTTP, FTP, POP3, IMAP, SMTP, SMB
- BCC mode: SMTP
- Integrated mode with FortiGate: HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM and their equivalent SSL-encrypted versions
- Integrated mode with FortiMail: SMTP, POP3, IMAP
- Integrated mode with FortiWeb: HTTP
- Integrated mode with ICAP Client: HTTP
4. Arbor APS
Known as the all-in-one in-line Anti-DDoS appliance, Arbor APS provides a mitigation capacity of up to 40Gbps. It also comes as a virtual offering supporting cloud environments such as Amazon Web Services.
The Arbor APS and Arbor DDoS Protection service deliver detection and mitigation technology, providing a holistic view of network activities and enabling rapid, automated blocking of attacks before they impact your critical applications and services.
Arbor APS now also comes with a new licensing scheme. Traditionally, traffic that was being dropped was also calculated in the license costs. With the new license only 'good' or 'forwarded' traffic is required to be licensed. This allows for a strong reduction in licensing fees for many environments, significantly lowering TCO.
If combined with Arbor Sightline and its 'cloud signalling', when specific parts of the environment require the highest level of protection, it represents a win-win situation. In this way the advantages of both an in-line as well as an on-/offramped solution are effectively combined. In conjunction with other best practices, such as Flowspec, it is probably the most effective Anti-DDoS solution currently available on the market, and particularly appeals to financial services organisations, for example.
5. F5 Silverline Web Application Firewall (WAF)
With Silverline Web Application Firewall, F5 Networks introduced one of the most sophisticated (and cloud-based) WAFs on the market. Its capabilities and feature set, combined with global redundancy and excellent 24x7x365 support, have raised the bar to very high levels when it comes to Web Application security.
When you can't afford to have any flaws, need the highest availability and need custom functionality, Silverline definitely should be on your list of Cloud Web Application Firewalls to consider.
F5 Networks regularly updates the Silver WAF with new extensive features that truly enrich the F5 platform. Besides that, it has multiple NOCs delivering 24/7 support, and proactively adjusts your setup when desired during detected issues.
The Silverline Web Application Firewall service protects web applications no matter where the app is hosted—in the private or public cloud, or in a physical data centre.
Anti-DDoS Solutions 2019 - the experts advice
Preventing the growing number of attacks and threats from hitting you in 2019 starts with educating employees, using scalable next-generation solutions and gaining insight into the threats targeting your business or industry. These priorities are a big challenge for cyber security managers.
Over the past couple of years we’ve seen some of the most frequent and severe cyber security attacks ever recorded. (View live DDoS-attack world map). As security professionals prepare for another potentially record-breaking year of network breaches and data security risks, it is imperative that you make yourself aware of the latest solutions. The latest generation of anti-DDoS solutions and technologies can help you to stay ahead of the perpetrators and successfully protect your most critical assets and applications.
16 November 2018