What you didn't know about DDoS attacks!

 Even before the current pandemic, the types and velocity of distributed denial of service (DDoS) attacks were on the rise!

And with the architectural changes brought about by COVID-19—such as greater reliance on VPN gateways as more employees work from home—organizations are at increased risk of disruption. In fact, according to NETSCOUT most recent Threat Intelligence Report, we have seen a 15 percent increase in DDoS attacks in 2020 compared to the same period in 2019—and a 25 percent increase over the height of the pandemic lockdown. At present, we are on track to experience more than 9 million attacks this year.

Please note - NETSCOUT is the top-ranked vendor in the DDoS Prevention Appliance Market.

As organizations consider the steps needed to mitigate the risk from DDoS attacks and maintain resilience and availability, they should keep the following five areas in mind:

1. Be mindful of stateful attacks. When most people think about DDoS attacks, they think first of volumetric attacks. But state-exhaustion DDoS attacks that block stateful devices such as firewalls, load balancers, and VPN concentrators from serving incoming connections from legitimate clients can also negatively impact vital applications, services, infrastructure, and data. This problem is particularly acute now, when we are increasingly reliant on remote connections through VPN concentrators. To protect against state-exhaustion attacks, it is important to design network infrastructure, including applications and service delivery stacks, to minimize state wherever possible.

There is a common misconception that firewalls are sufficient to protect against DDoS attacks. This is simply not true, as they are vulnerable to state-exhaustion attacks. This is why best practices (including from firewall vendors) recommend that companies deploy stateless DDoS protection in front of firewalls to protect them from state-exhaustion DDoS attacks.

1. Cloud-based protection is not enough. The most common form of DDoS attack protection is a cloud-based mitigation service, often from ISPs or independent providers. And while such services are indeed vital to stop large, volumetric DDoS attacks that outstrip the volume of internet circuits, that is only one part of a comprehensive protection strategy. For state-exhaustion and application-layer attacks, which are just as common, the industry best practice is a stateless, on-premises solution that can automatically detect and stop such attacks.

2. Be aware of shifting tactics. Many savvy DDoS attackers use attack performance management tools to monitor the effectiveness of their attack in real time. These tools help determine whether defenses are deployed when attack vectors are altered. This can lead to the launch of multivector attacks, which are far more challenging to mitigate without the right solution in place.

3. Size doesn’t always matter. The vast majority of DDoS attacks today are not massive in scale, but rather are smaller-sized and short-lived. It’s important to keep in mind that a DDoS attack does not need to be big and last a long time to have a negative impact. In fact, the overwhelming majority of DDoS attacks last one hour or less, and nearly a quarter of them last less than five minutes. This means organizations need DDoS attack protection that can instantaneously detect and mitigate attacks before the damage is done.

4. Consider a hybrid approach to DDoS protection. At NETSCOUT, we recommend a hybrid approach to DDoS protection. The cloud-based model, which relies on a service provider to deliver DDoS mitigation services against volumetric DDoS attacks, can be highly effective. However, to adequately protect the dynamic nature of most organizations from smaller application-layer DDoS attacks, we recommend augmenting with on-premises DDoS protection. This allows organizations to rapidly deploy customized DDoS protection as new applications or services are rolled out.

The fact is, DDoS attacks can be mitigated—if you are prepared!

A key part of that preparation lies in a regular reassessment of your DDoS attack protection strategy. After all, today’s DDoS attacks are ever-changing, and traditional methods of protection may not be enough. Organizations should keep up with the latest trends in DDoS attacks, know what the current best practices are for defense, and test those defenses on a regular basis.

Learn How to be Prepared! about hybrid DDoS protection - DDOS - Enterprise - Security

Author - Tom Bienkowski - NETSCOUT Product Marketing Director .

Tom Bienkowski has been involved in the network and security field for more than 20 years. During his tenure in the industry, he has worked for large enterprises as a network engineer as well as for multiple network management and security vendors in sales engineering/management, technical field marketing, and product management roles. In his current role as director of product marketing at NETSCOUT, he focuses on NETSCOUT’s industry-leading DDoS protection solutions.

Please Note Read here - According to global research company Omdia, NETSCOUT is the top-ranked vendor in the DDoS Prevention Appliance Market. Omdia’s biannual market tracker found that NETSCOUT continued to lead the sectors of Transport, Data Centers and Mobile in DDoS prevention, as the company has expanded from its dominant position in the communications service provider (CSP) market to gain significant market share in the enterprise DDoS mitigation business.

Click Here - Learn more about Netscout's #1 protection and mitigation technology !

Sentient Stuff

 

Those of us who have worked in the data storage industry often wonder how our computers match up to the processor we carry around in our own heads. Comparisons are difficult to come by – we can estimate the average number of neurons in a human brain (~ 86 billion), but they are quite different from the “bits” that comprise computer memory. If they functioned in the same binary way, we would have the storage equivalent of a typical flash drive, and we’d have to start deleting less important memories by the time we reached sixth grade.

Each neuron shares information with about 1000 others, putting the total number of connections at around a trillion. We also know that neurons cooperate with one another in storing memories, resulting in an overall estimated capacity of several Petabytes. This amount of computer memory would store about 3 million hours of video. If you think of your life as one big reality TV show, that’s about 300 years’ worth of narcissistic binge watching.

The size of an individual human memory is difficult to estimate; our more detailed memories probably take up the most room. As we grow and learn, some memories are discarded to clear up space, while others are just too good to let slip away. A great deal of information we consume is just not worth remembering in the first place. Computers and brains have much in common.

The more interesting comparison which has intrigued great thinkers for centuries involves consciousness. How sentient can a non-human entity be? We like to think that a computer doesn’t have feelings and can only mimic them. But is it aware of itself and if so, how does it feel about that? If you tell a new computer that it will never amount to much because its memory is too small or its processor is too slow, will it eventually need counseling?

The presence of consciousness is more than just idle conjecture. Neuroscientist Alysson Muotri of UCSD maintains Petri dishes in his lab where hundreds of tiny sesame seed-sized brains float around. Known as brain organoids, they have been connected to walking robots, used as models for advanced AI systems, and lately employed in the testing of SARS-CoV-2 drugs. None of this seems too alarming - except perhaps for the walking robots.

The point where things get a bit disconcerting is documented in the Muotri Group’s August 2019 Cell Stem Cell article. In this research, the little organoids began to generate coordinated waves of activity much like that seen in a conscious brain. Anticipating the philosophical and moral questions that would surely arise, Dr. Muotri shut down the experiment after a few months. In the meantime, other researchers were having their own epiphanies.

Developmental Biologist Madeline Lancaster knows that, like a computer, a brain without input and output isn’t worth much. Her research team tried growing brain organoids next to the spinal column of a mouse. Once a connection was established, the muscles began to contract. Harvard Molecular Biologist Paola Arlotta was able to induce light sensitivity in some brain organoids. He then observed that their neurons started firing when illuminated. These discoveries and others like them have produced some attention-grabbing research papers – and put many ethicists and theologians on notice – but where do we go from here?

There are some uniquely human conditions (e.g. autism) that cannot be studied in animal models. Effective research on these could benefit greatly from “consciousness in a jar”. In a culture that still debates the dangers of genetically modified tomatoes, this is a heavy lift. Both for the research itself, and for the ethical guidelines that must be developed, a standard way to define and measure consciousness is required. So far this has proven elusive.

Peter Singer, a philosopher and advocate for living things, famously noted that a particularly brilliant chicken might surpass some humans in certain capacities. A quick stroll through the meat department should convince you that this isn’t a very good metric.

Computers and brains have some similarities, but comparisons are sketchy at best. Our silicon tools start with simple, Boolean logic gates and build on those to produce striking complexity. Similarly, brain organoids grown in the laboratory start out as simple multi-cellular structures which can be coaxed into some very human-like behaviors. Whether or not consciousness is one of those remains to be seen, but how will we ever know if that collection of organoids in a jar is sentient?

Someday we may be able to just ask it.

Author Profile - Paul W. Smith - leader, educator, technologist, writer - has a lifelong interest in the countless ways that technology changes the course of our journey through life. In addition to being a regular contributor to NetworkDataPedia, he maintains the website Technology for the Journey and occasionally writes for Blogcritics. Paul has over 40 years of experience in research and advanced development for companies ranging from small startups to industry leaders. His other passion is teaching - he is a former Adjunct Professor of Mechanical Engineering at the Colorado School of Mines. Paul holds a doctorate in Applied Mechanics from the California Institute of Technology, as well as Bachelor’s and Master’s Degrees in Mechanical Engineering from the University of California, Santa Barbara.