Netography: Getting Beyond the ‘Black Box’ Approach to DDoS
By Martin Roesch, CEO
According to the Verizon 2023 Data Breach Investigations Report, Distributed Denial of Service (DDoS) attacks continue to be the top incident type for the last several years, with 6,248 incidents last year. These attacks are gaining in volume, power, and duration as bandwidth and CPU processing becomes more affordable and suggests a trend that is likely to continue.
Why do DDoS attacks remain a problem for many organizations despite the fact that there are cloud-based providers for DDoS mitigation? One reason is that many of these tools use black box approaches, so users have very little visibility into DDoS attack mitigation strategy and efficacy, and very little ability to identify potential points of failure and influence how these tools operate.
Additionally, some anti-DDoS technologies were primarily designed for networks or applications in simpler environments compared to the complex ones we encounter today. As a result, it is often challenging to comprehend the nature of a DDoS attack since the exact target remains hidden from view. It is crucial to acknowledge that these legacy systems lack the necessary capabilities to effectively address modern DDoS threats. In many cases, an attack succeeds simply because the visibility and real-time information required for an appropriately targeted response or reaction are inadequate.
Attackers also leverage multiple and dissimilar attack vectors to increase the complexity of attacks and hinder mitigation. This is especially true for organizations with Atomized Networks, which are increasingly the norm. In a dispersed and ephemeral environment, an organization’s ability to characterize an attack, characterize the infrastructure under attack, and have a flexible defense to remediate within the same day is very limited with conventional DDoS mitigation providers.
The Answer to an Emergent Attack
Netography’s approach to DDoS detection and analysis helps organizations understand emergent attacks across their Atomized Network, remediate them within hours, and improve DDoS resiliency. Here’s just one real-world example:
A company that had been under a DDoS attack for a couple of weeks contacted us because they were struggling to understand how their anti-DDoS service was failing them. They couldn’t quite characterize their own environment or the parameters of the attack they were receiving. But they were seeing their web service significantly degraded, and the threat actor had sent a ransom demand to stop the attack.
Because Netography Fusion is a cloud-native platform that can monitor both cloud and on-prem traffic, we were able to immediately set up an account for the organization so they could point their data sources to our cloud ingest capability. Netography takes a new approach to provide granular visibility into every component of the network, leveraging metadata in the form of flow data from across the infrastructure – in the cloud and on-prem – to help users understand what they have, what it is doing, and what’s happening.
In less than an hour, we were able to tell them they had a misconfiguration that was allowing traffic to get to their site without going through their DDoS mitigation partner. We advised them on the correct settings, and they were back on their feet in minutes. Our frictionless approach to characterize a DDoS attack and the infrastructure under attack is an incredibly powerful method for DDoS detection and analysis that allowed them to marshal defenses quickly and stop an emergent attack.
Measure and Improve DDoS Resiliency
There’s another interesting aspect to our approach to network traffic monitoring and security and what it enables our clients to do. Netography Fusion instruments the traffic coming into and going out of the anti-DDoS provider so users can see before and after if scrubbing is happening and validate that their DDoS mitigation service is working as expected. Armed with this knowledge, clients can take steps proactively to protect any critical services left unprotected by their service provider.
We also have a distinctive partnership with Lumen, a collaboration that enables us to produce a comprehensive view of their network defenses, both before and after the “scrubbing” process takes place. This perspective provides us with a clear visual representation of their network’s resilience amidst a digital onslaught. What sets our relationship apart is the unprecedented insight it provides for our mutual clients. Until now, such a service has been nonexistent in the industry. This pioneering method stands as a formidable assurance for the seamless continuity of business operations.
DDoS attacks are happening with increasing frequency and decreasing ability to deal with them. Netography is architected for this reality so that clients can understand emergent attacks, remediate the same day to reduce the cost and impact, and even measure the effectiveness of their DDoS mitigation strategy to get ahead of weaknesses.