The future of DDoS protection - Simulation Not Resilience!


the_future_of_ddos_protection_simulation_not resilience

Existing DDoS Protection Shortcomings

As the word 'Resilient,' indicates, DDoS mitigation solutions do not prepare for attacks ahead of time, they adapt to and recover from DDoS attacks, after they have been hit. Most enterprises trust their DDoS protection in the hands of DDoS mitigation vendors who offer resilient DDoS mitigation solutions but these resilient DDoS solutions do not have a way to detect DDoS vulnerabilities before the network is attacked. They act after the attack comes in and then they `resiliently` mitigate attacks – meaning organizations get hit, go down, but later recover. Depending on the mitigation solution’s capabilities, SLAs signed and so forth, the resiliency is determined, that is, how long it takes for services to be restored. This number can be anywhere in the range of 30 seconds, up to a few days.

The inherent shortcomings in mitigation solutions are apparent and can be seen in the DDoS attacks that continue to cause severe damage to businesses worldwide. In May 2021 a large-scale DDoS attack was the cause of several sections of Belgium’s internet going down. Several organizations in Belgium, including the government and parliament, were affected by this DDoS attack that overwhelmed them with bad traffic.

Last year, Amazon Web Services (AWS) was hit by a huge attack. This 2.3 terabit per second attack lasted for over three full days. There were several DDoS attacks in the month of April 2021 which we were able to create an overview report. All if not most of the enterprises that were attacked had mitigation solutions in place. Despite this, massive attacks continue to occur with the intention of taking businesses, enterprises, governments, and sometimes entire countries offline. For many such companies, disruption of information technology (IT) services can directly correlate to lost revenues, and here are the list of top 4 industries who impacted by DDoS attacks. Finally, customer expectations have increased, and there is an expectation of `always-on connectivity`, which means that businesses cannot afford any downtime whatsoever.

Critical Reasons for Damaging DDoS Attacks Despite Mitigation Solutions

  • Mitigation solutions are powerful but need to be continuously monitored and configured. However, in today's climate, it is impossible because network vulnerabilities frequently change as new services and applications are added. As a result, outdated configurations leave systems open to new DDoS vulnerabilities.
  • DDoS attackers are insidious and there have been several attacks over the years that are low and slow, i.e., the attack focuses on loading the service, but does not trigger the mitigation system thresholds, creating a set of different attacks that together slow services down, take a long time to detect, and cause the response team’s focus to be distracted.
  • DDoS attackers are also launching multi-vector attacks that use a complex mix of different attack vectors to a variety of targets, making it much more complex for mitigation systems and services to focus on what’s going on, and what to block first. This strategy successfully achieves longer downtime before attack detection and mitigation. Here is an interesting factsheet on how Hackers continuously study DDoS protection limitations and launch multi-vector attacks.
  • A long time-to-mitigation stems from the realization that in many cases, DDoS protection systems have an intrinsic minimum response time required to detect malicious DDoS traffic, and that mitigating the attack requires even more time. Hackers abuse this deficiency by changing attack tactics (vectors and target combinations) in a time frame shorter than the protection system’s response time, avoiding triggering the mitigation system. A series of such short attacks will easily cause damage to the target network services. 

Whitepaper 2021: Types of DDoS Attacks

So, is it possible to prevent these attacks? Is there a more efficient and smarter way to stay on top of DDoS attacks?

It is evident that mitigation solutions lack the capacity to prevent or stop all DDoS attacks without continuous configuration. By themselves, they are only able to detect configuration gaps and mitigate attacks after the attack has already taken the network down. The choice for enterprises is to decide if they want resilience to mitigate attacks or would they prefer to ensure that network vulnerabilities are identified and closed on an ongoing basis.

Introducing MazeBolt’s RADAR™ technology

RADAR™, MazeBolt's new patented technology solution, is the only 24/7 automatic DDoS attack simulator on a live environment with ZERO downtime/ disruption. It automatically detects, analyses, and prioritizes the remediation of DDoS vulnerabilities in any mitigation system. Raising the efficiency of your Mitigation solution and delivering the ultimate DDoS protection.

RADAR™ Simulates DDoS attacks with no downtime!

  • To effectively block complex and intermittently changing threats, the new RADAR™ technology, helps enterprises to continuously validate and remediate the entire DDoS protection posture 24/7. It thereby smartly fixes known areas of weaknesses proactively as there is no time to do this when an attack starts.
  • RADAR™ breaks complex attacks into individual attack vectors to ensure protection automatically against mixed vector attacks. With mitigation alone this is not always possible but with simulation this can be done.
  • RADAR™ starts at a low rate and increases attack simulations to identify new potential targets that are susceptible to attacks from external attackers.
  • It monitors all simulated traffic downstream from the DDoS mitigation device or scrubbing center.
  • RADAR™ by mirroring ports during simulation detects attack leakages instantaneously and remediate them on-the-go.

And finally, RADAR™ continuously maintains complete DDoS mitigation posture without causing any disruptions or downtime.  Learn more about RADAR

About MazeBolt Technology:

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions. The company’s new flagship product, RADAR™, is a patented, new technology. It offers DDoS protection through automated DDoS simulations on live production, with zero downtime. Working in conjunction with any mitigation solution installed. Its unique capabilities have ensured business continuity and full DDoS security posture for enterprises worldwide including Fortune 1000 & NASDAQ-listed companies.

Picture of Yotam Alon
About Yotam Alon

Yotam is Head - R&D at MazeBolt and is in charge of all R&D activities, infrastructure and security. With five years in the security industry, Yotam brings fresh perspectives and insights into current technologies and development flows. He holds a BSc. in mathematics and philosophy and enjoys hitting the archery range in his spare time.