Distributed denial-of-service (DDoS) attacks increased drastically last year and have become widespread. DDoS attacks are a way of overloading network routers or servers with so much traffic that it drains your resources and they stop responding to legitimate requests. The true impact of DDoS is difficult to measure but it is very destructive. If your business application goes down for any period of time, your customers can’t get through and you end up with revenue loss and brand damage. On average, a DDoS attack results in 17 hours of effective downtime, according to a 2016 IDG study commissioned by A10 Networks.
Massive DDoS attacks have become very common, and many environments are breached with such attacks. For example, the malware known as “Mirai” that was introduced in early October 2016 used botnets to orchestrate massive DDoS attacks that single-handedly disrupted global internet services. Researchers are curious about Mirai’s future and remediation. Given their large attack surface and high profile, such attacks are a significant challenge for enterprises.
Fortunately, there are many advanced technology solutions that can help you properly protect your infrastructure and keep applications available despite the unpredictability of today’s internet. Many security vendors shield you with a complete layer of defense to stop attacks of all types and sizes.
Casting out the bad IP
One way for an organization to defend itself against DDoS threats is to have a simple, automated DDoS mitigation solution that detects and mitigates DDoS attack attempts instantaneously by blocking the bad IP. When an enterprise detects an attack that consists of abnormal traffic from a set of IPs, the next step is to block the bad IP and create a security policy across the application infrastructure. With the traditional approach, the process of blocking the bad IP usually takes anywhere from three hours to many days due to delays in change ticket resolution that result from siloed teams, inefficient processes, and so on.
Typically, as soon DevOps or application teams detect a bad IP, they will do an impact analysis and reach out to the network team to provide approval to block that particular IP. Once they receive approval, they will have to open a change ticket to implement the change. After the change is completed, the application or DevOps team has to validate it. If it has to be implemented across other environments, the same process must be repeated. If there is a misconfiguration, the entire process must be redone, which is time-consuming.
Figure 1: Common IP-blocking process
Typically, as soon DevOps or application teams detect a bad IP, they will do an impact analysis and reach out to the network team to provide approval to block that particular IP. Once they receive approval, they will have to open a change ticket to implement the change. After the change is completed, the application or DevOps team has to validate it. If it has to be implemented across other environments, the same process must be repeated. If there is a misconfiguration, the entire process must be redone, which is time-consuming.
For this reason, automation across all potential network incursions is an essential part of any defense solution, as is the capability to respond in real time in the event of an attack.
What can network automation solutions do?
With advanced network policy management and automation solutions, detection and prevention of these attacks is fully automated and can be leveraged during DDoS scenarios. As soon as an attack is detected, the network automation solution lets you mitigate attacks instantly.
Figure 2: Automated attack mitigation
The AppViewX Platform provides a unique, self-service, and form-based approach that lets you automate the whole network change management process. Once a bad IP is detected, the application team or DevOps team can fill in a simple, pre-defined self-service form with approved validation checks. After the form is submitted, it talks to the relevant ITSM system via RESTful APIs to create a ticket that contains all the required information. These automation workflows are designed and approved by the network team. With this automated approach, the implementation time is reduced from hours to minutes. Not only does AppViewX allow you to block these attacks, but it also simplifies network policy management and ensures compliance. You can read the white paper to learn more about the capabilities of APS here.
Along with automating the process, AppViewX also provides other important capabilities. Role-based access control (RBAC) brings multiple teams together to reduce the amount of time it takes to troubleshoot issues. Customizable self-service forms enable you to define the work order based on the organization’s needs. Post-validation serves as a sanity test to make sure that requests are fulfilled correctly. Customizable dashboards give you complete visibility into your application service infrastructure so you can manage critical business applications easily. Threshold alerts can be configured to trigger an email or SMTP trap for notification and monitoring purposes.
Modern DDoS mitigation technology and security best practices can help you detect DDoS attacks effectively. Why wait for hours or days to block traffic? You can deploy network automation solution in your application infrastructure to ensure high availability and automate real-time blocking of DDoS attacks so they never disrupt your network.