Confused about the "intelligent automation" of DDoS protection? Simply take you to understand its true colors

Others 2021-01-24 06:35:53 views: null

"Automatic" and intelligent automation are two different concepts. Today's DDoS protection best practices require intelligent automated local and cloud mitigation strategies. Local components (placed in front of static devices such as firewalls and WAF) are very suitable for quickly mitigating most attacks, especially application layer attacks that are difficult to detect. Cloud DDoS protection can mitigate true upstream capacity exhaustion attacks before they penetrate your Internet connection.
Hybrid DDoS protection deployment combines local components with cloud mitigation strategies to provide the most comprehensive protection measures for today's hybrid DDoS attacks. You can see the meaning of intelligent automation from the following example. A customized local DDoS solution can provide protection for specific applications running in specific data centers. The customized content includes a specific whitelist/blacklist strategy, geographic location information, etc. Before the attack occurs, or in peacetime, these local custom policies are continuously sent to the cloud DDoS protection service.
When local protection cannot respond to an attack that occurs, cloud DDoS protection will receive a signal. At this time, the attack traffic is automatically rerouted to the appropriate cloud cleaning center, where the custom protection policies and other measures sent before are automatically applied to Attack traffic. This is an example of intelligent automation. Attack traffic is more intelligently distributed and automatically mitigated by using the custom policy sent before.
Viable automated threat intelligence and the use of automated processes (if possible) are critical to the rapid detection and mitigation of today's increasingly complex hybrid DDoS attacks. Enterprises can only achieve fast and efficient DDoS protection through a deeper understanding of the scope and internal mechanism of attacks.
Really feasible threat intelligence has the following characteristics:
• Continuously provide real network traffic and threat data outside the enterprise. The larger the traffic sample, the more effective the data.
• Optimize the above source data according to the environment: establish a correspondence between data points and related attack activities and specific threats.
• Highly credible. The intelligence that generated the false positives is not the real intelligence.
By examining network attack data from multiple sources and intensively analyzing the characteristics of persistent malware, the truly feasible intelligence not only identifies a single threat point, but also identifies data related to the attack. Incorporating the fundamental command and control infrastructure, historical records, and related strategies, technologies, and procedures (TTP) and other broader environments, data becomes more reliable.
This kind of reliable intelligence is essential to achieve higher automation and higher speed DDoS detection and effective protection. Regardless of the scale of the attack, automated identification based on the latest available threat intelligence can work. There is no need to wait until the threat reaches the upper limit of capacity to initiate mitigation measures. You can identify many types of DDoS attacks, including "low frequency, slow" application layer attacks. Automatic detection of specific types of botnets can prevent them from harming the network, while allowing other security devices to perform their own functions.
Many DDoS protection measures can be automated, such as blocking specific types of attacks that target bandwidth, applications, and protocols. Automation can provide multi-level protection based on risk status and credibility, and communication with security service providers or ISPs on threat detection and identification can also be automated, thereby improving the speed and efficiency of upstream DDoS mitigation. By combining actionable intelligence and intelligent automated processes, today's high-volume attacks can be better managed. Automation also allows you to deploy security resources more efficiently and focus these resources on threat classification: detecting, identifying, and preventing real threats faster.
This article is reproduced from: http://www.heikesz.com/ddos1/3979.html

Guess you like

Origin blog.csdn.net/weixin_51110871/article/details/112240999
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com