Express Computer

Home  »  Guest Blogs  »  The critical role of threat intelligence in combating DDoS attacks

The critical role of threat intelligence in combating DDoS attacks

Guest BlogsNewsSecurity
By Express Computer
Vinay Sharma
0 44

By Vinay Sharma, Regional Director, India and SAARC, NETSCOUT

Enterprise, government, educational organisations, and service providers are frequent targets for Distributed Denial of Service (DDoS) attacks, and the frequency of attacks is only increasing. But, it’s not just the frequency of attacks that is changing; DDoS attacks are evolving and adapting rapidly, with more sophistication and automation, increasing the challenge for defenders and everyone responsible for safeguarding the performance and availability of critical infrastructure.

There are a variety of motivations driving the DDoS activity we see out there today, but NETSCOUT’s recently released 2H2024 DDoS Threat Intelligence Report reveals that attacks are frequently linked to sociopolitical events such as elections, civil protests, and policy disputes. Attackers are looking to exploit moments of national or political vulnerability, with multiple countries recently experiencing major spikes in daily DDoS attack activity corresponding to high-profile events, e.g. UK, Mexico, Turkey, among others. This is a key concern in a world with more geopolitical instability, and where a broader range of organisation types are being targeted within these campaigns, sometimes simply for being a part of a specific vertical, or loosely associated in some way to a person or policy.

Multiplication of attack vectors

Today’s DDoS attacks are using reconnaissance, where the attacker looks to profile open ports, service types, and infrastructure components so that they can tailor their attack. Often, multiple attack vectors are then used to have multiple layers of impact, as well as hide lower volume, application layer attack components; and, the attacks can adapt automatically, using real-time monitoring of their impact to try and stay ahead of defenses. Crucially, there is virtually no barrier to entry, as these capabilities are weaponised within DDoS-for-hire services and freely available attack tools.

Pretty much anyone can launch a sophisticated attack, and with attackers making use of DDoS-capable botnets, Tor nodes, and open proxy servers, as well as ISP / Content Provider spoofing, the origins of DDoS attacks can be hard to pin down to specific regions or ISPs. To mitigate attacks, we need granular, automated decision-making, with the best solutions using layers of adaptive behavioural and rate-based mechanisms for isolating and discarding attack traffic. And, as in many other areas of security, threat intelligence also has a key role to play.

Role of threat intelligence in DDoS defence

The infrastructure leveraged to generate DDoS attack traffic is almost always reused in multiple attacks. This may not always be obvious to the victim, as attackers have a lot of infrastructure available to them, and attacks leveraging the same infrastructure may not always be seen by the same target or even ISP. To identify commonly used (and reused) infrastructure, what we need is a global perspective that can collate and correlate information across the Internet to derive real-time insights into the attack infrastructure being used right now.

To achieve this, a constantly updated, broad and deep dataset of global attack information is key, and something which only NETSCOUT possesses. This is fed into an AI pipeline that can quickly correlate datasets, cutting out the noise and amplifying the signal. Supervised learning and human curation can then be used to further hone the output, enabling the timely delivery of actionable threat intelligence to customers. Threat intelligence derived in this way can enable more proactive detection of threats and more rapid mitigation of up to 80-90% of attack traffic, when used appropriately.

Adaptive DDoS protection

Fundamentally, to protect the performance and availability of networks and services from DDoS attacks, our defenses must be able to adapt to the attacks they face. The Adaptive DDoS Protection process employs threat intelligence and AI to continually monitor attack traffic, looking for ways in which countermeasures or threat intelligence can be applied to improve protection. This is a continuous process of evaluation and application of defensive capability, with a full audit trail so that users can fully understand exactly what is going on.

Future-proofing the evolving threat landscape

DDoS attacks will continue to evolve. By leveraging decades of attack mitigation experience, advanced ML algorithms, and threat intelligence derived from unparalleled visibility, organisations can ensure the availability and resilience of business-critical services both today and in the future.

Get real time updates directly on you device, subscribe now.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image