At a recent security meeting with a large healthcare organization, I had the privilege of looking at the logs of a private cloud infrastructure which I helped design. They showed me a couple of interesting numbers and what looked like possible DDoS attacks. Except, they were different. The security admin mentioned that he, and colleagues in different organizations, have been seeing a spike in malicious DDoS attacks against their systems.
Over the past few months, there have been more DDoS attacks against more IT infrastructures all over the world. These attacks have evolved from simple volumetric attacks to something much more sophisticated. Now, attackers are using application-layer and HTTP attacks against certain targets within an organization.
Consider this: cloud DDoS attacks are larger than ever. The Arbor Networks 9th annual Worldwide Infrastructure Security Report illustrates this point very clearly with the largest reported DDoS attack in 2013 clocking in at 309 Gbps. ATLAS data corroborates the report, with eight times the number of attacks over 20Gb/sec monitored in 2013 (as compared to 2012). And, 2014 is already shaping up to be a big year for attacks with a widely reported NTP reflection attack of 300Gbps+, and multiple attacks over 100Gbps in early February.
Fortunately for my friend and his organization, this SQL application-based attack was stopped. Why? They have an application firewall deployed on a virtual appliance. That firewall was specifically monitoring the targeted application, so the attack was stopped and logged.
A cloud DDoS attack is no laughing matter. Massive systems now rely on cloud environments where a single component can cause a cascading failure. This is where next-generation security and DDoS appliances are going to be helping out.
The reality is simple: With more organizations moving onto cloud platforms, there will need to be new types of security best practices to help secure their environments. Data leaks and security breaches can be messy from an IT perspective, but they can also really hurt a company’s image. More organizations are beginning to spend serious dollars on the next-generation security industry in efforts to help mitigate a possible DDoS attack.
What to look for and consider:
- Next-generation security appliances and firewalls are real and have powerful cloud-layer visibility
- Incorporate virtual security into your data center as virtual machines, appliances and more
- DLP, IPS/IDS engines are much more powerful now and have granular visibility into your data architecture
Whether a company is hosting its own cloud environment or using a hosting provider, new types of security measures that can effectively protect against cloud DDoS attacks will have to be evaluated. Virtual security appliances can now be placed anywhere on the network to protect different types of internal systems. This can range from a specific OS service to a full application.
Also, new physical storage appliances are taking data correlation and security into their own hands.
There is one final very important piece to all of this. Because of the increase in attacks against applications, internal resources, and various data points, there needs to be more collaboration between application and security teams. Application developers and administrators must clearly communicate what they need to operate with the security teams. This means understanding network, port, and services configurations. Improperly setting up an application – especially if it’s WAN-facing – can have very bad consequences.
It’s a changing industry out there. And cloud is certainly leading the way. However, just like with any new technology, there are always plenty of new security concerns to follow. Look for next-generation security to continue to evolve to help support the very wide demands of the cloud.