How DDoS has evolved into new threats against a data center

The largest reported attack in 2014 was 400Gbps. With more focus on the data center, the kinds of threat vectors are evolving as well. Find out what you can do to better secure your environment.

Bill Kleyman

May 19, 2015

5 Min Read
How DDoS has evolved into new threats against a data center

Today’s business world is becoming ever more reliant on the data center. With more workloads, more end-points, and a lot more data, demands around resources and efficient technologies continues to grow. The data center has become the heart of any modern organization. With virtualization and cloud computing at the helm, many are saying that it’s great to be in the data center business. Although this may be the case from an infrastructure side, we can never forget that as more people move towards a type of platform – the bigger the target becomes.

Cloud computing has given rise to many new types of services for organizations. These include hosting options, data center extensions and even new disaster recovery strategies. With the increase in cloud utilization comes the very real increase in security threats.

There’s little doubt that as the size, frequency and complexity of distributed denial of service (DDoS) attacks continue to rise, hosting and cloud service providers must have solutions in place to protect the availability of their infrastructure and services. Now, there are three specific types of attacks which attackers can utilize to bring a system to a halt:

  • Volumetric Attacks

  • TCP State-Exhaustion Attacks

  • Application-Layer Attacks

A recent Arbor Network security report from Arbor illustrates how attacks are growing in size, complexity and frequency:

  • Use of reflection/amplification to launch massive attacks: The largest reported attack in 2014 was 400Gbps, with other large reported events at 300, 200 and 170Gbps with a further six respondents reporting events over the 100Gbps threshold. Ten years ago, the largest attack was 8 Gbps.

  • Multi-vector and application-layer DDoS attacks are becoming ubiquitous: 90 percent of respondents reported application-layer attacks and 42 percent experienced multi-vector attacks that combine volumetric, application-layer and state exhaustion techniques within a single sustained attack.

  • DDoS attack frequency is on the rise: In 2013, just over one quarter of respondents indicated they had seen more than 21 attacks per month; in 2014, that percentage has nearly doubled to 38 percent.

“Arbor has been conducting the Worldwide Infrastructure Security Report survey for the last 10 years and we have had the privilege of tracking the evolution of the Internet and its uses from the early adoption of online content to today’s hyper connected society,” said Arbor Networks Director of Solutions Architects Darren Anstee. “In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files. Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating – the stakes are much higher now. “

So, what do you do in these types of situations? You get smart and fight back! A new security term has been circulating the industry. Next-generation security platforms are much more than just physical boxes sitting in the data center. There has been a leap in security technologies where advanced engines are doing much more deep diving than a regular UTM firewall would.

  • Virtual Appliances and Security Virtualization. No longer bound by the physical aspect, virtual appliances can roam between physical hosts and have visibility into more parts of the network. Plus, they’re easier to manage from an agility perspective. Furthermore, administrators can dedicate a virtual security appliance to a specific function. This means an appliance can reside departmentally doing a certain type of service for that team. This would prove to be much more expensive when doing something similar with a physical device. Furthermore, new kinds of tools allow you to integrate security directly into storage repositories, and even virtual machines. This allows you to scan data before they even hit a VM. These are advanced virtual security mechanisms which enable a new level of infrastructure security.

  • New Cross-Device Security Engines. Advanced deep scanning engines like data-loss prevention (DLP), intrusion detection/prevention services (IPS/IDS), and even device interrogation helps lock down an environment. Creating intelligent network monitoring algorithms allows administrators to control what data flows in and out of the environment. Furthermore, these new engines help control the various consumer devices that are trying to enter the environment. Here’s the reality – you can now control any IP-based devices which attempts to connect into your network. This kind of granular control automates the security process especially when you have a lot of different devices connecting into your data center.

  • Create a network which acts as a sensor and an enforcer. The three kinds of attacks that I mentioned earlier are absolutely impacting the modern network and data center architecture. This is where next-generation security technologies must meet the rest of your data center architecture. This means having intelligent policies and monitors running at the edge – and on your network. Is a specific port on a core switch experiencing a burst? Is an application sitting internally suddenly getting anomalous traffic? Are there mal-formed packets hitting a service or site? An intelligent security and networking architecture will sense these kinds of attacks and then enforce appropriate policies to stop the traffic and prevent any damage. Today, there is a lot of intelligence available which span from the blade, through your network, and out to the edge.

As organizations continue to grow their cloud presence, security administrators need to look at other options to help them protect their internal environments as well as their cloud infrastructure. The reality is that security will be an ever-evolving challenge for data centers and organizations of all sizes. As more environments go digital – the threat vector will continue to evolve. By enabling new kinds of security strategies throughout the entire architecture – you’ll be able to proactively prevent and stop new kinds of advanced attacks.

About the Author(s)

Bill Kleyman

Bill Kleyman has more than 15 years of experience in enterprise technology. He also enjoys writing, blogging, and educating colleagues about tech. His published and referenced work can be found on Data Center Knowledge, AFCOM, ITPro Today, InformationWeek, NetworkComputing, TechTarget, DarkReading, Forbes, CBS Interactive, Slashdot, and more.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like