Distributed Denial-of-service (DDoS) attacks continue to accelerate and evolve into highly sophisticated vectors, threatening any digitally connected entities and services; specifically, the entry of connectivity to the global /local communications networks [which start with the Communications Service Providers (CSPs)] that are defined as underlay “gateways” with a clear demarcation edge of networks. Discussions with Security Operations Centers (SOCs) in various regions raise the same trend; all SOCs face a tsunami of alarms issued about an enormous increase in DDoS attack threats against a wide spectrum of organizations across industries and vertical markets globally. This trend continues to become more severe with the reality of the “record-breaking” 2.4 Tbps DDoS volumetric attack that targeted Microsoft Azure in the European region during the 2nd half of 2021, and the later DDoS attack that was detected and blocked by Cloudfare, which peaked at just under 2 Tbps. As we are entering the 3rd year of the pandemic, we are witnessing the impact and unavoidable evolution of the "COVID-effect", which is increasing the diversity of multi-vector attacks as massive digital transformation changes/removes the traditional boundaries of organizations. Attacks are becoming destructive and in higher cycles than ever. As a result, manual/static processes of DDoS mitigation are no longer valid, and many organizations are moving towards a DDoS auto-mitigation strategy that can cope better with the volume and the diversity of attacks.
To understand the design of networks and correlation to traffic flows, we can absorb where it might be critical to forming an active DDoS mitigation strategy. Reviewing the network architecture layers of CSPs in the below diagram, we can see local Internet Service Providers (ISPs) and the aggregated connections to the international Internet Exchange (IX) gateways to the global internet.
In various cases, ISPs monitor and control the traffic and can mitigate any DDoS activity ingress and egress to the localized networks. A centralized DDoS mitigation approach for national internet traffic can be efficient but certainly requires the local incumbent authority to step in and define a strategic shield of regulation and synchronized mode of operation. To accomplish this mitigation strategy, network architectural design requires three essential stages of probing the production traffic, detection of situational patterns, and reaction to mitigate the hostile traffic of DDoS attacks.
To reflect the strategy in a visual scheme, we can see that the local internet (national internet) backbone includes two critical connectivity elements, the distribution router and the border routers that route the ingress and egress traffic. As a result, placing an interception TAP in this segment can enable collection/sensing of the essential traffic data for our detection stage strategy of anomalies or any suspicious signs to react upon.
The three essential stages of design and deployment strategy:
In Conclusion
Modern DDoS defenses require intelligent automation to cope with the increasing complexity and volume of DDoS attacks. National large complex networks can be controlled with adequate inclusion of the visibility building blocks as part of DDoS defenses with sophisticated design and implementation. To learn in more detail from our experience in assisting national complex scenarios, please contact our network visibility experts.
Niagara Networks are industry specialists in network visibility, providing advanced network solutions for the specific needs of individual enterprises and national large and complex networks. Don’t leave your network vulnerable to security threats, schedule a consultation with one of our network visibility experts today to evaluate your network visibility challenges.