prolexic ddos analytics & ddos mitigation in real time

10
Data Analytics and DDoS Mitigation: Lessons Learned www.prolexic.com

Upload: state-of-the-internet

Post on 15-Jan-2015

2.416 views

Category:

Technology


2 download

DESCRIPTION

Extracting value from big data is a huge challenge. In the cyber-security industry, IT is driving the use of data analytics to gain real-time insight into the trends, behaviors and events that make up the dark world of DDoS attackers. Find out how Prolexic manages big data in real time in this presentation.

TRANSCRIPT

Page 1: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

Data Analytics and DDoS Mitigation:Lessons Learned

www.prolexic.com

Page 2: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

2www.prolexic.com

Real-time Data Analysis During a DDoS Attack

• IT is driving the use of data analytics to gain real-time insight into DDoS attacks to understand:– Trends– Attacker behaviors– Specific cyber security events

• Hundreds of millions of data points in multiple streams pour into a DDoS mitigation platform during a denial of service attack

• Mistakes in data analysis could damage the customer’s website performance and accessibility

May 2013 www.prolexic.com

Page 3: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

3www.prolexic.com

Prolexic’s Approach to DDoS Data Analytics

• Prolexic analyzes DDoS attack data in real time, every hour of every day

• We use this data to answer questions like these:– Is a site under DDoS attack or is this another kind of network

anomaly, such as a flash crowd?– What type of DDoS threat is this and which part of the

customer’s infrastructure could be most affected?– Where are the attacks coming from? Have we encountered

these attackers before?– What are the attack signatures? Have we seen them before?

Are they changing?

Page 4: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

4www.prolexic.com

Prolexic Acquires Billions of DDoS Attack Metrics from Sensors Monthly

Page 5: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

5www.prolexic.com

Prolexic Data Distilled for Live Experts to Act Upon

Page 6: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

6www.prolexic.com

Lessons Learned: Data Analytics for DDoS Mitigation

• Analytics for DDoS mitigation requires:– Large capital investment– Multi-year effort

• Automated decision making is prone to false positives– Need human DDoS mitigation experts to interpret data

• Batch-oriented analytics systems such as Hadoop have latency thresholds that are too slow for real-time analysis

• More value is delivered when real-time attack metrics are distilled into situational analyses, not summaries

Page 7: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

7www.prolexic.com

Lessons Learned: Data Analytics for DDoS Mitigation, continued

• Data analytics for DDoS mitigation must show definitive conclusions that translate to meaningful real-time alerts

• There is a gap between what the automated correlation and reasoning engines can do and what human DDoS attackers can do

• Human experts are needed to counter human attackers in real-time

• Download the white paper for more details and analysis.

Page 8: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

8www.prolexic.com

Conclusions: Data Analytics and DDoS Mitigation

• DDoS protection requires accessibility to real-time attack data

• Using data analytics without live human expertise is ineffective

• Data must be presented in a way that technicians can understand the attack situation quickly

• Data analytics will fail as a strategic cyber security tool if you don’t understand:– What questions to ask – How to measure and correlate the data to provide useful

answers

Page 9: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

9www.prolexic.com

Download the Free White Paper

• Download the white paper Data Analytics and DDoS Mitigation: Lessons Learned

• The white paper includes:– The three important questions to ask of your DDoS data– The problem of false positives– The latency challenges of batch-oriented analytics– The gap between what automated mitigation systems can

do and what DDoS attackers can do– How Prolexic manages the big data associated with DDoS

attacks

Page 10: Prolexic DDoS Analytics & DDoS Mitigation In Real Time

10www.prolexic.com

About Prolexic

• Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and mitigation services.

• Prolexic has successfully stopped DDoS attacks for more than a decade.

• We can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers.