Denial of Service Prevention

Expand all

The Risk

Traditional perimeter security such as firewalls and intrusion prevention systems (IPS) are essential elements of a layered-defense strategy, but are not designed to solve the DDoS problem. Firewalls enforce policies that govern access to data center resources and IPS block malware that can infect end systems or exploit known vulnerabilities.

The motives behind these attacks tend to fall into two categories: Financial; targeting businesses offering web electronic commerce, and Political; protesting against politicians or government regulations.

A DDoS attack consists of otherwise legitimate traffic but from multiple sources crafted to exhaust critical resources—whether these are link bandwidth capacity, session capacity, application service capacity (e.g. http, DNS) or back-end databases. Because such traffic is authorized and does not contain signature content of known malware, it cannot be stopped by firewalls and IPS systems. In fact, firewall and IPS are frequent victims of DDoS attacks. As inline, stateful inspection devices they are subject to many of the vulnerabilities that DDoS attacks seek to exploit. A new class of security product is needed to specifically address DDoS threats.

DoS prevention for critical business resources should be the number one priority in business continuity planning and disaster recovery strategy for every organization. Organizations should have in place an incident response plan for responding to DoS attacks. The incident response should be based on the financial impact of temporarily losing your organization's web electronic commerce presence. Thus, the selection process for choosing an appropriate solution/service towards mitigating the DoS threat should be based on the above metrics in addition to the reputational one.

Protecting your Organization

Designing and deploying an effective DDoS solution and a related incident response procedure, is a particularly difficult and challenging task for any organization. Odyssey has extensive experience and expertise in the designing, deployment and implementation of DDoS solutions, at both network and host level, as well as in the development and deployment of Incident Response procedures. Drawing from our ever-growing expertise, developed through our Managed Security & Outsourcing Services division and ITHACA Labs®, we are uniquely poised to design and implement for you an effective DDoS solution no matter how complex or dispersed your environment is.

Our approach for designing/ deploying a DDoS solution and/ or incident response plan begins with a detailed examination of your current Internet service provider connectivity, network design, and critical services running on your network.  In addition, based on your input, we will determine which of your business resources are critical, and will assess the vulnerabilities of these resources as well as current security requirements and policies.

This assessment will lead us to a solution design, depicting the appropriate DDoS solution and/or incident response plan that will meet your current and future needs.

Critical part of the implementation phase of a DDoS solution is the formulation and deployment of the DDoS security policy, which is applied via the solution’s central management system.  Due to the fact that it is difficult to readily determine within an operational environment, which traffic is legitimate and which is not, experience, effort and diligence is required in applying and twigging a policy on each DDoS sensor so that it does not adversely affect operations by blocking legitimate traffic, while minimizing false positives.   Going a step further, we will configure the solution to generate those alerts, logs and reports required to enable you to swiftly take remedial action and produce the reports required by internal and external auditors.

Doing it right: Our DDoS Solutions’ Key Features and Benefits

Our DDoS solutions are largely characterized by the following key features and benefits:

Key Features

Benefits

Real time protection by analyzing the traffic traversing the network for DDoS patterns/attacks

Ensures business continuity by protecting against DDoS attacks

Custom DDoS security policy creation/updating and enforcement based on the organization’s current and future needs

Ability to create/update custom DDoS security policy which protects your systems and networks

Manages and monitors multiple DDoS systems through a single centralized management console

Consistent visibility and higher network audit-ability from different events generated from suspected and/or real attacks
Actionable views, event monitoring and reporting

Enables real time monitoring of suspected or actual attacks generating reports and alerts needed for demonstrating compliance

Ability to predefine different response actions for suspected DDoS attacks

Real time notifications on identify DDoS attacks

 

Remaining Secure – Support tailored to your needs

We very well understand that to remain effective, a security deployment requires constant monitoring, fine-tuning, updating and maintenance.  These requirements may prove a burden your organization may not be poised to undertake.  We have, therefore, structured our post-deployment services so that you may have the level of support you need, in order to achieve maximum return on your investment, with the least of worries.

Our suite of post-deployment services range from simple Maintenance and Support, to full-fledged Managed Security & Outsourcing Services.

This solution comprises part of the “Design & Implement” phase of our Information Security Continuum (D&I).