- Security TWENTY
- Women in Security
A recent threat intelligence report by cyber-security company NETSCOUT, suggests that Distributed Denial of Service (DDoS) attacks are growing fast. The company said it observed 4.83 million DDoS attacks in the first half of 2020, up 15pc compared with 2019. In a typical DDoS attack, a flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems. Organisations that fall victims to such attacks can often suffer significant reputational damage, resulting in lost business and missed sales opportunities at the very least, writes Julien Orsolini, System Engineer EMEA, at the remote access product company Opengear.
The impact can be especially devastating for a company relying on online business. One can just imagine the effect of rendering a toy shop website inaccessible before Christmas for instance.
Such attacks are notoriously difficult to counter however, and the perpetrators often find a way to work around any barriers that are put in their way. So how can organisations better protect themselves against them and ensure that they get themselves up and running again if an attack does happen?
Any effective cyber-security process needs to have a strong focus on prevention – and ensuring they have a resilient network in place can help organisations achieve this. Any focus on prevention needs to start by identification. In this context, the main challenge is to identify illegitimate connexions from authorised ones. This identification can be done in several ways, including anomalous behaviour detection and traffic pattern detection. With a resilient network and resilient access to it, organisations will be able to monitor the network effectively. This helps them identify divergences from the norm such as individuals not following the correct security policies or networks behaving in an abnormal manner.
Indeed, having remote monitoring is essential to help mitigate the growing risk of malicious traffic, by detecting irregularities that may be the precursor to malicious activity. Whatever the problem, this kind of monitoring can help organisations quickly identify the precise nature of the issue they are facing and start to proactively prevent it from happening. Following this remote diagnosis, they can then use Smart Out-of-Band (OOB) management to establish an alternative path into the network and then start working on resolving the problem, without having to send in engineers to visit the relevant site and fix affected devices in person.
OOB allows admins to maintain and manage components such as servers, WAN and security devices and resolve malfunctions via remote access. If there is an issue with connectivity, out-of-band solutions offer a failover solution. In this context, cellular often provides a real alternative to wired connectivity.
Deploying Smart OOB management platforms can also address security issues in innovative ways and their deployment has several advantages. The first is a simpler way to deploy multi-factor authentication that just needs to be integrated into the console server to be enforceable across the security appliance layer.
Second, Smart OOB console technology can act as a system of record for all configuration changes and patches with changes sent over an alternative pathway. An update failure that leaves the device unreachable via the production IP network can often be rectified via this same OOB connectivity that accesses the service ports on most network devices to reach the underlying console.
Another proactive security benefit is the ability for the Smart OOB appliance to pull the event logs directly from connected devices and forward these to a central SIEM or Security Analytics platform on an alternative path, independent from the production network, for early detection and prevention of a targeted attack such as DDoS. The ability to quickly and securely access logs from impacted devices can help pinpoint root causes and allow remediation to begin faster as well as reducing the consequential downtime.
In short, having an effective Smart OOB management network in place will enable the business to securely access the affected network and devices, resolve problems and ensure operations are up and running again quickly. In addition to this a network automation or NetOps approach can also help in automating responses and actions to specific malicious occurrences. It will additionally provide real-time visibility of events regardless of the production state.
It is important to highlight here, however, that Smart OOB and NetOps are not, in and of themselves, meant to prevent DDoS attacks. These services allow administrators and security officers to keep access to critical resources and security devices even if the network isn’t accessible or available. Smart OOB is not, therefore, a complete answer to DDoS issues but when it comes to mitigating the impact of an attack it is widely used and widely appreciated.