During a DoS or DDoS denial of service attack, Prolexic gathers hundreds of millions of data points from DDoS mitigation sensors. In this presentation Prolexic shares what it has learned about using DDoS analytics to stop DDoS attacks.
2. www.prolexic.com
Real-time Data Analysis During a DDoS Attack
• IT is driving the use of data analytics to gain real-
time insight into DDoS attacks to understand:
– Trends
– Attacker behaviors
– Specific cyber security events
• Hundreds of millions of data points in multiple
streams pour into a DDoS mitigation platform
during a denial of service attack
• Mistakes in data analysis could damage the
customer’s website performance and accessibility
2
May 2013 www.prolexic.com
3. www.prolexic.com
Prolexic’s Approach to DDoS Data Analytics
• Prolexic analyzes DDoS attack data in real
time, every hour of every day
• We use this data to answer questions like these:
– Is a site under DDoS attack or is this another kind of
network anomaly, such as a flash crowd?
– What type of DDoS threat is this and which part of the
customer’s infrastructure could be most affected?
– Where are the attacks coming from? Have we
encountered these attackers before?
– What are the attack signatures? Have we seen them
before? Are they changing?
3
6. www.prolexic.com
Lessons Learned: Data Analytics for DDoS Mitigation
• Analytics for DDoS mitigation requires:
– Large capital investment
– Multi-year effort
• Automated decision making is prone to false positives
– Need human DDoS mitigation experts to interpret data
• Batch-oriented analytics systems such as Hadoop have
latency thresholds that are too slow for real-time
analysis
• More value is delivered when real-time attack metrics
are distilled into situational analyses, not summaries
6
7. www.prolexic.com
Lessons Learned: Data Analytics for DDoS
Mitigation, continued
• Data analytics for DDoS mitigation must show
definitive conclusions that translate to
meaningful real-time alerts
• There is a gap between what the automated
correlation and reasoning engines can do and
what human DDoS attackers can do
• Human experts are needed to counter human
attackers in real-time
• Download the white paper for more details and analysis.
7
8. www.prolexic.com
Conclusions: Data Analytics and DDoS Mitigation
• DDoS protection requires accessibility to real-
time attack data
• Using data analytics without live human expertise
is ineffective
• Data must be presented in a way that technicians
can understand the attack situation quickly
• Data analytics will fail as a strategic cyber security
tool if you don’t understand:
– What questions to ask
– How to measure and correlate the data to provide
useful answers
8
9. www.prolexic.com
Download the Free White Paper
• Download the white paper Data Analytics and
DDoS Mitigation: Lessons Learned
• The white paper includes:
– The three important questions to ask of your DDoS
data
– The problem of false positives
– The latency challenges of batch-oriented analytics
– The gap between what automated mitigation systems
can do and what DDoS attackers can do
– How Prolexic manages the big data associated with
DDoS attacks
9
10. www.prolexic.com
About Prolexic
• Prolexic Technologies is the world’s largest and
most trusted provider of DDoS protection and
mitigation services.
• Prolexic has successfully stopped DDoS attacks
for more than a decade.
• We can stop even the largest attacks that
exceed the capabilities of other DDoS
mitigation service providers.
10