Recently Andy Shoemaker, founder of NimbusDDOS, and our own David Elmaleh shared their knowledge about DDoS attacks and what it means to have industry-best protection capabilities including fast time to mitigation. They also offered insights into the critical investigation activities that must happen when (not if) you get hit by the inevitable DDoS attack.
In a new BrightTALK webinar alongside Imperva Product Manager, David, Andy discusses the attack analysis challenges that go hand-in-hand with accurate detection and automatic mitigation. He also showed us a live DDoS attack mitigated by Imperva.
Said Andy: “Analysis is an area that people often forget about during that frantic effort to bring a site back online. A lot of times people forget to collect the data that they need for that post-mortem analysis because they’re too busy trying to just get the site up and working again. That incident response attempt tends to be a little bit disorganized and that hampers that analysis after the fact. Another challenge of the analysis is that it tends to be very time consuming if you don’t have very good tools to help you.”
“We have two kinds of analytics available in the Imperva solution,” explains David, who is responsible for the Imperva DDoS solutions suite.
“In terms of edge network analytics we are talking about layer 3 or 4 analytics. The analytics are provided both real time and historical. You can get any information, any slice and dice possible related to IP protocols and ports granularity, for any kind of asset, network range, etc., where you can really understand the traffic passed or blocked.
When there is a DDoS on layer 7, here it is all about having real time monitoring, understanding what kind of clients are in fact reaching your assets. If these are humans, if it’s bots, if they have been blocked or passed, what kind of bots, what kind of clients. And the geo location also is very important.
The fact is, it is also important not to be flooded with a lot of information and then not even be able to really understand what was happening.
A common scenario is when attackers use DDoS as a smoke screen to really target your assets. You have the possibility to visualize that thanks to the Attack Analytics solution where you can not only correlate between all DDoS attacks and layer 7 attack information, but also understand the other kind of attacks which were happening at the same time – against which targets, and the source of the attacks as well.”
If you’d like to see the entire talk and get some valuable insights from Andy and David, check out the full webinar.
Also be sure to check out our new whitepaper on how Imperva DDoS protection secures at scale.