Sponsor: Arbor Networks

In this white paper, noted industry analyst Richard Stiennon examines the emerging requirement in the ongoing arms race with threat actors. Despite years of investment in multiple layers of security defenses, every organization is still wide open to targeted attacks. It is practically impossible to stop all possible attacks. Even next-generation firewalls, complete alerting and logging collected in a SIEM, and universal patch management and vulnerability discovery has proven to be ineffective against threat actors who are motivated, skilled and determined.

This paper answers the critical questions about security analytics and explains why it is one of the fastest growing product categories in security.

Today’s DDoS attacks are an easy way to interrupt businesses. From holding a website hostage for a ransom, to blocking access to an application to make a political statement, or simply deflecting attention while other threat vectors steal information, DDoS is a growing concern for enterprises. Yet even in today’s dynamic threat landscape, many enterprises still hold the belief that a dedicated DDoS protection solution is not important when their existing security solution may protect them 80 percent of the time. Others believe that what they adopted two years ago—let alone five years ago—still works today. In these instances, enterprises are gambling with their network.

It’s time to debunk some outmoded myths. There are five common mistakes that enterprises make when addressing DDoS. This white paper will shed some light on these failed practices, and provide insight into why they do not work.

Ask any cybersecurity professional and she’ll tell you that her job is getting increasingly difficult. Why? Most will point to a combination of the dangerous threat landscape, IT complexity, and their overwhelming workload. These issues are driving a major transition in enterprise security.

Large organizations must move beyond a threat prevention mentality to become proactive cyber-attack “hunters” that constantly monitor their networks for signs of trouble. This shift to proactive hunting will require new technologies that collect, process, and analyze massive amounts of security data, offer intelligent security analytics for real-time incident detection, integrate threat intelligence to align suspicious internal activities with external threats, and provide analysts with the right data analytics features to query and manipulate data for historical investigations.

As an IT manager or security professional, you know that getting executive decision-makers to fully appreciate the material dangers posed by DDoS and prioritize strong DDoS protection can be challenging. In fact, sponsoring strong DDoS protection must be an enterprise-wide commitment—not just an IT problem. Unfortunately it often takes a significant negative event or headline to get attention. Even if you have an advocate in the C-suite, it can be difficult to clearly communicate to all stakeholders the potential business impact and generate a real sense of urgency for prioritizing DDoS defense.

This white paper will walk you through four steps essential to building a business case for better DDoS protection—one that’s compelling to your business as a whole.

Quite simply, DDoS attacks are now part of the advanced threat landscape, with attack types varying by size, vector and desired outcome. Many security products claim to provide DDoS protection, but how effective are they? This paper outlines the challenges of DDoS attacks and describes the features you need in a DDoS prevention solution to more effectively protect your network from these threats.

The participation of service providers in the identification of DDoS attacks can help to mitigate threats at (or very near) their point of origin. Collaboration between service providers and DDoS mitigation providers can help identify the signs of a pending DDoS attack, bringing customers closer to the ever-elusive “predictive” protections that are important for defense against future DDoS techniques. As a result, service providers may play an important role in advancing the industry from mitigation of DDoS attacks to elimination of DDoS attacks.In the meantime, every organization is different in terms of network needs, disposition to risk, and technological sophistication and security expertise. The most effective DDoS mitigation strategy is one that leverages multiple layers of detection and mitigation, including any and all protections offered by service providers.

Security Analytics is one of the two fastest growing product categories in security. Unlike sand boxing for advanced malware detection it provides a comprehensive view into all network traffic,not just payloads. Every organization will have to deploy some sort of security analytics.

The largest IT departments in highly targeted environments, like banks and defense contractors, are already doing some sort of security analytics. The enterprise is hiring the talent now to be able to deploy and use security analytics. Smaller organizations will have to use managed service providers because they lack the staff. There will be stand alone tools, cloud tools and capabilities built into network security platforms. Scale, speed and ability to apply security intelligence will be the determining factor in the success of these tools. Security analytics is an emerging requirement in the ongoing arms race with threat actors.

Distributed-denial-of-service (DDoS) attacks promise to remain a potent threat to the enterprise in 2015. Both IT and the boardroom need to protect mission-critical infrastructure from this growing menace to availability, brand image, and the bottom line. The key to success? Don't ignore DDoS; instead, take preventive action. With that in mind, IDC believes that hybrid defense scenarios (on-premises equipment married with cloud services) will continue to grow as organizations seek to parry advanced application and large-scale volumetric attacks and as solution providers and product vendors work to deliver joint solutions.

In order to effectively address threats within the kill chain, organizations must move faster to identify compromised systems before that compromise escalates to information theft. They need to see the entire scope of the threat—from when the compromise originated to how and where it spread, as well as the type of attack and what was communicated. Above all they need confidence that the investigations they conduct are accurate and relevant—focused on the attacks that matter most.

In 2014 Ovum looked at the evolution of the distributed denial-of-service (DDoS) attack landscape, highlighting that massive volumetric attacks were on the rise, while lower-bandwidth, more sophisticated attacks were targeting the application layer. It also described how DDoS had evolved from a standalone threat to become increasingly part of blended attacks against intellectual property or financial assets, with the DDoS providing a smokescreen to cover the theft.

This white paper updates the process, looking at attack data for the last year, as well as discussing and seeking to dispel some of the myths around how DDoS mitigation is developing. Finally, it makes recommendations regarding the kind of infrastructure that companies facing the entire spectrum of DDoS attacks should adopt.

This paper examines the four stages of evolution as security organizations move from reactively responding to incidents to proactively identifying and hunting for threats. It provides a snapshot of each stage, including the size and structure of the security team, approaches to incident response (IR), team skill sets and necessary metrics. It also identifies how to evolve your security posture to one capable of proactively hunting and neutralizing advanced cyber threats—before you end up in the headlines.

The ground has shifted under most enterprise IT security staff. Breaches are now capturing prime-time air across mainstream media outlets. As the world becomes more connected, it is no longer enough for enterprises to react once an alert indicates an attacker is inside the network. Instead, with continuous packet capture and threat feeds followed by analysis, it is now possible to hunt the attackers and locate them versus waiting for an alert. Breaches may be viewed as a security problem, but it’s they’re a bigger issue. This is a business problem; similar to lost customers, inventory, or market share, but it just happens to be through technology.

Experienced security leaders and executives have already recognized this challenge and are working towards assembling the perfect blend of people, process, and technology. What is it that they are forming? Internal teams directed to stop waiting for alerts to indicate there’s a problem and to go hunt for the attacker.