Data Analytics and DDoS Mitigation: Lessons Learned

1
Data Analytics and DDoS MitigationLessons
Learned

• www.prolexic.com

2
Real-time Data Analysis During a DDoS Attack

• IT is driving the use of data analytics to gain
  real-time insight into DDoS attacks to
  understand
• Trends
• Attacker behaviors
• Specific cyber security events
• Hundreds of millions of data points in multiple
  streams pour into a DDoS mitigation platform
  during a denial of service attack
• Mistakes in data analysis could damage the
  customers website performance and accessibility

www.prolexic.com
3
Prolexics Approach to DDoS Data Analytics

• Prolexic analyzes DDoS attack data in real time,
  every hour of every day
• We use this data to answer questions like these
• Is a site under DDoS attack or is this another
  kind of network anomaly, such as a flash crowd?
• What type of DDoS threat is this and which part
  of the customers infrastructure could be most
  affected?
• Where are the attacks coming from? Have we
  encountered these attackers before?
• What are the attack signatures? Have we seen them
  before? Are they changing?

4
Prolexic Acquires Billions of DDoS Attack Metrics
from Sensors Monthly
5
Prolexic Data Distilled for Live Experts to Act
Upon
6
Lessons Learned Data Analytics for DDoS
Mitigation

• Analytics for DDoS mitigation requires
• Large capital investment
• Multi-year effort
• Automated decision making is prone to false
  positives
• Need human DDoS mitigation experts to interpret
  data
• Batch-oriented analytics systems such as Hadoop
  have latency thresholds that are too slow for
  real-time analysis
• More value is delivered when real-time attack
  metrics are distilled into situational analyses,
  not summaries

7
Lessons Learned Data Analytics for DDoS
Mitigation, continued

• Data analytics for DDoS mitigation must show
  definitive conclusions that translate to
  meaningful real-time alerts
• There is a gap between what the automated
  correlation and reasoning engines can do and what
  human DDoS attackers can do
• Human experts are needed to counter human
  attackers in real-time
• Download the white paper for more details and
  analysis.

8
Conclusions Data Analytics and DDoS Mitigation

• DDoS protection requires accessibility to
  real-time attack data
• Using data analytics without live human expertise
  is ineffective
• Data must be presented in a way that technicians
  can understand the attack situation quickly
• Data analytics will fail as a strategic cyber
  security tool if you dont understand
• What questions to ask
• How to measure and correlate the data to provide
  useful answers

9
Download the Free White Paper

• Download the white paper Data Analytics and DDoS
  Mitigation Lessons Learned
• The white paper includes
• The three important questions to ask of your DDoS
  data
• The problem of false positives
• The latency challenges of batch-oriented
  analytics
• The gap between what automated mitigation systems
  can do and what DDoS attackers can do
• How Prolexic manages the big data associated with
  DDoS attacks

10
About Prolexic

• Prolexic Technologies is the worlds largest and
  most trusted provider of DDoS protection and
  mitigation services.
• Prolexic has successfully stopped DDoS attacks
  for more than a decade.
• We can stop even the largest attacks that exceed
  the capabilities of other DDoS mitigation service
  providers.