DDoS attacks are on the rise, and with the rise of those attacks come some sobering realizations. One realization is that DDoS attacks are evolving and becoming more persistent. Another realization is that DDoS attacks are escalating in size, so much so that experts expect at least one Tbit/s attack a month in 2017. Attacks of that scale will make the record-setting 620 Gbps attack against the “Krebs on Security site” seem almost insignificant. An attack which used unprotected IoT devices to generate massive amounts of traffic, something unheard of at the time. However, with DDoS attacks, there is a common theme, one established in the reality that there is not much difference between a 300 Gbps, 500 Gbps and a 1 Tbps attack. Or, more simply put – big is big, and mitigating those attacks proves somewhat similar.
The basic strategy to mitigating volumetric DDoS attacks is not particularly complex. Administrators set up rules to flag the attack traffic, detect the attack, apply those rules to dump attack traffic, all the while keeping all other traffic flowing normally. Unfortunately, the lack of complexity does not always make things easy. Bruce Gregory, CEO of Corsa points out that there are several places mitigation can fall down. Gregory said, “You have to be able to store enough rules to cover the massive quantity of bots involved in the attack, plus create and store the rules quickly enough, and process all the rules in real time and at line-rate. If mitigation fails at any of these, the attack succeeds and the site comes down.”
Put simply, protecting against rising volumetric DDoS attacks requires the very best DDoS detection and a mitigation solution that can handle multi-hundred Gbps attacks. That’s a tall order, and one Gregory claims that the Corsa Red Armor mitigation appliance can fill. “The Corsa Red Armor NSE7000 was made precisely for this kind of volumetric DDoS attack,” said Gregory. “Service providers and network architects can leverage Red Armor for universal mitigation of any size volumetric DDoS attack. It provides the needed 100G line rate enforcement and only impacts traffic as a bump in the wire.”
Gregory recognizes that 100G DDoS mitigation at line-rate is a big claim. To that end, Corsa ran rigorous performance tests to verify the Red Armor platform was up to the task. The results showed the DDoS mitigation appliance can apply 200,000 rules in under a minute while saturated with a 100 Gbps mix of normal and attack traffic.
To accomplish this, Corsa’s hardware architecture separates front-end processing of traffic with distinct TCAM offloads and advanced search algorithms. The architecture allows the mitigation engine to work at 100 Gbps line-rate and process packets at 150Mpps while simultaneously updating rules tables at a rate of 3,389 rules per second. Gregory added, “This means that hundreds of thousands of attack types can be detected and the appropriate mitigation rules stored and acted upon in less than 60 seconds with no impact to legitimate traffic.”
Volumetric attacks are the new normal, and Gregory’s advice to network architects is to step up their defenses with more capable mitigation techniques that can bring a quick end to DDoS attacks.