Attack mitigation technologies are data protection technologies. These technologies incorporate cutting edge adaptive behavioral analysis technologies with dedicated high performance hardware to mitigate risk and prevent distributed denial of service (DDoS) attacks on enterprise information stored on online backup servers. Online backup service providers put in place a number of security services that detect and mitigate both “low and slow” and high-rate DDoS attacks to ensure that customer services remain highly available and customer data remains absolutely secure.
A Denial of Service attack (DOS) or a Distributed Denial of Service (DDoS) attack can be defined as an attack that renders a web resource unavailable to its users and occurs from more than one source at any given point in time. The DDoS is generated using zombie machines or botnets that have been infected with malicious software that can be remotely controlled by the attacker. Cyber criminals may use these attacks for monetary gain or deliberate disruption of a business.
Denial of Service attacks target network and application layers, perform service cracking application scans and misuse network and application resources. The layers of defense include:
- Network based DDoS protection that detects high volume network based DDoS attacks using adaptive network behavior based engine. The engine distinguishes between flash crowds and real DDoS attacks and mitigates attacks with a real time behavioral signature that is created on the fly.
- Application based DDoS protection that detects and mitigates bot originated application based DDoS attacks. The behavioral analysis mechanism, analyzes the application level parameters to detect attacks and provide protection against cracking attacks that use application scanning as part of the information gathering process.
- Network scanning protection traces the source of abnormal behavioral scanning or network probes such as malware that can propagate itself using network resources. The process analyzes source IP addresses, traffic parameters; port and IP address distribution, and related parameters to detect the source that generates the scanning activity. It creates a real time signature that can be used to mitigate the scanning activity.
- Directed application DDoS repels DDoS attacks that require special filtering criteria.
- String matching DDoS mitigation engine protects the system by searching for specific content patterns in transactions so that security managers can analyze ongoing attacks that cannot be defended by other protection methods. They can define “ad hoc” protection against attacks.