Stopping DDoS Attacks in Their Tracks
A10's Zero-Day Automated Protection is designed to increase protections against DDoS attacks and reduce false positives.
Network security vendor A10 Networks has added an additional layer of protection to its distributed denial of service (DDoS) cyberdefense solutions that it says will enhance accuracy and reduce false positives that can harm real users. The additions, under the name Zero-day Automated Protection (ZAP), are designed to bolster the company’s Thunder Threat Protection System (TPS) products and mitigate the risk of DDoS attacks.
According to A10 senior product marketing manager Don Shin, the capabilities are added into the source-based mitigation pipeline. That way, if an attacker can find a way to evade one stage, another stage will capture it. In another scenario, if a defense operator doesn’t have a policy set for a less common attack strategy, ZAP would apply heuristics or machine learning to dynamically discover a blocking strategy.
ZAP has two basic parts: Zero-day Attack Pattern Recognition (ZAPR) and Zero-day Behavior Anomaly Recognition (ZBAR). ZAPR is a dynamic attack pattern recognition and signature generation blocking system powered by machine learning, according to A10 . ZBAR applies heuristic analysis to dynamically identify anomalous behavior and block attacking agents. ZAP works in conjunction with the company’s DDoS Threat Intelligence Service and its adaptive policy mitigation engines to block DDoS attacks while protecting legitimate users from indiscriminate collateral damage typically associated with classical DDoS protection methods, according to the company.
Shin explained that ZAP can block attacks by dynamically determining filter strategies on its own. These filters will be applied if the operator-defined policies are not successful in blocking the attack. If, for example, the operator does not want to apply challenge or response for spoof and botnet detection because of the nature of the application, ZAP would search for a signature to find the spoofed SYN flood or botnet traffic indictors on its own.
In high-profile attacks, where an attacker often exposes a wide distributed botnet attack with little rate deviation from normal traffic, ZAP could determine a signature based on the common non-entropic energy level of the malware-generated attack.
Along with its applicability to traditional DDoS defense needs, the company stresses its use in the burgeoning areas of 5G and Internet of Things (IoT), both areas with growing cyberthreats.
“5G will offer massive amounts of bandwidth and network speeds that will support proliferation of IoT devices for all kinds of digital transformation applications--everything from smart homes to smart factories, smart farms, smart cities, and more," said Chris Rodriguez, research manager for cybersecurity products at IDC. "That means many more devices will be coming online--devices that are rarely manufactured with security in mind.”
Rodriguez pointed to Mirai as a good example of a DDoS botnet that leveraged vulnerable IoT cameras with a known vulnerability built in from the manufacturer. “That attack was a good indicator of the severity of DDoS risk yet to come,” he said.
While A10’s ZAP approach provides a layered, integrated way of filtering out threats and attack patterns, then uses advanced techniques to stop the more sophisticated attacks, its competitors are working to deliver protection against this same full set of DDoS attacks and emerging techniques, Rodriguez said.