4 SECURITY INDUSTRY ANALYST RECOMMENDATIONS ON DDOS PROTECTION

Security Industry Analyst Recommendations on DDoS Protection / 2

4 THINGS TO REMEMBER AS YOU ASSESS DDOS PROTECTION SERVICES

In October 2014, Gartner released a

report, Competitive Landscape: DDoS

Mitigation Solutions, by authors Sid

Deshpande and Eric Ahlm. While not a

buyer’s guide with solution ratings or

endorsements, the report recommends

features for providers to include—or,

from your perspective as a buyer, what

to look for as you protect your company

from attacks.

Here at Neustar, we read the report and

thought, “Hmmm, this sounds familiar.”

Neustar found that many of the

recommendations are currently

found in SiteProtect DDoS

protection services with future

trends aligned to near

term implementation.

Following are 4 key take-aways

with insights to the report’s DDoS

protection recommendations.

Security Industry Analyst Recommendations on DDoS Protection / 3

HYBRID PROTECTION IS THE BEST DEFENSE

The best of both worlds.Hybrid DDoS protection combines on-premises infrastructure with external services like a third-party cloud, CDN, or ISP mitigation solution. It’s holistic protection from today’s innumerable threats.

An on-premises solution is always on. It handles attacks immediately, 24/7. But local equipment is designed for smaller, frequent attacks, not the growing number of attacks in the 100-300 Gbps range. When large attacks hit, a hybrid solution lets you reroute traffic to a cloud-based service with greater mitigation capacity. With a two-pronged approach, you gain the agility to respond without delay and the power to block large-scale assaults.

Neustar offers industry-leading Arbor Networks Pravail on-premise equipment coupled with Neustar SiteProtect cloud-based mitigation. The solution is fully managed by the Neustar Security Operations Center (SOC). When attacks exceed local hardware capacity, Neustar fails over your traffic to the SiteProtect cloud and manages the response until the danger passes. Our service options also include remote management of your Arbor hardware. With SiteProtect hybrid, Neustar gives you the ability to fend off even the most complex attacks without taking resources away from other urgent priorities.

“As DDoS attack characteristics become more complex, organizations are finding value in ‘hybrid’ DDoS mitigation strategies, driving new alliances and acquisitions among complementary DDoS mitigation solution providers.” – Gartner

1:

Security Industry Analyst Recommendations on DDoS Protection / 4

BE SURE TO PROTECT CLOUD ASSETS2:

Think you’re covered? Maybe not.The worldwide market for cloud computing is growing insatiably. More organizations than ever use third-party providers like Amazon Web Services, enjoying reliable, scalable, and affordable cloud computing.

But while AWS and its competitors excel at many things, they are simply not engineered for cyber-attack protection. For example, cloud service providers lack the defensive protection of customer-specific DDoS detection. And firewalls, WAFs, and IPS/IDS are not built to stop widely distributed attacks. To block DDoS in particular, you need purpose-built protection on top of any intrusion and fraud prevention systems. With cloud providers, customer response times may vary depending on the level of support purchased. That means you could be on your own when a DDoS attack hits.

Deploy the right solution. A cloud provider’s Elastic Load Balancer (ELB) auto-scales if demand rises at a reasonable rate or at known intervals.

However, a DDoS attack can overwhelm an ELB before it can scale, resulting in 503 errors and loss of availability.

As an AWS Technology Partner, Neustar will redirect DDoS traffic to our SiteProtect scrubbing cloud. SiteProtect is compatible with AWS EC2 instances and guards your ELB. Besides being an AWS Technology Partner, we work with other cloud services to defend clients from DDoS attacks.

Neustar’s 24x7 Security Operations Center (SOC) manages all mitigations. After creating a unique profile of your network traffic, the SOC guarantees it can restore normal service to your cloud computing instance within minutes. Neustar even supports custom protocols.

Neustar guards against Layer 7 attacks like Object Request floods, countermeasures “slow and low” attacks, and blocks malicious hosts. We can also provide AWS Best Practices to help insulate AWS instances from DDoS.

“Increased adoption of cloud computing (by customers as well as attackers) is creating new types of opportunities and expectations for DDoS mitigation solution providers.” – Gartner

Security Industry Analyst Recommendations on DDoS Protection / 5

BE PROACTIVE WITH THREAT DETECTION“An example of the value-added services that can prove to be differentiators is investment in threat research and analysis capabilities.” – Gartner

3:

Early alerts mean faster responses.With “quick hit” DDoS attacks demanding faster response times, it’s not enough to deploy an appliance or mitigation service. If you don’t have in-house resources to monitor and evaluate threats, add threat detection and analysis to your list of considerations.

Many organizations take hours to verify that a problem (website availability or performance) is the result of a DDoS attack. Faster threat detection enables faster responses, which in turn reduce the high cost of downtime.

You have choices.The ability to “stormcast” DDoS and head off major damage can start with your provider monitoring Netflow data collected from IP network traffic as it enters or exits an interface), either proprietary data or third-party feeds.

There are other options too, including inspection of TCP and UDP packets, using reputation lists, and let’s call it the human factor—DDoS analysts who give context on the spot or professional services experts who can customize threat monitoring.

Security Industry Analyst Recommendations on DDoS Protection / 6

FIND A SOLUTION THAT EVOLVES WITH YOUR NEEDS

Your environment will change.In Gartner’s own words: “In the future, changing customer application deployment methods (such as using hosting and cloud facilities) will expand the expectations of where DDoS protection should reside.”

“Today, buyers expect that their DDoS mitigation solution providers should be able to mitigate any and all types of DDoS attacks quickly with minimal business interruption. As attacks evolve in both sophistication and velocity, DDoS mitigation providers will need to innovate in order to maintain that expectation of buyers.”

Flexibility matters.Because there’s no single way to block all DDoS attacks, Neustar SiteProtect has numerous deployment options. At the core of our DDoS solution is the SiteProtect cloud. You can activate it on demand via DNS redirection or BGP routing. Our mitigation cloud scrubs malicious traffic,

sending good traffic to your infrastructure so your business stays on online.

If you already use a cloud-based mitigation service but need extra capacity for super-sized attacks, SiteProtect is also available as a secondary cloud. This failover or contingency service is increasingly attractive as attacks continue to mushroom in size.

As noted, SiteProtect Hybrid complements cloud scrubbing with on-premise hardware, which is always on to block smaller, continual attacks. Switch over to our cloud when attacks exceed local capacity. Or, if you prefer, use the Arbor hardware as a stand-alone bulwark, with remote management available from the Neustar SOC.

DDoS attackers are creative, probing your network for weaknesses and shifting tactics to exploit them. The more flexible your defenses, the safer your business will be.

“As customers’ environments become more dynamic, so must DDoS coverage… DDoS providers that are able to offer flexibility stand to have more of a competitive advantage.” – Gartner

4:

Security Industry Analyst Recommendations on DDoS Protection / 7

IN SUMMARY

Gartner’s best practices for DDoS protection include:

■ Hybrid protection ■ Protection for cloud assets■ Threat detection and analysis■ Environmental flexibility

By staying ahead of the curve, Neustar delivers for your business.

Learn more about our DDoS protection at https://www.neustar.biz/services/ddos-protection.

ABOUT NEUSTAR

Neustar, Inc. (NYSE:NSR) is the first real-time provider of cloud-based information services and data analytics, enabling marketing and IT security professionals to promote and protect their businesses. With a commitment to privacy and neutrality, Neustar operates complex data registries and uses its expertise to deliver actionable, data-driven insights that help clients make high-value business decisions in real time, one customer interaction at a time. More information is available at www.neustar.biz.

21575 Ridgetop Circle, Sterling, VA 20166 +1 571 434 5400 / www.neustar.biz © 2015 Neustar, Inc. All rights reserved.