Virtualization Technology News and Information
The Importance of Effectual Mitigation in Terms of Cloud-Based DDoS Attacks


The radical concept of cloud computing has attained somewhat unpredicted heights in the past 12 years and has become widely recognized as a major game-changer in terms of computing technology by governments and private organizations alike. The cloud as we know it is undergoing substantial change with global-wide challenges such as GDPR data-compliance regulations, containers, and huge DDoS attacks reforming the way businesses utilize the cloud. More than 33% of reported DDoS attacks in 2015 were targeted at clouds. These attacks can cause substantial damage to both cloud service providers (CSPs) and their clients. For the service provider, it can lead to severe negative publicity which can take years to repair. A loss of service, however brief, can also result in a significant loss of revenue to both the cloud provider and its clients.

DDoS attacks on cloud services on the increase

The 2016 Dyn DNS attack which managed to take down a number of AWS-hosted sites including Twitter and Spotify, exposed the vulnerability of the cloud, but it was not the first of its kind. The first major cloud DDoS attacks took place in December 2014 when Sony and Microsoft servers using cloud-based services pertaining to PlayStation and Xbox were targeted.  Around the same time, a DNS DDoS attack lasting more than 11 hours was launched on cloud service provider Rackspace, causing widespread outrage. A more lengthy attack happened in the final quarter of 2015 when cloud-hot Linode was subjected to an attack that lasted for more than a week. While DDoS attacks can't be entirely prevented, it is of vital importance to have effective mitigating procedures in place to minimize any damage and allow for swift and effective financial resurgence

Next-Generation Firewalls

A traditional firewall is the most rudimentary form of cloud protection against a DDoS attack. Unfortunately managing a firewall can be laborious with cloud-based applications compounding the problem at hand due to the limited visibility organizations have of public cloud traffic. Next-generation firewalls, on the other hand, are capable of not only executing intrusion prevention but inline deep-packet inspections as well. These firewalls are also able to detect and block lower-level DDoS attacks by implementing various security strategies at the session, application and network layers. These firewalls also offer a host of inventive security features including web-filtering, zero-day attack protection and a secure sockets layer (SSL).

Source rate and protocol rate limiting

The purpose of source rate limiting (SRL)is to block any surplus traffic stemming from the attack's IP source. This is generally utilized to restrain volume-based traffic through the configuration of various thresholds and modifying responses during an attack. SRL is able to supply valuable insight into specific applications and websites on a granular level. Unfortunately, this technique is only applicable to attacks that aren't spoofed. Protocol Rate Limiting (PRL) blocks dubious protocols originating from any source. While this method works well for certain volume-based attacks, it sometimes causes genuine traffic to be dropped as well, necessitating the need for the manual analyzing of logs.

Traffic Scrubbing

The increase in the prevalence of cloud DDoS attacks has prompted the development of a number of 3rd-party services such as Verisign, Cloudflare and Imperva to safeguard cloud applications. Third-party services generally function as proxies, directing the application's traffic to the service which will identify and scrub any malevolent traffic before passing it back to the application. If you have a large organization that has a substantial cloud presence, consider enlisting the help of cloud provider engineers and software developers to design a cloud structure that will provide the exact buoyancy you need.

As if being hit by a DDoS attack isn't bad enough, you are also left to clean up a huge mess in its aftermath. Transitioning from a stunned silence to standard business proceedings can be daunting, making effective mitigating protocol such as those discussed above of vital importance to minimize damage and get back to normality as soon as possible.


Published Monday, June 04, 2018 7:58 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2018>