Ask the Experts: How Do You Protect Against DDoS Attacks?

Welcome to Ask the Experts, brought to you by In this video, Intelisys’ SVP Cloud Transformation Andrew Pryfogle discusses how to protect your customers against DDoS attacks with Evolve IP’s Scott Kinka. Learn more about cloud-based security solutions from the Evolve IP team here:

Andrew: Okay, guys. Time for another Ask the Experts session. We’re deep into our Network and Data Security certification track and thought it’d be a great opportunity to bring in one of the biggest brains in our industry and in our partner community, our supplier community. Scott Kinka, CTO of Evolve IP. Welcome back, Scott.
Scott: Thanks for having me.
Andrew: All right, good deal. His head gets really big every time I talk to him but–
Scott: You ain’t making me blush.
Andrew: Hey, I want to talk to you about denial of service attacks and distributed denial of service attacks, DDoS. It seems like it’s an attack vector that’s on the rise. Companies, really of all sizes, have been affected by this. I want to get your unique perspective on, is this a real concern that companies ought to have? How is Evolve IP uniquely helping companies protect against it? Then, you’ve another unique perspective around it. You’re also, as a service provider, you’re also a target for that. How do you yourself, protect against DDoS attacks that can be really damaging?
Scott: Let’s define it at first. A denial of service attack is, largely speaking, throwing enough traffic at the front end of some kind of application service to disable it by essentially throwing more load at the servers running that application than they can handle. Or, at the internet links or whatever it happens to be.
A distributed denial of service attack is one where that launch vector comes from multiple areas. That seems very dramatic but it’s actually pretty straightforward if you consider how this happens. It’s a multi-staged scenario. In a distributed denial of service attack, what it means is, it uses people’s home machines as a means of the attack vector.
Download this, click here for a free vacation, whatever it happens to be for malware, it drops a little component on that local machine. And when the clock hits–at midnight on whatever day it happens to be, whenever the attack happens to be–all of those machines start throwing traffic from a home machine over their local broadband connection at this particular target.
The target might be a website. We’ve heard those very commonly with e-commerce stores or what have you. But it could be–often times, you’ll see it against DNS, as an example, which will disable many sites’ ability to respond to requests for content on there. With things increasingly going to the cloud, DNS governs the service that we’re talking on right now, for Skype. It governs your access to Evolve services, or others, or AWS, or what have you.
I think what’s important for our partners to understand is that this is not just an attack that is targeted at a specific company. We so often hear from our customers, “Well, the Chinese government doesn’t have any interest in taking me out. I’m a local tax Attorney.”
The reality of it is that it’s such an easy attack vector, that in many cases, it’s just meant to be disruptive. It’s just grabbing IP’s and saying, “All right, there’s a lot of people on Comcast who go here, so let’s throw some traffic at it and maybe that’ll interrupt commerce for today,” or maybe that. So it doesn’t need to be a very specific thing.
The key to a distributed denial of service attack is really to understand what the target of the attack is. It could be a specific server or a set of servers that are on a particular application but in front of that, are routers, are switches, are internet connections, are the service providers themselves that are coming in.
The key really is … I hate to say that the solve here, in some ways, is size and heft of data center infrastructure because I’m normally not that guy. But in a lot of ways, multiple points of failure being available, multiple service providers spread across multiple geographies with multiple DNS pools, on and off the network, that’s how service providers counteract that kind of stuff.
If you’re in a single data center, in a small provider type of environment, or you’re in a pure Colo with a really important application, you’re certainly at more risk from a distributed denial of service attack.
Andrew: Interesting. When we talk about this, we’re talking a lot about mitigation services, right? Is it–
Scott: Mm-hmm.
Andrew: Speak to that real quick. What does a typical DDoS mitigation service look like and what’s the value that it’s bringing to a customer?
Scott: What a DDoS mitigation service does, is it essentially … It depends on the methodology. A customer could go buy a DDoS mitigation service or you can get it embedded with your product. At Evolve, we do DDoS mitigation across our environment. If somebody is using our desktops, our servers, what have you, the same service that they’re enjoying for their own access or for themselves is also protecting our common assets inside of our network.
If you were to go purchase it, it essentially works the same way. What it means is, it really becomes essentially, a bridge. All traffic destined for those IP’s are traversing, generally speaking, some mitigation service, which is trending and tracking the requests that are being asked for and doing essentially, anomaly detection on it.
It’s saying, “All right. Well, this type of traffic coming in for this particular IP at these concentrated volumes, does not look normal.” Then, generally speaking, what the service would be able to do, is interact upstream. Perhaps the service would say, “All right. Well, I’m seeing from X service provider … “
Comcast is local and a lot of times these happen over broadband, so I’ll give an example. All of a sudden we’re saying, “All of this consumer level traffic to this one IP, from Comcast, that’s anomalous.” What it enables to do is, then black hole IP’s and ranges of IP’s, upstream at the service provider level.
Either the A, the IP’s are owned and the space is owned by the service provider, so you could shut down that path and it wouldn’t shut down people’s access to that website. Or if you were buying a service–and you hear a lot about those services out there right now, third-party services that you can buy–what those services will do is, they’re embedded and integrated at a switch and router level with the upstream service providers.
They’ll communicate upstream and say, “Hey, shut down this IP. I don’t want any traffic from here.” And it really becomes this push and pull of, a DDoS attack ratchets up and then you take some of its space away. Then, it ratchets down and then you open those IP’s back up and they might open back up. The idea is, you play that game of shifting traffic around until that, whatever that attack vector is on the other side has given up, or it’s timing’s run out, or what have you.
Andrew: Very cool, man. Great insight. I think it’s an area that so many different types of businesses are subject to this, right? Left unchecked, it can really wreak some havoc on performance on a network, right? It can bring you to your knees.
Scott: Yeah. No question. And it’s hard to do on your own, is really the point around DDoS, which is why … I’ll give a different product parallel example. Cloud Connect is a broadband aggregation service that’s very popular with Evolve IP customers. They opt for that instead of direct access into our network. They pull multiple broadband connections together but we become the internet egress in that regard.
Even if it’s just a WAN service with some hosted PBX, we’re, in that case, providing DDoS mitigation out of our core for any downstream services that happen to be hosted inside the business because they’re using us, not only as their cloud service but we become their internet egress.
There’s other services in the Intelisys portfolio that operate in similar ways, so it’s absolutely key for our partners to be thinking about DDoS mitigation and what that means at a customer level.
Andrew: Very cool. Hey, as usual man, great insights. Thanks for jumping in, Scott.
Scott: Absolutely. Certainly.
Andrew: Good deal. Guys, that’s Mr. Scott Kinka, CTO of Evolve IP. Do check out the learning center for Evolve IP. It’s got great information there, guys. You can get really smart about how to position Evolve IP cloud services just by studying up on their material and engaging with their channel managers and their smart guys. It’s a great service. We’re big fans. You should be too. Good selling.