News Stay informed about the latest enterprise technology news and product updates.

DoS fighters arrive, but who's buying

DoS fighters arrive, but who's buying

If you believe the research, more than 4,000 distributed denial-of-service (DDoS) attacks are launched weekly, and they've been steadily gaining steam since last February's celebrated shutdowns of Yahoo and eBay.

If you believe Asta Networks, the technology is finally here to fend them off.

Industry analysts give the Seattle-based company's product, Vantage System, a thumbs-up but are wondering aloud what kind of viable market exists for DoS protection. Large enterprises, for one, likely won't be interested in Vantage Systems or a similar DoS defense from Mazu Networks that is due next week, according to a Gartner analyst.

"For this market to be effective, it has to be upstream from the large enterprise. Because if a denial-of-service attack is clogging up your Internet pipe, it's already too late for this tool to work," said Gartner Vice President and Research Director, John Pescatore. "The market needs to be somebody like an ISP (Internet service provider) or Internet data center, like Exodus, or one of the large backbone providers like Sprint or AT&T, who need to implement denial-of-service protection and block these attacks at their end."

Large enterprises like state governments that act as ISPs for their agencies are also likely to be shopping for DoS protection, but those are few and far between.

"In general, businesses don't need denial-of-service protection tools," said Michael Rasmussen, senior industry analyst for Giga Information Group. "Those tools are more for ISPs or large Internet backbones. It's a niche market, but there is a market."

Analysts say Asta has right approach

Vantage Systems uses signature-based and anomaly-based algorithms to monitor network traffic and detect denial-of-service attacks. Its signature-based sensors analyze traffic looking for known and recently discovered attacks while its anomaly-based sensors analyze the ratio of traffic and sends alerts to engineers if the ratio does not match normal or anticipated traffic.

"The technology we have solves [DoS] problems because it sits on the network and puts countermeasures in place before damage is done," said Asta vice president of marketing Andrew Konstantaras.

Both Rasmussen and Pescatore acknowledge the effectiveness of Asta's approach, in particular, its ability to interface with routers. "Asta has the right approach, because no one is working in front of another device on a network the way they are," Rasmussen said.

Vantage Systems has been employed on the Internet2 Abilene backbone for the last six months and in that time, has detected several variations on the traditional DoS, padding its algorithm arsenal along the way. Among the variations include:

  • Pulsing zombies: Attacks using hijacked computers to send bursts of traffic, stop and constantly repeat the process. Pulsing zombies, according to Asta, are difficult to detect because most time-based detectors do not pick them up;
  • Degradation of service attacks: Hackers send up to six times the usual amount of traffic to an Internet pipe, but never enough to shut down a server, just slow it down. The increased traffic goes on for weeks and costs e-businesses critical revenue losses;
  • Reflector attacks: Bad traffic is bounced off of a Domain Name Server, making it appear to be legitimate traffic.

Good traffic, bad traffic

Asta claims its product protects against all of these DoS variants with the key element of its success coming from the software's ability to distinguish good traffic from bad.

"The real issue is distinguishing between false-negative and false-positive alerts. It's better to miss a denial-of-service attack than to declare legitimate traffic a denial-of-service attack. Their approach does a pretty good job of staying between the false-positives and false-negatives," Pescatore said.

The ultimate question then remains: Is there a viable market for this critical technology?

"More of these things may pop up in companies now that the pressure is off to get new systems up and running. We're starting to see people worry about the "-ilities", vulnerabilities, availability, and they're starting to look at load balancing, redundancies, Secure Sockets Layer (SSL) connections. Denial-of-service protection is going to be one of the things companies start to look at as well," Pescatore said. "The question is, how much are they willing to spend? Soon enough, they'll go to their ISP or Internet data center host and ask them how much they're going to charge them for denial-of-service protection."

Protection purchases on demand

The trend may bear out, according to Pescatore, that companies buy DoS protection on demand, similar to purchasing additional bandwidth from providers like Yipes.

"I think eventually, you're going to see denial-of-service protection sold in the same way. For example, a florist buying protection leading up to Mother's Day or Memorial Day, or retailers buying protection for the Christmas season or college bookstores buying protection at the start of semesters," Pescatore said. "Some companies don't need denial-of-service protection 365 days a year. Why pay for it?"


searchSecurity has the Best Web Links on denial-of-service attacks

Sound off on this story in searchSecurity's discussion forums

Dig Deeper on DDoS attack detection and prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.