Home / Blogs

DDoS Mitigation: A Blend of Art and Science

Miguel Ramos

As DDoS attacks become larger, more frequent and complex, being able to stop them is a must. While doing this is part science, a matter of deploying technology, there is also an art to repelling sophisticated attacks.

Arbor Networks, Citrix and others make great gear, but there's no magic box that will solve all your problems for you. Human expertise will always be a crucial ingredient.

The Science

Certain attacks can be mitigated purely through automation. For example, you can set up proper access control lists on your routers, which can block connections to ports through which you have no services. (That is, you can define a list of services authorized to receive traffic, while at the same time dropping all other traffic.) Some attackers randomly try certain attack vectors, hoping to get lucky and flood your infrastructure — without investigating which type of attack might actually work best. When properly configured, your routers and firewalls will automatically drop such traffic, without it even reaching your servers. This is can be very effective and should be part of any mitigation strategy.

Equally effective are advanced AI algorithms, which are often built into routers and DDoS mitigation hardware. These algorithms can give you a picture of an attack in progress. You can also tune their settings to drop traffic when certain thresholds are met. AI algorithms do very well at handling simple attacks (SYN floods, UDP floods, etc.). The catch: Without careful tuning, they can automatically drop good traffic, defeating your goal of continuing business as usual. If your business is profiled on CNN, resulting in surging traffic, your gear may very well kick in and legitimate traffic could be blocked.

The Art

To avoid that sort of situation, you need to spend considerable time tuning your mitigation hardware, so it can tell good traffic from bad. Even this will not always be enough. These days, anyone with decent software development skills can craft attacks that zero in on key infrastructure. He or she will make educated guesses about your website: which parts feature dynamic content, possibly back-ended by a database, and even which parts might be making high-CPU/memory database calls. An attack can be easily masked to look like legitimate traffic. In fact, 10 properly designed simultaneous connections might be enough to take down a cluster! Such attacks take time and creativity to block, no matter if you have the latest mitigation hardware.

The same thing is true when a large, distributed botnet generates thousands of legitimate-looking requests. Automation alone will help you only so much. With the right expertise and hands-on experience, you can set up filters to drop bad traffic.

A Balanced Approach to Stopping Attacks

Before you lose millions in downtime, revenue and brand equity, make sure your mitigation includes both art and science. Remember, even the best technology won't excel without the right guidance. When comes to fighting DDoS attacks, you need both man and machine.

If you don't have the expertise in house, consider a third-party solution like Neustar SiteProtect, a cloud-based service which not only fuses technology from leading vendors (Arbor, Citrix and Juniper, along with several others) but backs it with the experts in our Security Operations Center.

By Miguel Ramos, Sr. Product Manager, Neustar Enterprise Services

Related topics: Cyberattack, DDoS, DNS, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

What Holds Firms Back from Choosing Cloud-Based External DNS?

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Protect Your Privacy - Opt Out of Public DNS Data Collection

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Measuring DNS Performance for the User Experience

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Sponsored Topics



Sponsored by
Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services

DNS Security

Sponsored by


Sponsored by