Home / Blogs

Identify DDoS Attacks with External Performance Monitoring (Part 2 of 3)

Donald Lee

In Part One of this series, we examined internal server, network and infrastructure monitoring applications. Now let's take a look at another way to capture DDoS information: external performance monitoring.

Option #2 – External Performance Monitoring Solutions in the Cloud

A second approach IT administrators can use to assess a potential DDoS attack is to use an external performance monitoring solution. Unlike network/infrastructure tools — which are usually installed inside a customer's network — external performance monitoring solutions are typically provided by a third party and leverage monitoring locations from around the world.

External monitoring tools can encompass several elements:

  1. Virtual browsers to check for basic Website / application uptime and performance
  2. Real browsers to check for Website / application performance, errors and service degradation
  3. Network services such as DNS, FTP and email, among others

From a DDoS perspective, an external third-party monitoring solution makes sense. The purpose of this type of solution is to constantly monitor a Website, service or application and notify the user of downtime, slow responses or other issues. All of these are potential indicators of a DDoS attack.

That said, although a third party external monitoring solution can work at capturing DDoS attacks, these solutions are not foolproof. An external solution can tell an IT administrator that performance is degrading or has failed, but it cannot determine the reason. As I mentioned in our previous post, abnormal response times and downtime do not always indicate a denial of service condition.

Originally, the goal of third-party monitoring was to ensure that ISPs, hosting companies and servers were functioning as designed. Slow response times and outages could indicate a provider or server being down.

As mentioned in part one of this series, it is important to carefully analyze any data from a third-party before enabling your DDoS protection service.

Companies that do not host their own websites and use third parties like Amazon EC2 would benefit the most from third-party monitoring solutions.

Stay tuned for the next segment in our three-part series where we discuss Netflow/Peakflow monitoring and on-premise equipment.

By Donald Lee, Technical Sales Engineer at Neustar

Related topics: Cloud Computing, DDoS, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Smokescreening: Data Theft Makes DDoS More Dangerous

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Why Managed DNS Means Secure DNS

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

Sponsored Topics