Distributed denial of service (DDoS) attacks are not all that sophisticated. Thousands of devices are hijacked by a bot that in turn uses them to launch DNS requests that eventually bring a web site to its knees. To prevent that from happening, Corsa Technology today added a GigaFilter capability to its Red Armor network security engine (NSE) appliance capable of filtering four billion IPv4 addresses on either a 10 to 100 Gbps networks.
Carolyn Raab, vice president of product management for Corsa Technology, says GigaFilter, coupled with a Red Armor NSE 7000 appliance, intercepts most of the queries being launched by endpoints compromised by a bot before they ever get to a DNS server.
Those attacks are becoming more challenging to respond to because as the number of things that are connected to the internet increases, it’s becoming easier for cybercriminals to marshal compromised systems much closer to the point of attack.
“The attacks are becoming less distributed as more IoT devices come online,” says Raab.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Raab says threat intelligence feeds along with other indicators of compromise (IoCs) are continuously updated to keep track of IP addresses that have been compromised. That approach also eliminates the need to backhaul DNS queries to a dedicated data center to identify legitimate queries. Best of all, Raab says, the Red Armor appliances can be installed in under 10 minutes.
No one can stop cybercriminals from using insecure devices to launch DDoS attacks. But that doesn’t mean they need to be completely defenseless either.