Any battle that is fought within the borders of a country invariably incurs some level of economic loss. The primary goal of any national defense strategy is to make sure any battle that needs to be fought occurs somewhere that impacts the citizenry of that nation least. The same philosophy also applies to cybersecurity.
Github learned this the hard way. The provider of a widely used online repository for collaboratively developing software was the target of a 1.35 terabit-per-second distributed denial of service (DDoS) attack that knocked the service offline. It wasn’t until Github contacted Akamai, which has one of largest content delivery networks in the world, that the attack was mitigated. By rerouting traffic through Akamai it became possible for Akamai to scrub most malicious traffic before sending it along to Github.
In total, the Github service was only offline for a few minutes. But what makes the attack remarkable is its size. A 1.35 Tbps attack is now the largest DDoS attack ever seen. The most troubling aspect of that claim is that it’s not likely to stand as the world’s largest for long. In the case of the Github attack, unknown cybercriminals were able to leverage a well-known vulnerability in open source memcache software to harness nodes around the world to launch the attack. Memcache is widely employed to boost the performance of Web applications.
Obviously, memcache has issues that need to be addressed. But even should that occur, it may take a long time for all the software developers that rely on it to patch their system. That means other DDoS attacks employing the same techniques are probable. But it doesn’t stop there. As is the case of the Mirai botnet, it’s already been shown that cybercriminals can highjack millions of devices connected to the Internet to launch DDoS.Web application attacks are increasing 69% year over year, with no end in sight. Details in this @barracuda blog post.Click To Tweet
A recent report from Akamai finds the number of web application attacks increased 69 percent year over year with no end in sight. One of the more innovative ways to thwart these attacks to route Web traffic via a CDN. Providers of CDN services beyond Akamai include Amazon Web Services (AWS), Microsoft, Rackspace and host of others. Regardless of the service employed it’s clear CDNs are emerging as a critical first line of defense in a layered approach to cybersecurity. The difference between CDNs and other layers of security is that any attack involving a CDN happens beyond the perimeter of the organization. The battle is occurring in a neutral territory. That means all the collateral damage associated with defending against a DDoS attack now takes place beyond the perimeter of the organization being attacked. Instead of internal cybersecurity personnel and their IT colleagues cleaning up the mess, the provider of the CDN takes on most of the heavy lifting.
CDNs don’t replace the need for firewalls and other elements of a well-crafted cybersecurity defense. But CDNs these days do a lot more than more efficient distribute content across the Web. Each point of presence on a CDN provides not only a place to combat threats before they compromise internal systems, but also a place to gather threat intelligence. Any battle fought within the borders of a country almost always comes at a high political and economic cost. IT leaders would be well-advised to apply that same rationale. In fact, most IT leaders going forward will soon be judged on their ability to neutralize cybersecurity threats long before they ever reach the network perimeter.