Critical cybersecurity outsourcing: DDoS and network-level protections
Help is at hand for operators of critical services who feel overwhelmed by the increasing prevalence of breaches, ranging from ransomware to code breaches and DDoS attacks.
In the aftermath of the Colonial Pipeline attack, critical infrastructure operators must eradicate the specter of lackluster network security.
One of the most pernicious breaches to deal with is the Distributed Denial of Service (DDoS) attack, in which many connected devices are hijacked to take down target websites with malicious access requests.
The Internet of Things widens the scope of DDoS attacks both because it increases the number of devices that hijackers can access, and because endpoint security is often lacking.
And while IoT inherently involves physical hardware, it serves as a gateway to operate large swathes of critical infrastructure.
It is one of the main cavities for DDoS attacks, and new vectors are constantly being discovered. Cyber security experts at DDoS protection service provider Netscout discovered seven new vectors for DDoS from January to July 2021, with energy and utility infrastructure among the hardest hit.
“We’ve noticed a few things with DDoS attack vectors,” said Richard Hummel, threat intelligence manager at Netscout. “One is that the vectors keep coming. There is never a time when a vector is no longer in use. And what we find is that these vectors are not cleaned up. “
Due to the multidimensional nature of cyber threats, a booming industry for cyber protection services has emerged to help within the framework of resourced organizations.
Cyber security products can integrate at the device, edge network, mobile network, or cloud level to detect malicious activity and redirect sensitive IoT device data or signaling traffic through secure overlays.
Even when critical service providers have in-house technology specialists, DDoS attacks with sufficient firepower are likely to create challenges. Setting up external assistance and tools such as automated traffic rerouting can reassure businesses in these cases.
“Our mobile network-based solution is complemented by a SIM applet,” said Adam Weinberg, chief technology officer of Israel-based network protection company FirstPoint Mobile. “Together, these components automatically detect, alert and protect against suspicious communications for every device. “
“The implementation of the FirstPoint solution is straightforward and requires standard connections to the core network. It’s easier than connecting a mobile virtual network operator (MVNO) to a mobile network operator (MNO).
“The mobile network-based approach means that all security features are implemented at the network level and respond to all cell security threats including bogus cell phone towers, signaling attacks, attacks. by SMS and mobile IP data attacks. “
While some companies might host an on-site cleanup center to thwart internal threats, Netscout’s Hummel said it was unaffordable for organizations on a tight budget. Large organizations may take a hybrid approach, often deploying on-premises security for routine attacks, but relying on cloud protection when breaches exceed predefined thresholds.
“We see this often,” Hummel said. “Many large organizations want the capacity and control to mitigate attacks that they see themselves, but don’t necessarily have the capacity of a full cleanup center, which can be very costly.
“What they’re going to do is ensure endpoint security in the business. Then, if an attack occurs, the box is designed to send a signal to cloud services.
“You may never need onsite help defeating a DDoS attack. But in case you need to reroute the traffic, the signal has already been sent and the cloud center is already primed so that if the attack exceeds your threshold or capacity, the rerouting happens automatically. “