12 Aug

How To Defend Against A DDoS

In the web security arena, everything changes very fast. The threat landscape rapidly evolves. Zero-day attacks are launched on a daily basis, exploiting newly discovered vulnerabilities for which signature are not available yet. Attackers hide their attack vectors, and scraping bots hide their identities behind CDNs and dynamic IPs, avoiding any simple blacklisting technique trying to block them. In such a rapidly evolving battleground, static cloud security services cannot protect you. Static cloud security services utilize negative security models that identify attacks based on the signatures of attack vectors, and block attackers and bots using IP blacklisting mechanisms. Unfortunately, that can’t help you with zero-day or dynamic IP attacks.

Meanwhile, the assets you need to protect are notoriously changing all the time, continuously introducing new vulnerabilities that may be exploited by attackers. With static cloud security services, you have to tell whenever you launch new applications or introduce changes into existing ones, and manually change your security policies accordingly. This manual process quickly gets out of control as developers that use continuous delivery methods launch release new versions on a daily basis. As a result, your protected assets are introduced with new vulnerabilities that static cloud security services cannot detect and mitigate.

So how do you win a game in which the rules keep changing all the time?

It’s simple. All you need to do is to implement a cloud security service that continuously and automatically adapts to the evolving threat landscape and protected assets. You can’t do that with static cloud security services. To make sure you are continuously protected, you’ll need a cloud security service that implements a positive security model, which means it can tell what your legitimate traffic looks like, and then block anything else. This would get you full protection from zero-day attacks, and from attacks using dynamic IP techniques. In addition, a continuously adaptive cloud security would automatically identify new applications that you launch, analyze their potential vulnerabilities, and tailor them an appropriate security policy.

Radware Cloud Security Services are the first continuously adaptive cloud security service. With positive security models and behavioral analysis technology, they provide automatic protection against zero-day attacks. With IP agnostic fingerprinting technology, attackers and bots are blocked even when they try to hide behind CDNs and dynamic IPs. New applications are automatically discovered, and security policies are automatically created for them. This way, Radware Cloud Security services keep you protected… even while the rules of the games keep changing!

Share this

Leave a reply