Home best DDoS protection Introducing Fully Managed Behavioural Application DDOS Protection Solution.
DDoS

Introducing Fully Managed Behavioural Application DDOS Protection Solution.

Application DDoS Protection Solution

Blog Series 1 out of 2.

Application DDOS are sophisticated attacks and very hard to mitigate. Unlike network layer attacks, where most attacks are manipulation of protocol which could be identified based on method employed, in case of application DDOS the most prominent type of attack is volumetric attacks which have no real patterns to identify. These are legitimate requests sent at high volume to the application, clogging up resources which otherwise would have been used by other users and making the application inaccessible to regular users.

The most common technique employed to detect Application DDOS is rate limiting where limits are set on number of requests a user can make. The two basic and only fundamentals of protecting against such kind of volumetric DDOS attacks are:

  1. Ability to observe the volume of requests, as initial defence against volumetric app DDOS is to scale and observe requests sent to the application without running out of resources
  2. Identify unwanted requests and drop them quickly. These detections are done by identifying unusual spikes and blocking them

To accomplish both, the best possible solution is a cloud WAF like AppTrana which has DDOS protection capacity. A well designed cloud WAF will be able to auto scale very quickly to ensure it is able to absorb unusual spikes in request. AppTrana leverages highly scalable infrastructure known to block large attacks up to 2.3 Tbps and 700K requests per second to provide protection against the largest attack possible.

The next challenge is to detect unwanted requests and drop them. If WAF does an effective job of this, the backend will be protected from request spikes and its resources will be free to serve legitimate requests.

Get URI-Based DDoS Protection for your Applications
Know more

Unfortunately static rate limits do not work and most attacks go under the radar. To understand the problem with static rate limiting rules, one needs to understand how these rate limits work.

  • Rate limits can be configured only on certain identity. i.e. It can be configured to not allow more than x requests in a time period from 1 IP/user etc. but it cannot be configured to only forward y requests to an application in that time period since that would lead to legitimate users being blocked

The problem with such static rate limiting rules is that it does not take into account natural variance of a site. For example one of our sites has spikes during end of a month when a lot of data is uploaded & read by users; generally the increase in number of requests from single user during month end is in the range of 3-4 times more than normal traffic. Now if static rate limits need to be configured for this case, month end spikes have to be taken into account, which then means that during normal days, even a spike of 4 times would go undetected and requests would be passed on to origin, leading to heavy load on origin. It is to address these problems that AppTrana has introduced its Behavioural Application DDOS Protection Solution.

AppTranas Behavioural Application DDOS Protection solution takes advantage of its ability to process huge volume of requests in seconds and provides policies that are configured based on behaviour of the application requests instead of hard limits.

With AppTrana

  • Behavioural DDOS can be configured to be triggered if behaviour of requests to application changes, which means any normal variance in request is accounted for and alerts are triggered only when there is an abnormality
  • By default, three policies that monitors traffic on host, IP and session level are configured
  • When an application is onboarded, these policies are configured with generic values that works for most applications
  • Within a few days of onboarding the application, based on behaviour observed, appropriate values are derived which provides optimal protection
  • Customers can configure additional policies based on their need. Policies can be configured to take various actions when triggered including blocking the requests outright.

Read Blog Series 2 out of 2

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

Vivek Gopalan

Vivekanand Gopalan is a seasoned entrepreneur and currently serves as the Vice President of Products at Indusface. With over 12 years of experience in designing and developing technology products, he has a keen eye for building innovative solutions that solve real-life problems. In his previous role as a Product Manager at Druva, Vivek was instrumental in creating the core endpoint data protection solution which helped over 1500 enterprises protect over a million endpoints. Prior to that, he served as a Product Manager at Zighra, where he played a crucial role in reducing online and offline payment fraud by leveraging mobile telephony, collective intelligence, and implicit user authentication. Vivek is a dynamic leader who enjoys building and commercializing products that bring tangible value to customers. In 2010, before pursuing MBA, he co-founded a technology product company, Warmbluke and created a first-of-its-kind innovative Civil Engineering estimator software called ATLAS. The software was developed for both enterprise and for SaaS users. The product helps in estimating the construction cost using CAD drawings. Vivek did his MBA from Queen's University with Specialization in New Ventures. He also holds a Bachelor of Technology degree in Information Technology from Coimbatore Institute of Technology, Anna University, one of the prestigious universities in India. He is the recipient of the D.D. Monieson MBA Award, Issued by Queen's School of Business, presented to a student team which has embraced the team-learning model and applied the management tools and skills to become a peer exemplar. In his spare time, Vivek likes to go on hikes and read books.

This post was last modified on December 15, 2023 15:56

Share
Vivek Gopalan
Published by
Vivek Gopalan
Tags: best DDoS protectioncloud DDoS protectionDDoS attacksDDoS Prevention
3 years ago

Recent Posts

Top 10 Best Practices for Attack Surface Reduction

Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More

1 week ago

10 Important Data Privacy Questions You Should be Asking Now

Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More

1 week ago

11 Best Practices to Secure your Nodejs API

Secure Node.js APIs using best practices: Employ proper HTTP methods, robust authentication, and API-specific security… Read More

2 weeks ago