Blog Series 1 out of 2.
Application DDOS are sophisticated attacks and very hard to mitigate. Unlike network layer attacks, where most attacks are manipulation of protocol which could be identified based on method employed, in case of application DDOS the most prominent type of attack is volumetric attacks which have no real patterns to identify. These are legitimate requests sent at high volume to the application, clogging up resources which otherwise would have been used by other users and making the application inaccessible to regular users.
The most common technique employed to detect Application DDOS is rate limiting where limits are set on number of requests a user can make. The two basic and only fundamentals of protecting against such kind of volumetric DDOS attacks are:
To accomplish both, the best possible solution is a cloud WAF like AppTrana which has DDOS protection capacity. A well designed cloud WAF will be able to auto scale very quickly to ensure it is able to absorb unusual spikes in request. AppTrana leverages highly scalable infrastructure known to block large attacks up to 2.3 Tbps and 700K requests per second to provide protection against the largest attack possible.
The next challenge is to detect unwanted requests and drop them. If WAF does an effective job of this, the backend will be protected from request spikes and its resources will be free to serve legitimate requests.
Unfortunately static rate limits do not work and most attacks go under the radar. To understand the problem with static rate limiting rules, one needs to understand how these rate limits work.
The problem with such static rate limiting rules is that it does not take into account natural variance of a site. For example one of our sites has spikes during end of a month when a lot of data is uploaded & read by users; generally the increase in number of requests from single user during month end is in the range of 3-4 times more than normal traffic. Now if static rate limits need to be configured for this case, month end spikes have to be taken into account, which then means that during normal days, even a spike of 4 times would go undetected and requests would be passed on to origin, leading to heavy load on origin. It is to address these problems that AppTrana has introduced its Behavioural Application DDOS Protection Solution.
AppTrana’s Behavioural Application DDOS Protection solution takes advantage of its ability to process huge volume of requests in seconds and provides policies that are configured based on behaviour of the application requests instead of hard limits.
With AppTrana
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.
This post was last modified on December 15, 2023 15:56
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More
Secure Node.js APIs using best practices: Employ proper HTTP methods, robust authentication, and API-specific security… Read More