NETSCOUT Arbor fights attacks on encrypted services

Jun 21st, 2018

According to NETSCOUT Arbor’s 13th Annual Worldwide Infrastructure Security Report (WISR), attacks targeting encrypted web services have becoming increasingly common.

According to Bryan Hamman, territory manager for sub-Saharan Africa at NETSCOUT Arbor, which specialises in advanced Distributed Denial of Service (DDoS) protection solutions, encryption is a basic necessity in an organisation’s cyber security defence arsenal. “Encryption is the way in which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is a tremendously important method for providing data security, especially for end-to-end protection of data transmitted across networks.

“For example, encryption allows banks to offer online banking and funds transfers, and protects the public’s online interactions when they use their credit or debit cards, or interact with any service provider for an online transaction that involves the exchange of information. Breaking web service encryption of such online data stores, which house confidential personal and financial data, is therefore a serious goal for cyber attackers, and, according to the most recent NETSCOUT Arbor WISR, attacks targeting encrypted web services in recent years are becoming more common. Using a DDoS attack is one method of carrying out such an assault on data.”

A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. In recent years, DDoS attacks have become a major cyber-security issue for CIOs and CSOs, as each year these attacks grow in number, becoming bigger and more damaging. Just a few months ago, NETSCOUT Arbor defences were able to foil – on behalf of its clients – two of the biggest DDoS attacks in history.

Hamman notes, “On 28 February, a 1.3Tbps DDoS attack was confirmed against developer platform GitHub, which was unavailable from 17:21 to 17:26 UTC, and intermittently unavailable from 17:26 to 17:30 UTC, due to the attack. However, no data was lost. This was then the most powerful DDoS attack recorded to date. Hot on its heels though, just days later in early March, an even larger attack of 1.7Tbps – a reflection/amplification attack – was targeted at a customer of an American-based service provider and recorded by the NETSCOUT Arbor ATLAS global traffic and DDoS threat data system. Again, the attack was unsuccessful.”

With reference to a recent article from Tom Bienkowski, director of DDoS Product Marketing at NETSCOUT Arbor, Hamman clarifies that there are four key types of DDoS attacks that target encrypted services:

  • Attacks that target the SSL/TLS negotiation, which determines how two parties to an internet connection will encrypt their communications.
  • Protocol or connection attacks against SSL service ports.
  • Volumetric attacks targeting SSL/TLS service ports, which overwhelm port capacity with high volume traffic floods.
  • Application-layer attacks against underlying services running over SSL/TLS.

Hamman says that against such grimly determined tactics, a multi-layered defensive strategy is required in turn. NETSCOUT Arbor’s DDoS defence approach incorporates the following key strategies:

  • Arbor Cloud and 24/7 Security Operations Centre, which detects and mitigates volumetric attacks upstream before hitting the organisation.
  • Arbor APS, which stops ‘low and slow’ application layer attacks.
  • Arbor Cloud Signaling™, which intelligently routes traffic to secure clouds, thereby preventing on-premise infrastructure protection from being overwhelmed.
  • Arbor ATLAS Intelligence Feed, which sends continual alerts to security teams to inform them of developing threats and trends.

Bienkowski concludes, “A key component of the security arsenal is the ability to inspect encrypted traffic securely and attest to its authenticity without slowing, disrupting or compromising legitimate traffic. While decryption is not always necessary for successful mitigation, there is a growing need for scalable solutions for decrypting packets.

“One positive conclusion coming out of the 13th WISR is that both service providers and enterprises are recognising that traditional firewalls and intrusion prevention systems are insufficient in confronting sophisticated DDoS attacks – particularly encrypted attacks targeting encrypted services. Encryption is essential but cannot be relied upon on its own to thwart determined and sophisticated attackers.”

For more information about NETSCOUT Arbor in Africa, please contact Bryan Hamman at [email protected].