DDoS Protection for Technology Companies

 

Watch Neustar experts as they discuss how DDoS impacts technology companies including online gaming, e-commerce and more. We'll discuss specific examples with DDoS protection experts who are fighting attacks in the trenches.

 

Video Transcript

Susan Warner

Hi I'm Susan Warner, I'm the Market Manager for Neustar's DDoS Solutions.

Miguel Ramos

I'm Miguel Ramos, Senior Product Manager at Neustar for DDoS Solutions.

Bryant Rump

I'm Bryant Rump, Solutions Architect for DDoS Solutions at Neustar.

Rachel Dall

I'm Rachel Dall, I'm Product Manager for DDoS Solutions.

Susan Warner

So Miguel, what are some of the industries most affected by DDoS attacks?

Miguel Ramos

So we really see that all industries are affected by DDoS attacks, but what we're seeing is that there are more intense attacks or higher frequency potentially in the technology verticals, Ecommerce, Online Gaming, Gambling, ERetail, Financial Organizations, and Advertising and Media companies.

Susan Warner

Ok, that's quite a list. So really all industries are being affected. I think it would be great for us to talk about specifically each industry and what we've seen within each industry.

I know, Bryant, for you, you speak to a lot of different companies in different industries and I think it would be great for us to share those high-risk industries what we've been seeing.

So, why don't we start with technology companies? So you were referring to the traditional technology companies, software, SAAS providers, companies like that?

Miguel Ramos

Yes

Susan Warner

And what kind of risks do these companies face when a DDoS attack hits?

Miguel Ramos

Service disruption is obviously a very big risk. Revenue loss potentially if those store fronts affected and online sales can't happen.

Intellectual property loss if the DDoS is part of a distraction technique so sort of used to divert attention, focus resources on the immediate issue of restoring availability while they sort of sneak in the back door.

Susan Warner

Ok and what about customer service? Bryant, you talk to a lot of customers in this industry? Is that one of their complaints that they talk about with this issue?

Bryant Rump

Yeah, pretty much they agree that their primary concern is not necessarily the immediate revenue loss, but the impact to the brand and that's what they tend to be the most concerned with.

Rachel Dall

Right, because if you're attacked your call centers go up and flood, your emails get, you know, tons and tons of emails start flooding in one after another and it can take a while for, you know, your customer service teams to catch back up and kind of ensure that your customers are back to being happy and satisfied.

Susan Warner

So that actually raises another question for me with service providers, Neustar is also a service provider, and we have SLAs with a lot of our managed services. I imagine within that industry it also tends to be an issue and then SLAs and customer service come in in kind of a different way.

Miguel Ramos

Absolutely. The other thing that service providers is that, there's sometimes a common misconception with customers of service providers that they're protected by their host or by their ISP etc. when that's not necessarily the case. Most service providers will focus on insuring the greater good so to speak, so insuring that the rest of their customer base is not negatively impacted and might potentially disrupt your availability to protect everybody else.

Susan Warner

So what about other ecommerce companies? You know, how do their risks differ from say a traditional technology company, and i guess I'm thinking about organizations that have their entire business online, so online gaming, online gambling, those types of industries.

Bryant, do you speak to a lot of those types of companies when you're in meetings?

Bryant Rump

Certainly, like online gaming type companies tend to be very concerned with latency involved even if you point out the fact that obviously being down is very high latency as opposed to having your site available.

They also just tend to be very concerned with the amount of back and forth latency involved in mitigation.

Susan Warner

So we talked a little bit about online gaming sites being more frequently targeted. What kind of attacks do we see being directed at those types of organizations versus say a traditional technology company? Do they differ or is it a very similar type of attack that we would see against them?

Bryant Rump

I'd say you're not going to normally tend to see attempted theft of property. It's going to be a short burst of DDoS trying to make the service unavailable. The goal is not typically stealing intellectual property.

Miguel Ramos

I would say also that with online gaming you're dealing with typically an increase frequency. So there's potentially more attacks, but they're smaller, they're shorter, they're more sophisticated, they are targeted at specific games or specific users.

You know, these games have very dedicated fan bases and people take gaming quite seriously sometimes. There's definitely a risk, and I'd add that, you know, latency, and we talked a little bit about this a few minutes ago, latency can really negatively effected game play and so online gaming organizations are looking sort of what the defense mechanisms that they can put in place are.

The trend that we're seeing is a combination of premise-based equipment to decrease latency, as well as cloud based mitigation for the really large attacks.

Susan Warner

Are there any other recommendations that you would have for technology companies to be prepared for DDoS attacks or incidents as they may happen?

Miguel Ramos

I would say that one thing to keep in mind for technology companies is that, you know, we talked a little bit about this, but that idea of making sure that as these incidents are happening you do have resources, not all your resources are focused on restoring the availability of the site. You sort of have to make sure that while that is going on, and that has to go on obviously, that there are resources that are also focused on insuring that intruders are not attempting to break in, sort of through the back door.

Susan Warner

That's a good point.

Miguel Ramos

What happens typically is that when an attack happens you have the tendency to sort of jump in all hands on deck, let's restore availability, let's make sure that we can get this attack under control.

And the attackers are smart, they know that. And they know that that is a perfect opportunity for them to try to break into the infrastructure that they have that the companies or targets have, and it's a legitimate concern.

Another suggestion that we might make to people is that they should be prepared, have a plan, and sort of put that plan into practice on an ongoing sort of basis.

Rachel Dall

Be proactive.

Susan Warner

Be proactive and be ready.

Bryant Rump

One thing at a kind of more granular level is lots of online gaming type companies tend to have custom applications and so you want to make your mitigation partner or whatever technology you're using aware of your custom application so they can decipher the legitimate traffic from the malicious.

Susan Warner

Just some really great tips and information for technology companies so thanks so much for joining us.

Miguel Ramos

Hi, my name is Miguel Ramos, I'm the Senior Product Manager at Neustar in charge of the DDoS mitigation solutions and I'm here with a couple of colleagues that I'd like to have introduce themselves.

Sathya Varadharajan

My name is Sathya Varadharajan and I'm in charge of the security operations center at Neustar. Happy to be here.

Miguel Ramos

Thanks Sathya.

Ravi Velamuri

Hi I'm Ravi Velamuri, staff security engineer here at the Neustar security operations center.

Miguel Ramos

Thank you Ravi. So guys, thanks for being with us. You have been on the front lines of DDoS mitigation for many years now. You've seen the DDoS threat evolve over time. We want to spend a little bit of time talking about the DDoS threat as it pertains to the technology verticals. The software as a service providers, etc.

I'm not in the trenches like you guys are, but I follow the attacks on our customer base fairly closely. I can think of a company that deals with online learning and provides online learning service that had to deal with some attacks. Can you, Ravi, can you talk a little bit about what some of the challenges they were facing were?

Ravi Velamuri

So one of the biggest challenges is no matter how large the company is they don't have the dedicated resources and infrastructure to battle these kind of attacks which is why they come to a cloud-based company like us. Because we have the infrastructure to take on the large bandwidth that they were seeing and we were able to mitigate their attack using our infrastructure.

Miguel Ramos

And would you say that in this particular case there may have been a threat from it's own, from the student population?

Ravi Velamuri

Yeah if they can't get into the eLearning sites they can't get their assignments put in, they can't get their grades. A lot of people unhappy about wasting their tuition money.

Miguel Ramos

And some people are going to be really happy, right, if they're trying to delay submitting a test score or taking an online test, they're trying to delay the submission of an assignment.

Ravi Velamuri

Yeah. It's always, oh I need to get a couple more days or another day to get my final exam in. I can push it off for a little bit.

Miguel Ramos

Yeah, so it's incredibly disruptive.

Sathya, let me talk to you about online gaming for a second. You know, we've seen a need for DDoS mitigation in this vertical, every thing from companies that actually do online betting and that. You know, some interesting ones have been around, companies that just have, for example, Facebook games or Facebook applications. Can you tell me a little bit about that?

Sathya Varadharajan

Yeah, sure. One of the important customers of Neustar, it's a gaming customer and the important piece of the traffic around this customer is the mix of various custom built applications, as you said, which works with Facebook and other social networking tools. So it is challenging for SOC to understand all of those custom applications, also the different protocols and ports they use, so it's a broad spectrum of the nature of the traffic for SOC to understand so that we could have a proper mitigation strategy to deal with any attack on those customers.

Miguel Ramos

How important would you say is dialogue with the customer when you're dealing with these types of attacks?

Sathya Varadharajan

The dialogues, what we call the orientation call or the ongoing conversations with the customers are a critical piece to understand their assets and the infrastructure and their application so that that knowledge would come in handy while dealing with attacks in real time.

Miguel Ramos

What kind of attacks are seen on these types of custom protocols? What's a good way, what do attackers like to use on custom protocols?

Sathya Varadharajan

It's one way good or bad the attackers know that these are gaming portals and they know that there are a lot of ports open to accommodate customers playing online games.

Sathya Varadharajan

One of the challenging things to deal with gaming customers is the very nature of syn floods, targeted towards those customers. As you know, any traditional way of mitigating would really disrupt the availability of the platforms. And that's where it's important to have a meaningful dialogue with the customers and try to understand the nature of the application so that we would have the right strategy to handle things like syn floods so that they're application would be available all the time. We will have the right tool to keep their sites up and running so that their end users will be able to use them all the time.