Kaspersky DDoS Protection
Keep your business running... smoothly
Technical Information
WHY IT MATTERS
-
How could DDoS affect you?
-
When hackers or cybercriminals launch a Distributed Denial of Service (DDoS) attack, the damage – and the costs – can be devastating for the business that’s being targeted.
DDoS attacks are used to disable the targeted organization’s online presence or key business processes – and that can have long lasting impact for the victim.
Is your business doing all it can to achieve effective DDoS attack protection?
-
-
Keeping your business online
-
With online activities playing an increasingly important role in virtually every business’s day-to-day interactions with customers, suppliers and employees, no business can afford to ignore today’s growing DDoS risks. Your online services – and all of your IT infrastructure – are just too important to leave unguarded:
- Your customers are more demanding than ever
- They expect ‘always on’ access to products and services – and that means unplanned downtime isn’t an option if your business is going to keep hitting its targets for customer satisfaction levels
- Your own team needs reliable access to key services
- Many of your employees simply can’t perform their work tasks if any of your critical systems are taken out of action by a DDoS attack
- The effects of an attack can be far-reaching
Even though the attack may be targeting a specific element of your infrastructure, it could affect other areas of your business. For example, an attack against a bank’s internal systems could also disable its entire network of ATMs (Automated Teller Machines).
-
-
Financial damage... and more
-
The direct financial costs of recovering from a DDoS attack can be massive… and the reputational damage can keep adding to those costs over the long term:
- Direct financial costs
- Failed sales transactions – during downtime periods
- Failed online banking transactions – with possible penalties
- Your own team needs reliable access to key services
- Negative publicity that dissuades existing customers and potential clients
- Damage to your business brand – that could take years to recover from
-
-
Confusion causes even more damage
-
If your business is subjected to a DDoS attack, it could also suffer additional losses that result from misconceptions about exactly what a DDoS attack is – and how it could affect your customers. Even though DDoS attacks are unlikely to have any effect on your customers’ security, can you be sure your customers will understand this?
Whenever customers hear about a ‘security incident’ – any security incident – some may fear that their confidential information, bank details and credit card numbers could be at risk. Even though these fears may be totally illogical – and stem from customers’ misunderstandings about the nature of DDoS attacks – your business could still suffer.
-
THREATS
-
Scale of the threats
-
DDoS attacks are nothing new. They’ve been a threat for many years. However, the level of danger is much higher than in previous years.
Recently, because the cost of launching a DDoS attack has reduced, the volume of attacks has rapidly increased.
At the same time, today’s attacks are much more complex and sophisticated – so you need to do much more to defend against them.
-
-
Yesterday’s defenses can’t protect you today
-
The scale and sophistication of DDoS attacks has evolved. Unfortunately, this means today’s complex attacks are:
- Much more difficult to guard against
- Even harder for a business to recover from
In addition, the sheer scale of a typical attack can rapidly overwhelm the target’s infrastructure. With today’s attacks often running at 80 – 100 Gb per second, the bandwidth of typical corporate networks can be saturated in just a few seconds.
All of this means that the simple prevention techniques – that were still effective only a few years ago – no longer offer adequate DDoS attack protection. Businesses are no longer able to defend against attacks, without using specialist defense services. The threats have become more devious… so your protection measures have to be even more capable.
-
-
How DDoS attacks overwhelm businesses
-
There are many different ways for hackers to overload the target business’s IT infrastructure – to cause a ‘denial of service’. Some of the most common types of attack include:
- Volumetric attacks
These attacks try to saturate the capacity of your corporate Internet connection – by generating traffic levels that exceed your available bandwidth. - Application and infrastructure attacks
Application layer attacks seek to crash servers that are running vital applications – such as the web servers that your online presence depends on. Other infrastructure-based attacks may try to disable your network equipment and / or server operating systems. - Hybrid attacks
These can be particularly challenging – as they combine volumetric attack methods and application layer or infrastructure attack techniques.
- Volumetric attacks
-
-
DDoS attack protection… the essentials
-
To ensure your business is adequately defended against DDoS attacks, you need a DDoS attack prevention solution that helps you to:
- Detect any new attack as rapidly as possible
So you can defend your business very soon after the hacker launches the attack against your business. - Mitigate the effects of the attack as rapidly as possible
So your business can minimize – or totally prevent – any disruption to its normal business activities.
- Detect any new attack as rapidly as possible
-
SOLUTIONS
-
Kaspersky Lab's Solution
- Kaspersky DDoS Protection gives you a total, integrated solution that includes everything your business needs to defend against DDoS attacks:
- Special sensor software* – for installation on your site
- Access to a resilient, distributed network of ‘cleaning centers’
- Advanced intelligence about the latest DDoS attacks
- The services of our Security Operations Center
- Extensive support – including direct access to DDoS protection experts
- Post-attack analysis and reports
- ...all backed up by a stringent Service Level Agreement.
*The sensor software runs on a standard x86 server or on a virtual machine. If you require a new server, it can be supplied by one of Kaspersky Lab’s partners.
- Kaspersky DDoS Protection gives you a total, integrated solution that includes everything your business needs to defend against DDoS attacks:
-
How we protect you
-
Kaspersky DDoS Protection takes care of every stage in defending your business – from ongoing 24x7 analysis of your traffic, through to alerting you about the possible presence of an attack and then redirecting your traffic, cleaning your traffic, returning ‘clean’ traffic to you… and, finally, giving you post-attack reports & analysis.
Unlike other vendors’ offerings, Kaspersky Lab’s solution fights DDoS attacks on two fronts:
- Special defense infrastructure – including our sensor software – running on your site – and systems running at a network of Kaspersky Lab sites
- Kaspersky Lab DDoS intelligence – for earlier detection of DDoS attacks
-
-
Special sensor
-
Kaspersky Lab provides special sensor software that runs at your site – and, as soon as it’s installed, the sensor software starts to collect statistics and build usage profiles that help it to protect your business.
It monitors your traffic and – by continually building up statistical data and behavioral analysis data – the sensor continuously enhances its ability to detect even very subtle anomalies that are characteristic of the start of a DDoS attack.
Because the sensor software runs on a standard x86 server or a virtual machine, there isn’t any non-standard hardware for you to maintain.
-
-
Cleaning Centers
-
In the event of a DDoS attack, we’ll alert you and give you the option of redirecting your traffic to Kaspersky Lab’s Cleaning Centers – and then having only ‘clean traffic’ returned to you.
We’ve invested in a distributed network of Cleaning Centers – to deliver a highly resilient and scalable traffic cleaning capability.
-
-
DDoS attack intelligence
-
Kaspersky Lab’s malware experts use sophisticated methods to monitor the DDoS threat landscape and keep ahead of the hackers – so that we can achieve earlier detection of DDoS attacks.
Because traditional DDoS prevention vendors don’t have security intelligence departments, this proactive layer of protection cannot be delivered by these vendors.
-
BENEFITS
-
Solution benefits
-
Defending against the most complex DDoS attacks doesn’t have to be a complex task for your business.
When you choose Kaspersky DDoS Protection, you’re effectively ‘giving your entire DDoS attack protection problem to Kaspersky Lab’.
With Kaspersky Lab’s integrated defenses on board, your IT and security teams are free to focus on your core business activities – safe in the knowledge that you’ve got multi-layered defenses against the most sophisticated attacks.
-
-
Expertise is essential
-
Unlike virus attacks that tend to propagate automatically, DDoS attacks rely on human expertise – and that can make DDoS attacks particularly difficult to defend against… unless you have the Kaspersky Lab experts helping to protect you.
For virtually every DDoS attack:
- Hackers research their target
The attackers assess vulnerabilities within the target business’s online presence – and then preselect the attack tools that are most likely to achieve the hacker’s malicious objectives. - Cybercriminals adapt their tactics
Working in real time – during the attack – hackers constantly change tactics, adapt their approach and select different tools… in order to maximize the damage they can inflict.
Because real people are constantly fine tuning almost every ‘live’ DDoS attack, you need real DDoS mitigation experts fighting against your attackers in real time… and that’s exactly what Kaspersky DDoS Protection delivers.
- Hackers research their target
-
-
Inline versus non-inline
-
In the past, some vendors proposed the use of a hybrid defense that included an inline appliance and remote cleaning centers. The inline appliance would continually intercept the business’s traffic and provide some level of defense for small attacks – and only suggest redirecting traffic if a large attack was detected. However, with the vast majority of today’s attacks now able to overwhelm the capacity of both an inline appliance and the targeted business’s Internet connection – within a few seconds – this approach is now outdated, and it can introduce delays before traffic is redirected to a cleaning center.
Kaspersky DDoS Protection uses a non-inline sensor that continuously monitors your traffic – without intercepting it. As soon as the sensor detects a potential attack, you have the option of redirecting all traffic to one of Kaspersky Lab’s cleaning centers.
Because Kaspersky Lab’s solution totally avoids the use of inline appliances:
- You have greater control over whether your traffic is redirected to cleaning centers
- You benefit from DDoS protection that also achieves a lower rate of false positives
-
-
Greater visibility – across your business
-
Although no one can stop cybercriminals targeting your business, Kaspersky Lab is ideally placed to deliver a rapid response to any DDoS attack. Then – after we’ve defended you against the attack and mitigated the effects – we’ll deliver detailed, post-attack analysis and reporting on exactly:
- What happened
- How long it lasted
- How Kaspersky DDoS Protection dealt with the attack
... so every level of your business benefits from clear visibility of the issues.
-
REASONS
-
Kaspersky Lab - The Reasons
-
Kaspersky DDoS Protection combines three protection techniques – to deliver more rigorous DDoS attack protection:
- Statistical analysis – of your online traffic helps us to build profiles and detect deviations
- Behavior analysis – monitors your website’s visitors, so we can identify abnormal behavior
- Advanced DDoS intelligence – that only our solution can offer – enhances detection rates
-
-
Far-ranging protection
-
Whereas some vendors can protect against volumetric attacks and other vendors’ offerings are more suited to defending against application layer attacks, Kaspersky Lab provides effective protection and mitigation for all types of DDoS attacks, including:
- Volumetric attacks
- Application layer attacks
- Infrastructure attacks – against networks & operating systems
- Hybrid attacks… and more
… so, whatever technique the attackers use, Kaspersky DDoS Protection safeguards your business.
-
-
Unique combination of skills
-
Because today’s DDoS attacks are much more sophisticated, an intelligence-led approach to defense is vitally important. No other DDoS prevention solution vendor has our background in IT security – so no other vendor has a dedicated attack intelligence team.
Because we’re the first anti-malware vendor to offer a DDoS protection solution, we’re able to provide a unique combination of statistical analysis, behavior analysis and DDoS attack intelligence… for more thorough defense.
-
-
Improved sensitivity – for improved detection
-
Some vendors are only able to provide broad monitoring of the entire communication channel. However, Kaspersky Lab’s solution is capable of granular analysis – so we can detect even smaller deviations from normal traffic and normal behavior.
In addition, we use special techniques that let us filter traffic at points that are as close as possible to the source of an attack.
-
-
Integrated teams – for a tightly integrated solution
-
Because all of the software inside Kaspersky Lab’s DDoS Protection solution – and other security products – is developed by the company’s own, in-house experts:
- We have full control of the development cycle
- We can react more rapidly to changes in the DDoS attack landscape
Furthermore, our DDoS Emergency Response Team works very closely with Kaspersky Lab’s lead engineers and solution architects. Communication lines are short and feedback loops are very responsive – so we can rapidly deliver new plug-ins that defend against new application layer attacks.
-