The escalating threat of Tsunami-sized web DDoS attacks is a growing concern. This emerging generation of attacks is not only larger in scale but also presents greater challenges to detect and mitigate. To dive deeper into Tsunami DDoS attacks and how companies can adequately defend against them, we sat down with Uri Dorot, Senior Security Solutions Lead at Radware.
What are Tsunami DDOS attacks and how do they pose a threat to organizations? Who is the most likely target?
Web DDoS Tsunami attacks are an emerging new generation of very aggressive and sophisticated layer 7 HTTPS Flood attacks. They are known for their huge volumes, very high requests-per second (RPS) rate, and ability to masquerade as legitimate traffic.
Launched mainly by hacktivist and cyber-terror groups, Web DDoS Tsunamis pose a serious threat to organizations because standard web application firewall (WAF) and DDoS protection tools that operate based on rate-limiting and lists of known signatures are unable to effectively detect and mitigate them. The elusive, zero-day attacks are encrypted and appear as legitimate HTTPS requests, such as POST, GET, PUSH, etc. To bypass traditional app protections, they use sophisticated evasion and morphing techniques, such as randomizing HTTP methods, headers, and cookies; impersonating popular embedded third-party services; and spoofing IPs.
Most of these attacks target financial services companies and governmental institutions, but we also see them impacting major airlines and ecommerce applications worldwide. They pose a great risk to enterprise application availability and business and service continuity. Without proper protection a Web DDoS Tsunami can take down applications for hours and even days.
How does Radware's new Cloud Web DDoS Protection solution address the threat of Tsunami DDOS attacks?
Radware’s Cloud Web DDoS Protection solution uniquely combines behavioral-based, automated algorithms with the high-scale infrastructure needed to accurately detect and block high RPS, Tsunamis. And the key differentiator is that it does this without interrupting legitimate traffic. As the attacks morph, the solution immediately and continuously analyzes the incoming HTTP/S requests and generates new attack signatures for unknown and zero-day attacks on the fly. This not only prevents downtime but also avoids disrupting application availability for legitimate users.
What specific features or capabilities of Radware's advanced solution make it stand out?
First, Radware’s solution uses dedicated, behavioral-based algorithms with advanced learning capabilities to quickly detect and surgically block L7 DDoS attacks without blocking legitimate traffic. In contrast to the common volumetric approach used by most vendors, Radware’s L7 behavioral-based protection can accurately distinguish between a legitimate and malicious surge in traffic and block only the attack traffic generated by adversaries—even during Web DDoS Tsunami attacks.
Second, the unique algorithms provide protection from a wide range of L7 DDoS threats, including smaller-scale, sophisticated attacks; new L7 attack tools and vectors; and large-scale, sophisticated Web DDoS Tsunami attacks. Radware’s solution analyzes the advanced threats and their variants as well as adapts to any attack patterns, randomization methods, and attack techniques (i.e., using proxies, impersonating legitimate bots, etc.).
Finally, Radware delivers a combination of automated algorithms and high-scale infrastructure that accurately protects against these high-RPS sophisticated L7 DDoS threats.
How does it prevent downtime and ensure consistent application and environment security?
It prevents downtime by immediately detecting and differentiating between malicious and legitimate requests and mitigating the Web DDoS Tsunamis in real time, effectively blocking the attack from the get-go. In contrast, rate-limit based solutions can’t distinguish between legitimate and malicious traffic, and simply block all traffic to the application once an attack is recognized (if it’s recognized). Radware’s Cloud Web DDoS Protection solution is built to deliver application availability to all legitimate users at all times—even during the most severe attacks.