Imperva Cloud Service Takes Strain Of DDoS Attacks

Imperva has launched a cloud-based service designed to help businesses defend against distributed-denial-of-service (DDoS) attacks.

The Imperva Cloud DDoS Protection service will help organisations to defend against various types of DDoS attacks, including network-based attacks, such as SYN or UDP floods, and application attacks that consume server resources, Imperva said. With the cloud-based model, Imperva can deal with DDoS attack traffic and keep it off the organisation’s infrastructure before it even reaches the network, the company said.

Plenty Of Headroom

Imperva guarantees protection for DDoS for attacks up to 4Gbps, even though most organisations tend only to see attacks in the range of 10Mbps to 200Mbps, but attacks from LulzSec and other groups this past year has shown how easy it is for attackers to overwhelm corporate defences, Rob Rachwald, director of security strategy at Imperva, told eWEEK.

The cloud-based managed service can stop multi-gigabit attacks without requiring customers to invest in expensive hardware and bandwidth. There have been a significant increase in the number of DDoS attacks affecting Websites in the past year and the downtime has been costly for organisations according to Rachwald.

“We scratched our heads and said, ‘We gotta do something about this,'” Rachwald said.

Imperva also regularly monitors hacker forums as part of its hacker intelligence initiative for insight into some of the technical aspects of hacking, Rachwild said. Hackers rely on forums to learn new techniques, recruit others learn their hacking expertise and buy tools, according to Rachwald. After analysing one forum with about 250,000 members, Imperva discovered that there was “most chatter” on how to launch DDoS attacks, or about 22 percent of all discussions, Rachwald said.

“DDoS got the gold medal,” Rachwald said. SQL injection was the second most frequently mentioned attack vector, accounting for 19 percent of all discussions.

The cloud service will allow genuine traffic to still access the URL while filtering out malicious traffic, Rachwild said. Since it can scale automatically, the organisation can use the service to handle various types of attacks, not just “run-of-the-mill network bombs”, he said.

All The Dodges

The versatility is important as attackers are also changing tactics. While some DDoS attacks are just about flooding the server with multiple requests and overwhelming the machine, there are recent attacks that have shut down machines by using up all the server resources. The Apache Killer script which illustrated a flaw in the Apache Web server software and RefRef, the rumoured new tool from an expected 17 September Anonymous group campaign, focus on the this new type of attack.

DDoS attacks nowadays generally use “muscular attack machines” and have much heavier bandwidth than previously seen. Attackers are often using botnets consisting of hacked servers rather than compromised PCs to launch attacks, Kasey Cross, senior product marketing manager at Imperva, told eWEEK.

The servers generally have more bandwidth compared to PCs, which may be connected to the Internet via a DSL connection. It is “unbelievably expensive” for businesses to try to defend against attacks by just investing in a bigger bandwidth pipe, Cross said.

In comparison, Imperva can take advantage of its data centres around the world to re-route customer traffic to other locations, Cross said.

Operations Centre Analysis

Imperva’s analysts at its Security Operations Centre will also monitor all the customers and pro-actively fine-tune policies that will reflect new and emerging attack methods and known malicious attackers, Rachwild said. The new tool will also monitor application performance, so the organisation can keep track of the Website even while under attack. Extra features of the product include access control by both country and visitor type, support for HTTPS sites and threat alert email notification.

Imperva currently offers DDoS services through the Web application firewall services sold through Incapsula, an independent subsidiary, Rachwald said. Incapsula will continue offering the service through small businesses, while Imperva will target businesses with bigger traffic requirements, Rachwald said.

Imperva Cloud DDoS Protection “will provide support for larger enterprises”, Cross said. Pricing for Imperva Cloud DDoS Protection will start at $12,000 per year.