Data Center Application Layer Attacks

There have been a number of articles written on data center outages and their business costs of lost productivity, infrastructure damage, loss of brand reputation and goodwill in the marketplace, and litigation costs. Data center outages can occur from a number of factors such as such as component quality issues, power supply disturbances, or human error. Even turning systems off for routine maintenance could lead to a potentially costly incident to the business. However a multiyear Ponemon study, “Cost of Data Center Outages” found that the fastest growing cause of data center outages was cybercrime.

The negative impact from cybercrime is not only the data theft, regulatory fines, or litigation costs but also the downtime of critical systems. Businesses rely on their data center availability to drive employee productivity, engage with their customers, and generate revenue. The Cisco 2017 Security Capabilities Benchmark Study found that outages due to security breaches often have a lasting impact. According to the benchmark study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Forty-one percent of these outages affected between 11 percent and 30 percent of systems.

Attackers can leverage a number of techniques to attack the data center; from sophisticated malware to a rise in DDoS (distributed denial of service) attacks targeting the application layer. In those application layer DDoS attacks, web servers, application servers, or online services are targeted and flooded with just enough traffic to knock them offline. They target applications in a way that they appear to be actual requests from users. Since they can be smaller than traditional volumetric DDoS attacks they may go unnoticed by security solutions until it is too late.

To protect against application-layer DDoS attacks, Cisco integrated comprehensive, behavioral DDoS mitigation from Radware into its Firepower 4100 Series and 9300 next generation firewall (NGFW) appliances. Radware’s Virtual DefensePro capabilities add application layer DDoS protection to Firepower’s tightly integrated, multi-layered threat protection including application firewalling, next generation intrusion prevention (NGIPS), and advanced malware protection (AMP). Context and intelligence is shared among security functions to accelerate threat detection and response and maximize your security investment.

Integrating Radware DDoS to Firepower NGFW protects data center resources to better function in a DDoS attack and prevent sensitive information from being compromised. Firepower NGFW resiliency is improved in a DDoS attack, allowing it to better distinguish between legitimate and illegitimate traffic. Firewalls by design track stateful connections and may become easily overwhelmed by DDoS attack traffic. Many attackers target the firewall directly in DDoS attacks, trying to cripple it to leave the network unprotected so this layer of resiliency can be important.

Source:Cisco