Most companies are overwhelmed by hackers and why a James Bond approach works.
Shaku Selvakumar 060001XT47 firstname.lastname@example.org | | Tags:  xe82 waxpn security publiccloud waxhn ibmimpact ddos_attack saas bizagility websphere_datapower_edge_... mission_critical_traffic
0 Comments | 2,888 Visits
Part 2 of the Practical Innovation series contributed by Hessel Pijpker, WebSphere Business Integration Tiger Team and the WebSphere Netherlands team
Fight DDoS attacks with a ‘James-Bond’ –approach
The name Anonymous appeals to the imagination. Not only does one of the best known hacker groups carry this name, but the epithet also evokes associations of an anonymous guerilla battle and of elusive crime. That is why the name anonymous would not be out of place in the list of movie criminals like Jaws and Goldfinger in the James Bond series. But the protagonist of these two ‘elusive’ bad guys is also the remedy for the hacker issues of 2011. More specifically, an international, anonymous guerilla attack can only be fought by an international ‘MI6-approach’ with local secret agents who eliminate the dangerous cells. The current emergency measures that companies deploy are only pretext and gives hackers the opportunity to strike any given moment. It is time for James Bond to save the day.
DDos emergency measurements come a day after the fair
Breaking into a site is outdated. Nowadays, a real hacker makes sure that the websites are not accessible any more. Because with the so called ‘distributed denial of service’ attacks- used for either idealistic or opportunistic reasons – a hacker can really damage a company. The idea is simple: the hacker becomes a stalker and sends thousands of packages. By doing so, he can effectively shut down the target for a certain amount of time.
So far nothing new, you would think, as much has been written and said about DDoS attacks already. Therefore, it is even more striking that especially the small companies are so surprised by such attacks. These companies are forced to use emergency measurements, like adding extra bandwidth or asking the internet provider to minimize the effect of the attack. Such measurements not only come a day after the fair, they are also time-consuming, expensive and not effective. With economic damages running into billions and reputation damage as a result.
The James Bond-strategy: beat hackers with their own strategy
Beating DDoS attacks is not simple. The problem lies in the fact that the packages are not sent from one location, but from thousands of different infected computers that are also spread all over the world. This makes it very complicated to resist the attack and to trace the hackers.
Companies do not realize that traditional system protection cannot deal with the distributed character of these attacks. The attacks are performed by thousands of local ‘cells’ that are difficult to eliminate from one central point. To successfully eliminate these refined and almost elusive cells, you have to use the same strategy as the hackers: mobilize thousands of local ‘James-Bond’ agents who can timely eliminate thousands of criminal cells. To achieve this, you should start with creating an architectonic strong network in which these agents can operate. Such a network immediately sees where the attacks are performed, and can subsequently strike back with a flexible and adequate counterattack. No, don’t be shocked: this kind of system does not exist out of physical persons who globally work together. The ‘virtual’ Akamai network (you could say the MI6 against hackers) is designed in such a way that the DDoS-attacks are already eliminated by local ‘agents’, instantly capturing the high amount of service requests. This enables fast en reliable services to end users at all times. This way, systems will not be attacked anymore by the numerous ‘request’ packages: the MI6 network absorbs the request packages or deflects them. The Akamai network of thousands of servers in more than 1000 data centers is a MI6 system that offers the capacity to locally absorb such attacks. Also Q has a part: encoded identification mechanisms and communication methods between headquarter and the secret agents ensure a perfect security.
In the year 2011 a company cannot afford to be lured into a ‘DDoS’- attack. This reflects the same naivety as people who click on malware, because they believe they have won the lottery. Do not fight the DDoS attacks any longer with emergency measurements but invest in a MI6-system that tackles the problem by its roots.
Want more information?
The WebSphere Application Acceleration products offer best-in-class Internet application delivery technologies with best-in-class enterprise infrastructure appliances from IBM. These solutions provide end-to-end optimization, acceleration, security and management from the enterprise through the Internet to the end-user and back.
IBM offers a full set of application acceleration solutions that help you simplify your environment, while delivering applications fast and securely to end-users around the globe so that you can focus on building the applications that add value to your business.
Application optimization - Improve performance and scalability of web-based applications with optimized mission critical traffic http://www-01.ibm.com/software/websphere/products/application-infrastructure/application-optimization/
WebSphere Application Accelerator for Public Networks - An Akamai and IBM Collaborative solution providing performance and security http://www-01.ibm.com/software/webservers/application-accelerator-for-public-networks/
WebSphere DataPower Edge Appliance XE82 - Integrates edge-of-network, traffic gateway functions, including multiple authentication and authorization mechanisms http://www-01.ibm.com/software/webservers/appserv/xe82/
Want to learn more? Attend Impact 2012, the premier conference for IT and Business Leaders. Meet and network with experts, IT and business leaders. Register here
Follow @ibmimpact #ibmimpact and join the Impact Conversations