Distributed Denial of Service (DDoS) attacks are a threat to businesses worldwide and the attacks are getting larger and more sophisticated. The industry’s approach to protecting against DDoS attacks must change, and change fundamentally, to stay ahead of this growing threat.
For too long, the problem has been tackled piecemeal, using isolated devices or services. But protecting against DDoS attacks increasingly requires communication and coordination between many components – from networking equipment, to specialized appliances and cloud-based services.
A shift in security architecture is needed to an open platform where devices and services from different vendors can share and act on information in concert. It must be a hybrid platform, allowing on-premise routers and security appliances to detect and mitigate attacks locally, while automating alerting and switchover to cloud-based services if an attack threatens to swamp the business’ network connection.
Some vendors have tried a hybrid approach, but with proprietary protocols. Yet businesses usually have diverse infrastructures – especially in matters of security – and often seek best-of-breed technologies from multiple vendors. Only open protocols can consolidate all the information available to identify and mitigate attacks in today’s complex environments.
We’re excited to help the industry start down the path to open DDoS protection.
Verisign and Juniper Networks have been working collaboratively to create candidate open standards for communication between on-premise DDoS mitigation devices and cloud based DDoS protection services. A standards based approach allows businesses to have a wider range of options to better secure their complex environments without the limitations of vendor lock-in. The companies have published a draft specification through the Internet Engineering Task Force (IETF) to encourage community participation and further development of these proposals toward becoming open standards.
With the Verisign OpenHybrid™ architecture, we are enabling customers to take advantage of this capability, in three phases. First, we have incorporated these protocols into our DDoS Protection Services via an open cloud signaling API. Second, Verisign intends to publish connectors enabling customers to integrate widely used security appliances with Verisign DDoS Protection Services. And third, we plan to deliver connectors that will enable customers running applications in leading public clouds to better protect themselves against DDoS attacks using these open standards.
If you are interested in learning more about Verisign OpenHybrid™, receiving future updates, or participating in open standards development, click here.
You can also register to attend a webinar on January 21, 2015 at 10 a.m. ET titled Considerations for Security Management of Applications Across Multiple Cloud Environments, to hear more about Verisign’s approach to hybrid DDoS protection.