I may be naive and uninformed (I’m not a network security analyst), but it occurs to me that the DDoS vendors need better modeling to distinguish good and bad traffic. It appears that they are rule based and can’t fend off DDoS attacks they haven’t seen or thought about already and therefore programmed a solution for.
The most appropriate technique here would appear to be to model good network and application access behavior so that aberrational behavior can be more easily spotted, rather than wait for identified ‘bad behavior’ to show up – especially when much of what we are seeing has not yet been identified.
The banks and the DDoS vendors should sharpen their tools so that they can more readily distinguish good from bad access behavior. I realize this is much easier said than done and the potential for false positives and for keeping good customers out is very high. Still some great modelers and analytical folks should be able to get the job done. Some banks are very good at behavioral modeling and surely have the expertise to make some of this happen.
Category: Uncategorized Tags: