I may be naive and uninformed (I’m not a network security analyst), but it occurs to me that the DDoS vendors need better modeling to distinguish good and bad traffic. It appears that they are rule based and can’t fend off DDoS attacks they haven’t seen or thought about already and therefore programmed a solution for.
The most appropriate technique here would appear to be to model good network and application access behavior so that aberrational behavior can be more easily spotted, rather than wait for identified ‘bad behavior’ to show up – especially when much of what we are seeing has not yet been identified.
The banks and the DDoS vendors should sharpen their tools so that they can more readily distinguish good from bad access behavior. I realize this is much easier said than done and the potential for false positives and for keeping good customers out is very high. Still some great modelers and analytical folks should be able to get the job done. Some banks are very good at behavioral modeling and surely have the expertise to make some of this happen.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.