Gartner Blog Network


More on DoS and Shared Security

by Anton Chuvakin  |  May 29, 2012  |  4 Comments

Here is something else interesting about Denial of Service defense approaches: you cannot do it alone.  Think about it: it is more profound than it sounds. You can protect from buffer overflows and SQL injections on your own.  And, yes, occasionally you’d need a patch from a 3rd party (such as your software vendor), but you can usually  block the the impact of an attack using other technologies even if you don’t have a patch yet.

On the other hand, if your network pipe is full, you cannot do anything [on your own] to make it not be full. No matter what you do in your environment, your connectivity is still down, whether inbound or outbound. In fact, this post exists on the nexus of my research into Denial of Service and collective analytics/ data sharing.

So, at the very least your DoS defense responsibility is shared with your Internet Service Provider (ISP). In other cases, it is shared with your cloud provider. Or, it can me shared with a Content Delivery Network (CDN) or other entity. In essence, these are the scenarios of DoS protection sharing:

  • Your organization + your ISP (they can mitigate the attack when a network pipe from you to them is full; in most cases you’d need to detect it first though)
  • Your organization + your cloud provider (do you realize that if you use SaaS to achieve  a particular business function, such function can be denied by a) DoS’ing your network, b) DoS’ing your provider [or: DoS’ing them enough so that they drop you as a customer…] or c)DoS’ing your link to them)
  • Your organization + your CDN (if you accelerate your web presence by using a CDN, they become an inherent part of your DoS defense arsenal)
  • Your organization + specialty anti-DoS provider (and, yes, if your anti-DoS provider is itself DoS’d, you are ..ahem…”denied your anti-DoS service” … ironic,isn’t it?)

Thus, DoS defense requires sharing. As I pointed out, it is likely that we will be sharing more than just bandwidth for doing many security things in the coming years…

Related posts about Denial of Service:

Related posts on shared defenses:

Category: collective  denial-of-service  security  

Tags: data-sharing  denial-of-service  dos  security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on More on DoS and Shared Security


  1. Thank you for providing the details about Denial of Service defense approaches.

  2. Its always important to protect your business. Thanks for this great informative post!

  3. […] More on DoS and Shared Security  […]

  4. […] More on DoS and Shared Security  […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.