We would like to introduce you to our head of the L7 defense area – Dima Nikonov. We asked him to talk about the difficulties he had to face lately and what has changed in the work and priorities of the company.
DDoS-Guard +55 114 673-34-74101 Rose Street South Lane, Edinburgh,
Scotland, UK, EH2 3JG
– How much did the events of the last month shock you?
– This question can be considered in several planes. In the first days after the events began, a state of shock and misunderstanding hung in the air. In addition, our country was flooded with an unprecedented wave of DDoS attacks. It is quite difficult to predict such a scenario, so we literally had to change on the go, introduce new processes and concentrate on emerging tasks. We have focused well on the things we do best, which is to protect against DDoS attacks.
What changes have taken place during this period?
– The fingers of two hands are not enough to describe all the changes, but I will try to talk about the main ones. Probably the main thing is the approach to filtering and processing traffic. We had to make significant changes to our system. This allowed us to better recognize our live users and put up additional barriers for intruders. During the massive attacks, we learned a lot, which allowed us to implement new filtering algorithms on the go. We also monitor our infrastructure perimeter as the number of vulnerabilities grows every day. You need to keep your finger on the pulse and prevent attackers from taking advantage of them. Also changed the interaction with customers. Now the connection of our services has become many times faster, since in some cases clients came right during the attack.
– How much has the load on developers increased?
– The workload has increased significantly, but we are closely monitoring incoming requests and trying to resolve them in a timely manner. At the moment, all priorities are set, but none of us excludes the “force majeure” factor.
– What technical aspects had to be rebuilt in order to effectively reflect a large stream of attacks?
– At a minimum, we have stepped up the watch and are closely monitoring traffic changes. Sometimes there are cases when the tools that we use are not enough, and we have to involve developers in solving certain kinds of tasks. Each time we train our system more and improve the countermeasure algorithms. We are also working on monitoring and analysis. This allows you to better study anomalous activities and see which business areas suffer the most.
– Are there any features of the current DDoS attacks?
– Of the obvious ones – the attacks have become more intense, prolonged and intelligent. This can also be said about the nature of attacks: the application layer is increasingly becoming the target, and such attacks are initiated by quite people through websites (with the same HTTP referrers). Such activity increases the load on the infrastructure. For example, attacks on CDN services have become popular. The attackers began to break the content delivery networks and change the information reaching the user. Site owners did not even suspect that their resources were loading something wrong. Also, do not forget about the popular types of “flood”, Backdoor, Deface, etc.
– What is planned in the near future to scale services?
– At the moment we plan to keep the same pace until we see a decline in attacks. Now we are at the stage of implementing our own captcha. This is a rather time-consuming project and requires a lot of resources for its implementation. Also, no one canceled our global plans, which include improving the CDN system and preparing our second version of Bot Mitigation. We continue to improve interfaces and introduce new functionality for existing customers.