New tools take on denial-of-service attacks
Products provide early warnings but don't stop attacks, say users
April 13, 2001 12:00 PM ETComputerworld -
Concerns about denial-of-service attacks are resulting in a growing number of products and services aimed at helping companies detect, trace and block the threat. But most of the technologies do little to prevent such attacks, users said.
Denial-of-service attacks make computer systems inaccessible by overloading servers or networks with useless traffic so legitimate users can no longer gain access to those resources.
Last week, Cambridge, Mass.-based start-up Mazu Networks Inc. became the latest vendor to announce services based on intelligent traffic analysis and filtering technology, which it claimed will help companies better handle such attacks.
Mazu joins others companies that have announced services in this space over the past few months, such as Waltham, Mass.-based Arbor Networks Inc., North Brunswick, N.J.-based Niksun Inc. and Seattle-based Asta Networks Inc.
While each vendor claims varying capabilities, the focus is on tackling denial-of-service attacks not just at corporate Web sites, but also with Internet service providers before denial-of-service traffic hits corporate Web servers, users said.
Such capabilities are crucial for companies at a time "when denial-of-service attacks are becoming more pernicious and are happening with increasing frequency," said Laura DiDio, an analyst at Giga Information Group Inc. in Cambridge, Mass.
But while these products may be technically good point solutions, the question that corporations need to ask is whether the tools will scale enough to meet the requirements of the largest organizations, DiDio said.
Such products give administrators early notice of a developing attack and then provide the ability to trace an attack back to its origins, filtering out the offensive traffic faster than current manual processes can, she said.
For instance, Mazu's monitoring devices are distributed at multiple network points and constantly analyze traffic, looking for network behavior that indicates the onset of a denial-of-service attack, such as a sudden, unexplained surge in traffic. Information gathered from all the devices provides a broad picture of network traffic patterns that Mazu claims will help users detect an attack, identify its source and stop it as near its origin as possible.
Arbor Networks collects similar information and performs a similar analysis by setting up monitoring points both inside a corporate firewall and on the pipes leading into the corporate network from its Internet service provider.
Niksun adds a layer by offering an archival capability that allows customers to do forensics analysis on an attack, said Niksun President Parag Pruthi.
The idea behind such approaches is that when a "particular traffic pattern or hostile algorithm is detected, we are notified so we can make adecision whether to shut down our server or not," said Alex Golin, a vice president at Hamilton Scientific Ltd., an application service provider for health care providers in Roseland, N.J., that's planning to use Niksun's technology on its networks.
Related stories:
- No easy defense vs. denial-of-service attacks, Feb. 12, 2001
- Stopping attacks at their source, Oct. 2, 2000
- Honor thy customers' cards, April 10, 2000
Security
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
