With DDoS attacks growing in scale and complexity, A10 Networks is betting big on its recently launched solution that helps organizations mitigate DDoS attacks. In an interview with Express Computer, Sanjai Gangadharan, Regional Director, SAARC, A10 Networks, shares why his firm is betting big on the potential of the Indian market
Some edited excerpts:
What makes it difficult for organizations to stop DDoS attacks? What are some of the sectors that are heavily impacted by DDoS attacks?
DDoS attacks are constantly growing in frequency and size. India is 4th on the list of countries with the most number of DDoS attacks. The results of our recently conducted industry survey with IDG Connect indicated that on average, a company suffers 15 DDoS attacks per year, with each causing at least 17 hours of effective downtime, including slowdowns, denied customer access or crashes.
Traditionally, DDoS attacks used a single attack type, or vector. Multi-vector DDoS attacks use multiple vectors to disable a network or servers. They are characterized by highly adaptive and coordinated volumetric attacks to saturate bandwidth, network infrastructure attacks to overwhelm devices, and Application layer attacks to drain CPU resources. Thus, multi-vector DDoS simultaneously attacks the Network, Bandwidth and Application Layers with the single objective of finding the weakest link to take down online services and devastate its target organization. In fact 3 out of every 4 DDoS attacks are now multi-Vector and most victims are attacked multiple times.
Most enterprises have existing DDoS security solutions that are unable to handle the attacks volume and or lack the granularity of control to manage the complexity of multi-vector DDoS attacks effectively and affordably. And because of the inability to adapt quickly to new attack vectors, some organizations respond to the rapid CPU depletion and poor scalability by adding more resources or rack units, which end up being costlier.
What strategies must organizations adopt to prevent DDoS attacks?
The best protection against multi-vector attacks is hybrid protection which is on-premised with a cloud bursting option. Recently A10 announced a solution that provides up to 300 Gbps of throughput – the fastest appliance in the market – to combat soaring DDoS attacks so companies can block multi-vector DDoS attacks to stop disruption, detecting and mitigating them at the network edge, and functioning as a first line of defense for the network infrastructure.
This new family of high performance solutions to fight the DDoS war is built upon A10 Networks’ Advance Core Operating System (ACOS) platform. This ensures flexibility, scalability and integration with different architectures helping customers to efficiently track and mitigate attacks. We also introduced a new support offering backed by the A10 DDoS Security Incident Response Team (DSIRT). This 24x7x365 support includes access to a dedicated team of DDoS mitigation experts specializing in DDoS prevention, offering immediate assistance to assist in mitigating attacks. It also comes with a subscription to the A10 Threat Intelligence Service for customers with a valid support contract, leveraging collective intelligence to block known bad actors.
This kind of support service and shared intelligence is crucial in the fight against DDoS attacks. Many organizations do have DDoS mitigation in place. However, if they are attacked, the best thing they can do is report it and share the information with their ISP and other providers so they can work upstream to remediate the attack. Sharing information helps others combat future attacks. Malicious actors commonly collaborate and share intelligence with each other.
To fight back it makes sense for us to do the same. In reality, this information-sharing and industry collaboration is not happening enough due to the perceived damage to brand reputation that comes along with DDoS attach disclosure. Lastly, what isn’t being discussed and addressed enough is the need to tackle security as a human problem, not just a technology one. Better cognizance is key among individuals. For businesses, it’s often a matter of looking beyond technology alone and acknowledging corporate culture as a major factor — is a company proactive and diligent in setting corporate policies, training employees on best practices, and establishing accountability? Or are they reactive and hoping they can skate by unscathed? Unfortunately, the latter mindset occurs much too often. We don’t have to learn the hard way. Security does not have to be that difficult.
How unique is India, when compared to other global markets? How do you see India as a market for your products?
India plays a big role in A10’s global business. The key consumers in India are the telecom, information technology services, financial sector and the government. Aimed at establishing good sales and support networks across this region, A10 is investing in training and enabling our partners across the country. We are growing and are adding resources as and when required by the business.
Though we have evolved to a cloud native Application Delivery Controller company, our main focus is on security. A recent report states that India is the second largest Internet market and by 2017 India will also become the second largest market of smartphone users.
These are all developments that have paved way for India to come 4th in the global cyber threat target list. So we see a huge potential in this region.