What you didn't know about DDoS attacks (Tom Bienkowski )

 Even before the current pandemic, the types and velocity of distributed denial of service (DDoS) attacks were on the rise!

And with the architectural changes brought about by COVID-19—such as greater reliance on VPN gateways as more employees work from home—organizations are at increased risk of disruption. In fact, according to NETSCOUT most recent Threat Intelligence Report, we have seen a 15 percent increase in DDoS attacks in 2020 compared to the same period in 2019—and a 25 percent increase over the height of the pandemic lockdown. At present, we are on track to experience more than 9 million attacks this year.

As organizations consider the steps needed to mitigate the risk from DDoS attacks and maintain resilience and availability, they should keep the following five areas in mind: Be mindful of stateful attacks. When most people think about DDoS attacks, they think first of volumetric attacks. But state-exhaustion DDoS attacks that block stateful devices such as firewalls, load balancers, and VPN concentrators from serving incoming connections from legitimate clients can also negatively impact vital applications, services, infrastructure, and data. This problem is particularly acute now, when we are increasingly reliant on remote connections through VPN concentrators. To protect against state-exhaustion attacks, it is important to design network infrastructure, including applications and service delivery stacks, to minimize state wherever possible. There is a common misconception that firewalls are sufficient to protect against DDoS attacks. This is simply not true, as they are vulnerable to state-exhaustion attacks. This is why best practices (including from firewall vendors) recommend that companies deploy stateless DDoS protection in front of firewalls to protect them from state-exhaustion DDoS attacks. Cloud-based protection is not enough. The most common form of DDoS attack protection is a cloud-based mitigation service, often from ISPs or independent providers. And while such services are indeed vital to stop large, volumetric DDoS attacks that outstrip the volume of internet circuits, that is only one part of a comprehensive protection strategy. For state-exhaustion and application-layer attacks, which are just as common, the industry best practice is a stateless, on-premises solution that can automatically detect and stop such attacks. Be aware of shifting tactics. Many savvy DDoS attackers use attack performance management tools to monitor the effectiveness of their attack in real time. These tools help determine whether defenses are deployed when attack vectors are altered. This can lead to the launch of multivector attacks, which are far more challenging to mitigate without the right solution in place. Size doesn’t always matter. The vast majority of DDoS attacks today are not massive in scale, but rather are smaller-sized and short-lived. It’s important to keep in mind that a DDoS attack does not need to be big and last a long time to have a negative impact. In fact, the overwhelming majority of DDoS attacks last one hour or less, and nearly a quarter of them last less than five minutes. This means organizations need DDoS attack protection that can instantaneously detect and mitigate attacks before the damage is done. Consider a hybrid approach to DDoS protection. At NETSCOUT, we recommend a hybrid approach to DDoS protection. The cloud-based model, which relies on a service provider to deliver DDoS mitigation services against volumetric DDoS attacks, can be highly effective. However, to adequately protect the dynamic nature of most organizations from smaller application-layer DDoS attacks, we recommend augmenting with on-premises DDoS protection. This allows organizations to rapidly deploy customized DDoS protection as new applications or services are rolled out. The fact is, DDoS attacks can be mitigated—if you are prepared! A key part of that preparation lies in a regular reassessment of your DDoS attack protection strategy. After all, today’s DDoS attacks are ever-changing, and traditional methods of protection may not be enough. Organizations should keep up with the latest trends in DDoS attacks, know what the current best practices are for defense, and test those defenses on a regular basis.

Author - Tom Bienkowski - NETSCOUT Product Marketing Director . Tom Bienkowski has been involved in the network and security field for more than 20 years. During his tenure in the industry, he has worked for large enterprises as a network engineer as well as for multiple network management and security vendors in sales engineering/management, technical field marketing, and product management roles. In his current role as director of product marketing at NETSCOUT, he focuses on NETSCOUT’s industry-leading DDoS protection solutions.

Sentient Stuff (Paul Smith)

 

Those of us who have worked in the data storage industry often wonder how our computers match up to the processor we carry around in our own heads. Comparisons are difficult to come by – we can estimate the average number of neurons in a human brain (~ 86 billion), but they are quite different from the “bits” that comprise computer memory. If they functioned in the same binary way, we would have the storage equivalent of a typical flash drive, and we’d have to start deleting less important memories by the time we reached sixth grade.

Each neuron shares information with about 1000 others, putting the total number of connections at around a trillion. We also know that neurons cooperate with one another in storing memories, resulting in an overall estimated capacity of several Petabytes. This amount of computer memory would store about 3 million hours of video. If you think of your life as one big reality TV show, that’s about 300 years’ worth of narcissistic binge watching.

The size of an individual human memory is difficult to estimate; our more detailed memories probably take up the most room. As we grow and learn, some memories are discarded to clear up space, while others are just too good to let slip away. A great deal of information we consume is just not worth remembering in the first place. Computers and brains have much in common.

The more interesting comparison which has intrigued great thinkers for centuries involves consciousness. How sentient can a non-human entity be? We like to think that a computer doesn’t have feelings and can only mimic them. But is it aware of itself and if so, how does it feel about that? If you tell a new computer that it will never amount to much because its memory is too small or its processor is too slow, will it eventually need counseling?

The presence of consciousness is more than just idle conjecture. Neuroscientist Alysson Muotri of UCSD maintains Petri dishes in his lab where hundreds of tiny sesame seed-sized brains float around. Known as brain organoids, they have been connected to walking robots, used as models for advanced AI systems, and lately employed in the testing of SARS-CoV-2 drugs. None of this seems too alarming - except perhaps for the walking robots.

The point where things get a bit disconcerting is documented in the Muotri Group’s August 2019 Cell Stem Cell article. In this research, the little organoids began to generate coordinated waves of activity much like that seen in a conscious brain. Anticipating the philosophical and moral questions that would surely arise, Dr. Muotri shut down the experiment after a few months. In the meantime, other researchers were having their own epiphanies.

Developmental Biologist Madeline Lancaster knows that, like a computer, a brain without input and output isn’t worth much. Her research team tried growing brain organoids next to the spinal column of a mouse. Once a connection was established, the muscles began to contract. Harvard Molecular Biologist Paola Arlotta was able to induce light sensitivity in some brain organoids. He then observed that their neurons started firing when illuminated. These discoveries and others like them have produced some attention-grabbing research papers – and put many ethicists and theologians on notice – but where do we go from here?

There are some uniquely human conditions (e.g. autism) that cannot be studied in animal models. Effective research on these could benefit greatly from “consciousness in a jar”. In a culture that still debates the dangers of genetically modified tomatoes, this is a heavy lift. Both for the research itself, and for the ethical guidelines that must be developed, a standard way to define and measure consciousness is required. So far this has proven elusive.

Peter Singer, a philosopher and advocate for living things, famously noted that a particularly brilliant chicken might surpass some humans in certain capacities. A quick stroll through the meat department should convince you that this isn’t a very good metric.

Computers and brains have some similarities, but comparisons are sketchy at best. Our silicon tools start with simple, Boolean logic gates and build on those to produce striking complexity. Similarly, brain organoids grown in the laboratory start out as simple multi-cellular structures which can be coaxed into some very human-like behaviors. Whether or not consciousness is one of those remains to be seen, but how will we ever know if that collection of organoids in a jar is sentient?

Someday we may be able to just ask it.

Author Profile - Paul W. Smith - leader, educator, technologist, writer - has a lifelong interest in the countless ways that technology changes the course of our journey through life. In addition to being a regular contributor to NetworkDataPedia, he maintains the website Technology for the Journey and occasionally writes for Blogcritics. Paul has over 40 years of experience in research and advanced development for companies ranging from small startups to industry leaders. His other passion is teaching - he is a former Adjunct Professor of Mechanical Engineering at the Colorado School of Mines. Paul holds a doctorate in Applied Mechanics from the California Institute of Technology, as well as Bachelor’s and Master’s Degrees in Mechanical Engineering from the University of California, Santa Barbara.

Cloud Migration Challenges: 5 Ways to Avoid Migration Failure

 Cloud Migration Challenges: 

5 Ways to Avoid Migration Failure

What are Cloud Migration Challenges?

The use of cloud computing in enterprise applications continues to grow. Enterprises are adopting a multi-cloud strategy to place more workloads on the public cloud, reduce costs, increase agility, and increase flexibility.

However, not all cloud deployments offer these benefits. Many organizations face failed cloud migration projects, because simply migrating applications to the cloud does not guarantee benefits over on-premises deployment. In many cases organizations have repatriated workloads back to their on-premise data center. This article covers key challenges that plague cloud migration projects and relevant solutions.

In this article, you will learn:

Cloud Migration Failures: The Strategic Aspect

Cloud Migration Challenges and How to Overcome Them

1. Lack of a Defined Strategy and Business Objectives

2. Security & Privacy

3. Managing Costs

4. Cloud Vendor Lock-In

5. Training Employees on your Cloud Solutions

Cloud Migration Failures: The Strategic Aspect

A study published by Unisys found that a third of cloud migrations failed because companies did not make the cloud a key part of their business strategy. The report is based on a survey of 1,000 senior IT and business leaders in 13 countries.

According to the report, 37% of cloud migration projects in the US fail. Benefits of cloud migration were dramatically different depending on an organization’s strategic focus:

• 77% of respondents who used the cloud as part of their core strategy showed at least some improvement as a result of cloud migration

• Only 23% of respondents who used the cloud as a secondary strategy saw some improvement

This proves that cloud migration success is strongly dependent on cloud migration strategy - an organization changing its business strategy to embrace the cloud.

5 Cloud Migration Challenges and How to Overcome Them

1. Lack of a Defined Strategy and Business Objectives

Successful cloud adoption and implementation requires meticulous end-to-end planning. Some data and applications are more difficult to migrate than others, and the business impact and benefits can also be very different for each workload.

To address this challenge, thoroughly analyze your organization's current infrastructure and decide how to migrate in a way that will cause net benefits across the board. Also take into account assets that are already in the cloud, and may require adjustments or reconfigurations now or in the future. Break the migration strategy into several steps to simplify the migration process, make it easier to understand across the organization, and reduce risk.

2. Security & Privacy

Security is a top priority for any company when migrating data to the cloud. The cloud operates based on a shared responsibility model, and this means cloud users also share the burden of security.

The following list of questions can help clarify what security aspects are covered by the cloud vendors and which should be attended to by the cloud consumer:

• Where is the data stored?

• Is the data end-to-end encrypted?

• What are the safety management policies and procedures?

• What regulations and standards do you comply with (e.g. HIPAA, PCI/DSS, ISO27001)

• What are the options for moving data back from the cloud to the on-premises data center?

• What are the security responsibilities of customers running workloads on your infrastructure?

Advanced tools such as Cloud Security Posture Management (CSPM) can help you assess vulnerabilities in complex cloud deployments and automatically remediate them.

3. Managing Costs

Cloud migration is often motivated by cost savings. However, when migrating to the cloud, many organizations do not set clear KPIs to understand what they plan to spend or save. This makes it difficult to understand the success of the transition from an economic point of view. In addition, the cloud environment is dynamic and costs can change rapidly as new services are adopted and applications scale.

To address this challenge, before starting your migration, create a clear business case in writing to understand how much you expect to save or increase from the project. Create economic models that simulate how much you expect to spend on the cloud for an entire application, service, or project, compared to anticipated on-premises costs.

All cloud providers offer cost calculators that can help you plan your budget more accurately. You can define complex configurations and get realistic estimates of your cloud costs. However, even with the best planning, reality might surprise you. So it is essential to constantly monitor costs, look for deviations from the original cost model, investigate, and compensate before they turn into a major issue.

4. Cloud Vendor Lock-In

Even if the initial experience with your cloud provider is positive, later in the project roadmap, you may face unexpected challenges, or you may discover a competing provider offers better features or pricing for your workloads. However, if you are locked into the vendor’s technology or terms of service, you might find it difficult to shift.

The process of migrating data from one cloud to another is a lengthy and costly process, so most businesses stick to the cloud vendor they initially selected.

To address this challenge, compare cloud computing service product providers:

• When planning your implementation strategy, sign a cloud contract that includes your termination plan, and make an internal plan detailing your exit costs

• Integrate applications with cloud infrastructure using industry standards like JSON, REST APIs, and HTTP, to reduce their reliance on the core cloud platform and make future migration easier.

• Maximize data portability by avoiding proprietary formats, and clarify the data model using schema standards.

• Maximize code portability with DevOps tools and processes. In particular, the use of open source Infrastructure as Code (IaC) tools will allow you to preserve configurations and deploy them to other clouds in the future.

• Adopt multicloud friendly technology, which packages workloads in a way that can be deployed consistently to any cloud. A prime example is enterprise Kubernetes.

5. Training Employees on your Cloud Solutions

When introducing a new technology into business operations, it is important to make sure all users and stakeholders are involved. Expect some resistance and different challenges and objections posed by different parts of the organization.

To address this challenge, take the time to familiarize your employees and relevant departments with the proposed cloud solutions. In the long run, you can prevent many problems just by sharing your plans, obtaining feedback and taking it into account in your migration plans.

Conclusion

Cloud migration projects can be tricky. By following the guidelines in this article, we hope you can avoid at least some of the pitfalls that cause projects to fail. Wishing you a successful and fruitful migration to the cloud.

Author Bio: Gilad David Maayan

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

LinkedIn: https://www.linkedin.com/in/giladdavidmaayan/