[ISN] Asta Launches DDOS Detection Software

From: InfoSec News (isnat_private)
Date: Tue Jun 26 2001 - 23:57:59 PDT

  • Next message: Kelley Walker: "[ISN] Not So Secure? It's a great time to be a security expert..."

    June 25, 2001
    Asta Networks Inc. last week launched its Vantage System software,
    which the company claims will help users quickly detect and respond to
    distributed denial-of-service (DDOS) attacks.  Such attacks, which are
    considered to be one of the most serious security threats on the
    Internet, basically make Web sites inaccessible to legitimate users by
    overloading servers or networks with useless traffic.
    Asta's Vantage System makes it possible for companies to automatically
    identify the abnormalities in network traffic that signal such
    attacks, claimed Joe Devich, president and CEO of Seattle-based Asta.
    The technology is composed of two primary components: network sensors
    that collect samples of traffic data from key routers, and
    coordinators that aggregate and analyze the data from the sensors.
    Vantage System uses proprietary signature-based and anomaly-based
    algorithms to detect attacks. Signature-based technology looks for
    traffic patterns that match those of previously publicized DDOS
    attacks. Anomaly-based algorithms look for traffic patterns that are
    different from the usual traffic on a network. Automatic alerts then
    notify network administrators of potential attacks.
    Such capabilities are crucial, said Charles Kolodgy, an analyst at IDC
    in Framingham, Mass. There is little that companies can do to prevent
    DDOS attacks from being launched against them. But with early
    detection and the right technologies, it's possible to choke off a lot
    of the disruptive traffic, he said.
    "[Such technology] is designed to give [service providers] and users a
    better handle on the volumes of data going through their networks, so
    that they can try and stop the bad traffic closer to the source,"
    Kolodgy said.
    But a lot depends on the ability of such technologies to scale in
    high-bandwidth service provider networks, said Russ Cooper, an analyst
    at TruSecure Corp., a consultancy in Reston, Va. Also crucial is the
    ability of such technologies to really sift the bad traffic from the
    good traffic. For instance, it's possible to have sudden, sharp spikes
    in traffic for legitimate reasons. If a DDOS alert is raised each time
    something like this happens, users will ultimately not pay attention
    at all, Cooper warned.
    Several other firms have begun offering similar capabilities,
    including Mazu Networks Inc. in Cambridge, Mass., Arbor Networks Inc.
    in Waltham, Mass., and Niksun Inc. in Monmouth Junction, N.J.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 00:00:53 PDT