New tools address denial-of-service threat

Concerns about denial-of-service attacks are resulting in a growing number of products and services aimed at helping companies detect, trace and block the threat. But most of the technologies do little to prevent such attacks outright, users said.

Denial-of-service attacks basically make computer systems inaccessible by overloading servers or networks with useless traffic so legitimate users can no longer access those resources.

Last week, Cambridge, Mass.-based start-up Mazu Networks Inc. became the latest vendor to announce services based on intelligent traffic analysis and filtering technology, which it claimed will help companies better deal with such attacks.

Mazu joins others, such as Waltham, Mass.-based Arbor Networks Inc., North Brunswick, N.J.-based Niksun Inc. and Seattle-based Asta Networks Inc., all of which have announced services in this space during the past few months.

While each vendor claims to offer varying capabilities, the basic focus is on tackling denial-of-service attacks not just at corporate Web sites but also at the Internet service provider level before denial-of-service traffic actually hits corporate Web servers, users said.

Such capabilities are crucial for companies at a time "when denial-of-service attacks are becoming more pernicious and are happening with increasing frequency," said Laura DiDio, an analyst at Giga Information Group Inc. in Cambridge, Mass.

But while these products may be technically good point solutions, the question that corporations need to ask is whether the products will scale enough to meet the requirements of the largest organizations, DiDio added.

Such products help by giving administrators early notice of a developing attack. They also give administrators the ability to trace an attack back to its origins and filter out the offensive traffic much faster than current manual processes can, said Amer Moujtahed, director of systems engineering at Epoch Networks Inc., a Costa Mesa, Calif.-based Internet service provider.

For instance, Mazu's monitoring devices that are distributed at multiple network points constantly analyze traffic, looking for network behavior that indicates the onset of a denial-of-service attack, such as a sudden unexplained surge in traffic. Information gathered from all of the devices provides a broad picture of network traffic patterns that Mazu claims will help users detect an attack, identify its source and stop it as close to its origin as possible.

Arbor Networks collects comparable information and performs a similar analysis by setting up monitoring points both inside a corporate firewall and on the pipes leading into the corporate network from an Internet service provider.

Niksun adds a layer by offering an archival capability that let customers perform forensic analysis on an attack, said Niksun President Parag Pruthi.

The idea behind such approaches is that when a "particular traffic pattern or hostile algorithm is detected, we are notified so we can make a decision whether to shut down our server or not," said Alex Golin, a vice president at Hamilton Scientific Ltd., a Roseland, N.J.-based application service provider for health care providers that's planning to use Niksun's technology on its networks.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Arbor NetworksAstaEpochGiga Information GroupMazu Networks

Show Comments