June 16, 2020

Reaping the Benefits of DDoS Incident Handling Automation

In this day and age where DDoS attacks occur perpetually and abruptly, combining automation and incident handling is becoming a necessity for Communications Service Providers (CSPs) looking to preserve their cyber defences around the clock. Time-to- mitigation is critical for every CSP because, in the hyper-connected world that we now live in, DDoS attacks cause downtime, and downtime inevitably means loss of revenue. 

Given that it can take a lot of time to recover from a DDoS attack, it is essential to have pre-defined incident handling response plans including drill tests in place that are specifically designed to implement the steps needed to mitigate a multitude of cybersecurity incidents. In light of the cumbersome nature of manual incident handling, Nexusguard is introducing a Cloud Diversion App that runs on Nexusguard’s DDoS mitigation platform – developed specifically to facilitate automated route diversion of under attack IP prefixes to scrubbing centres for DDoS attack mitigation.


Automated Detection & Diversion versus a Manual Approach

Through our Cloud Diversion App, available to CSPs via subscription of our Origin Protection (OP) service, the incident detection & diversion process is fully automated. Execution of BGP diversion can be carried out through the Administration Portal whereby a detection threshold is set for each IP address range. Auto diversion is then activated when the traffic exceeds a pre-defined bandwidth over a customizable time period.


cloud diversion app blog 1

blog 2

When the traffic exceeds the pre-defined bandwidth threshold, the BGP route announcement of the /24 IP prefix under attack is advertised to the Internet in order to divert the traffic to our scrubbing centres for cleaning. Given that this entire traffic diversion process is fully automated, the manual switch over time is greatly reduced from typically 15 minutes to 3 minutes in most cases.


On the contrary, under a manual scenario, the CSP is required to manually instruct traffic to be routed to our scrubbing centre. After the scrubbing process, clean traffic is then forwarded back to the CSP network via a pre-built GRE tunnel. Such human intervention would typically incur a mitigation time of 15 minutes though this would be dependent on the level of automation provided at the customer’s infrastructure for traffic diversion.


Automated DDoS mitigation improves attack response time five-fold

The beauty of Nexusguard’s highly autonomous Cloud Diversion App is it has the ability to execute a sequence of tasks in real time without human intervention while streamlining incident handling processes by automating long-winded, manual tasks, and thereby greatly simplifying Security Operation Centre (SOC) operations during DDoS attacks. 


When put to the test, the average time-to-mitigation using Nexusguard’s Cloud Diversion App was five times faster than using a manual process.


For more information, please read about Nexusguard’s Origin Protection.

Get the latest cybersecurity news and expert insights direct to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.