Home » Technology » Security Transformation » On demand security in an on-demand world
Security threats to a network are not easy to predict and can fluctuate massively. For this reason, security that can be ramped up as and when it is needed is becoming more popular.
Twenty-four hours, 365 days a year: a lot can happen, but rarely all the time. Take as an example, a DDOS (distributed denial of service attack.) Such an attack on a network might occur, however, it might not. If it does happen, predicting when can be impossible. Traditionally, the solution was to provide a security system that is always there, waiting for the attack. But that requires a lot of processing power. The technology to provide this ‘always on’ security can impose a massive footprint on a server, for example, affecting its performance.
The solution partially lies with the cloud and being able to ramp up the necessary technology to fight off a DDOS attack when and only when an attack occurs.
For a majority of the time, when things are normal, it may be that you just need the technology to monitor activity, to be able to identify when a DDOS attack is occurring and then react by making use of the cloud.
This is the essence of on demand security, you use it when the demand is there.
On demand security has two key elements to it. Firstly, there is single network management protocol – SNMP. This is a protocol for first collecting and then managing the various components – or nodes – that make up a network. SNMP software tools can monitor a network and identify if incoming requests for information are greater than normal. The usual procedure is to assign a percentage level of utilisation of the link capacity – often 70 per cent. Once this threshold is exceeded, the protection service diverts incoming traffic to a cloud scrubbing service.
By diverting the traffic in this way, in-house servers are freed of the responsibility of dealing with the DDOS attack, and the main cost, both financial and on processing capability, of dealing with such an attack is largely incurred when the attack occurs.
The burden of ‘always on’ network security is thus reduced.
Such an approach is not without weaknesses. For one thing, it can miss certain attacks, such as those of low threshold and short duration, altogether.
Scrubbing is not always effective in dealing with multi-layer attacks.
The reaction to an attack is not usually instantaneous, and thus, far from ideal.
The solution may lie with a combination of DDOS protection software which can be paired with cloud scrubbing, sharing the burden, and assigning certain tasks to the cloud scrubbing centre where and when appropriate.