Protecting Cloud Infrastructure from DDoS Attacks

One of the biggest benefits of cloud infrastructure is its (theoretically) infinite scalability. Cloud applications can scale automatically to cope with increased demand, dynamically allocating additional bandwidth and resources as and when required.

And at the most basic level, this elasticity should help to manage enormous surges in network traffic – but you still need to be prepared for distributed denial of service (DDoS) attacks. Particularly as DDoS attacks continue to increase in frequency – up 109% over the last year.

What’s the problem with DDoS in the cloud?

There are two major problems. First, cloud resources are not truly infinitely scalable – there are concrete limits imposed by the hardware installed in the cloud provider’s regional data centres. This is particularly true of network connectivity – there is a finite amount of bandwidth available that needs to be shared among all tenants. Which means that a DDoS attack could still cripple your applications and services by overloading your external connections.

Second, infinite scalability is not cheap. Cloud services use a resource billing model which ensures you are charged for every MB of data transferred and CPU cycle used – and cloud providers make no distinction between legitimate and illegitimate traffic. Given that data transfer is one of the largest components of your cloud costs, it makes no sense to pay for unwanted activity caused by a DDoS attack.

Which is why FastNetMon is a valuable addition to your cloud network toolkit.

Are you experiencing a DDoS attack?

Amazon AWS and Google Cloud do not supply native DDoS attack detection at the tenant level, nor do they typically monitor tenant traffic to detect malicious activity (they do monitor and block attacks aimed at their underlying infrastructure). Under the shared responsibility model your business is responsible for implementing its own DDoS defences, particularly inside your virtual network.

As always, speed of detection has a direct effect on how quickly you can mitigate an attack. Which is why FastNetMon has been designed for native integration with services from two of the most popular platforms – Google Cloud and AWS.

How does FastNetMon work in the cloud?

There is one distinct advantage to on-premise network management – you have direct access to incoming and outgoing traffic. FastNetMon takes a slightly different approach in a cloud deployment.

The system is configured in such a way that monitoring is performed using the VPC flow logs generated by the platform. These logs are imported in real time into a cloud-based database (Amazon Lambda or Google Cloud Datastore as appropriate) for rapid analysis. FastNetMon then uses its advanced detection algorithms to quickly spot and mitigate suspicious activity.

Can FastNetMon in the cloud do anything else?

Piping VPC flow logs into a database allows for granular analysis in real-time and as part of your general network monitoring activities. In addition to malicious activity you can also assess legitimate traffic and how it impacts cloud infrastructure. These insights can be applied to improving architecture design and performance, shifting assets and elements from cloud to content distribution network (CDN) for instance.

Indeed, a deeper understanding of usage will enable your architects to make smarter design choices that reduce operating costs for legitimate activity too.

What next?

Any internet connected system is at risk of being involved in a DDoS attack – including those hosted in the cloud. By unifying their exceptional attack detection software with native cloud tools, AWS and Google Cloud users can ensure they are fully protected against cyberattacks. And with one-click install options, your business could enhance DDoS protection within a matter of minutes.

To learn more about FastNetMon and how your business can better protect itself, please get in touch to arrange a short, no-obligation trial.

24/7 Tech Support

Email Us