Next up on the SOAPA video series is Arabella Hallawell, Sr. Director of Product Marketing at Arbor Networks. I first met Arbor Networks back in 2003 when it was a leading provider of network behavior anomaly detection (NBAD) tools and the company has been a steady player in network security ever since. Today, Arbor Networks is a leading provider of products and services for DDoS protection, network security analytics, threat intelligence, etc.
In part 1 of this SOAPA video, Arabella and I discuss:
- The current state of DDoS attacks. With SOAPA, we tend to think about low-and-slow targeted attacks that can be difficult to detect and remediate but the SOAPA vision should also include all types of incursions – even volumetric attacks designed to disrupt business operations. Arabella provides a sobering look at the current state of DDoS attacks and it ain’t pretty. In 2016, the Mirai botnet used IoT devices to create a tsunami of Internet traffic that took down the website of security researcher Brian Krebs and DNS services at Dyn. Arbor is currently tracking a similar botnet called ‘Reaper” that may eventually be used as a similar weapon. Arabella also points out that stealthy application-layer DDoS attacks are also on the rise. I find that many organizations don’t understand the subtleties of DDoS attacks and remain vulnerable. Arbor Networks understands this risk as well as anyone.
- DDoS protection within SOAPA. In the past, DDoS protection was usually owned by the network operations but this is starting to change. Arabella tells me that some organizations are starting to consolidate anti-DDoS efforts with the security operations team who are then tasked with preventing, detecting, and responding to all types of attacks. This makes sense to me, especially since DDoS is often used as part of a more comprehensive cyber-attack campaign.
- Network security analytics use cases. I remind Arabella that it wasn’t too long ago when some security pros confused network security analytics with SIEM. More recently, enterprise organizations figured things out and tend to use both types of tools and often integrate the two into SOAPA. Arabella talks about the differences between network security analytics and SIEM and explains how Arbor customers take advantage of “wire data” for real-time analytics and retrospective investigations.
My observations of the market certainly parallel Arabella’s. Organizations use SIEM to anchor security operations processes while network security analytics are critical for investigations. The two technologies complement each other, providing part of the rationale for integration and SOAPA.
Look for more words of wisdom from Arabella and Arbor in Part 2 of our SOAPA video soon.