Get a free application, infrastructure and malware scan report - Scan Your Website Now

Managed WAF

Introducing Fully Managed Behavioural Application DDOS Protection Solution.

Posted DateAugust 6, 2021
Posted Time 3   min Read

Blog Series 1 out of 2.

Application DDOS are sophisticated attacks and very hard to mitigate. Unlike network layer attacks, where most attacks are manipulation of protocol which could be identified based on method employed, in case of application DDOS the most prominent type of attack is volumetric attacks which have no real patterns to identify. These are legitimate requests sent at high volume to the application, clogging up resources which otherwise would have been used by other users and making the application inaccessible to regular users.

The most common technique employed to detect Application DDOS is rate limiting where limits are set on number of requests a user can make. The two basic and only fundamentals of protecting against such kind of volumetric DDOS attacks are:

  1. Ability to observe the volume of requests, as initial defence against volumetric app DDOS is to scale and observe requests sent to the application without running out of resources
  2. Identify unwanted requests and drop them quickly. These detections are done by identifying unusual spikes and blocking them

To accomplish both, the best possible solution is a cloud WAF like AppTrana which has DDOS protection capacity. A well designed cloud WAF will be able to auto scale very quickly to ensure it is able to absorb unusual spikes in request. AppTrana leverages highly scalable infrastructure known to block large attacks up to 2.3 Tbps and 700K requests per second to provide protection against the largest attack possible.

The next challenge is to detect unwanted requests and drop them. If WAF does an effective job of this, the backend will be protected from request spikes and its resources will be free to serve legitimate requests.

Get URI-Based DDoS Protection for your Applications

Unfortunately static rate limits do not work and most attacks go under the radar. To understand the problem with static rate limiting rules, one needs to understand how these rate limits work.

  • Rate limits can be configured only on certain identity. i.e. It can be configured to not allow more than x requests in a time period from 1 IP/user etc. but it cannot be configured to only forward y requests to an application in that time period since that would lead to legitimate users being blocked

The problem with such static rate limiting rules is that it does not take into account natural variance of a site. For example one of our sites has spikes during end of a month when a lot of data is uploaded & read by users; generally the increase in number of requests from single user during month end is in the range of 3-4 times more than normal traffic. Now if static rate limits need to be configured for this case, month end spikes have to be taken into account, which then means that during normal days, even a spike of 4 times would go undetected and requests would be passed on to origin, leading to heavy load on origin. It is to address these problems that AppTrana has introduced its Behavioural Application DDOS Protection Solution.

AppTranas Behavioural Application DDOS Protection solution takes advantage of its ability to process huge volume of requests in seconds and provides policies that are configured based on behaviour of the application requests instead of hard limits.

With AppTrana

  • Behavioural DDOS can be configured to be triggered if behaviour of requests to application changes, which means any normal variance in request is accounted for and alerts are triggered only when there is an abnormality
  • By default, three policies that monitors traffic on host, IP and session level are configured
  • When an application is onboarded, these policies are configured with generic values that works for most applications
  • Within a few days of onboarding the application, based on behaviour observed, appropriate values are derived which provides optimal protection
  • Customers can configure additional policies based on their need. Policies can be configured to take various actions when triggered including blocking the requests outright.

Read Blog Series 2 out of 2

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

Best Application Security Service Provider

Vivek Gopalan

Vivekanand Gopalan is a seasoned entrepreneur and currently serves as the Vice President of Products at Indusface. With over 12 years of experience in designing and developing technology products, he has a keen eye for building innovative solutions that solve real-life problems. In his previous role as a Product Manager at Druva, Vivek was instrumental in creating the core endpoint data protection solution which helped over 1500 enterprises protect over a million endpoints. Prior to that, he served as a Product Manager at Zighra, where he played a crucial role in reducing online and offline payment fraud by leveraging mobile telephony, collective intelligence, and implicit user authentication. Vivek is a dynamic leader who enjoys building and commercializing products that bring tangible value to customers. In 2010, before pursuing MBA, he co-founded a technology product company, Warmbluke and created a first-of-its-kind innovative Civil Engineering estimator software called ATLAS. The software was developed for both enterprise and for SaaS users. The product helps in estimating the construction cost using CAD drawings. Vivek did his MBA from Queen's University with Specialization in New Ventures. He also holds a Bachelor of Technology degree in Information Technology from Coimbatore Institute of Technology, Anna University, one of the prestigious universities in India. He is the recipient of the D.D. Monieson MBA Award, Issued by Queen's School of Business, presented to a student team which has embraced the team-learning model and applied the management tools and skills to become a peer exemplar. In his spare time, Vivek likes to go on hikes and read books.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

DDoS Mitigation – Why Your Traditional Security Fails?

DDoS attacks are among the most rapidly advancing type of cybercrime. Traditional DDoS mitigation is not enough to counter these attacks. Why is it so, and what is the way forward?

Read More
Behavioural DDOS Protection
Under the hood of Behavioural DDOS Protection

Blog Series 2 out of 2 In the last blog, we saw why static rate limits do not work and why behavioural DDOS is required. Now, let’s investigate how these.

Read More
Best DDoS Protection
Top 6 DDoS Attack Prevention Tactics 2021

The hundreds of billions of insecure devices, especially IoT products out there mean it is simple for attackers to develop botnets. Over the past years, DDoS (Distributed Denial of Service).

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.

A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™

The reviews and ratings are in!