John Lincoln is vice president ? marketing of telecommunications specialist Du's Enterprise Segment in Dubai John Lincoln is vice president ? marketing of telecommunications specialist Du's Enterprise Segment in Dubai

Hotels need to make sure that they are well-positioned in the war against online attacks

The last thing you want as a hospitality company is to deal with a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack. Disrupted online business can affect your business for weeks, but the long-term knock-on effect, especially on brand loyalty, could be even more costly.

As a hospitality company, you must have a DDoS protection strategy to ensure that your business and brand equity is safe against attack.

Story continues below
Advertisement

There has been rising demand for managed security services as hoteliers look for better protection. ISPs are able to deliver solutions that can combat both ‘volumetric’ and ‘application layer’ DDoS attacks, the convergence of which poses a significant threat to online services.

The best place to stop volumetric DDoS attacks is in the ISP cloud (via a network-based DDoS protection), because the saturation happens upstream and can only be remediated in the provider’s cloud. The best place to perform application-layer DDoS detection is in the data centre itself, because the attack can only be detected – and immediately stopped – at the data-centre edge.

Only ISPs can provide both a network-based service component to stop volumetric DDoS attacks and a CPE-based service component to stop application-layer DDoS attacks.

Counting costs
There are cost efficiencies at work, too. When an ISP is already supplying a managed firewall, a secure socket layer virtual private network (SSL VPN), an intrusion detection system (IDS), an intrusion prevention system (IPS) and other security measures, adding a managed DDoS protection service can be relatively straightforward, as well as cost-efficient.

While firewalls and intrusion prevention systems may be key elements of your customers’ security strategy, these solutions are designed to provide security functions that are fundamentally different from dedicated DDoS detection and mitigation products.

DDoS attacks target the very services that firewalls have to allow through, so there is no inherent DDoS protection in the firewall layer. Firewalls themselves are commonly targeted.

Some firewalls and IDS/IPS products offer DDoS detection using techniques such as statistical anomaly detection or malformed protocol detection, but they have a very myopic view of the network.

The very nature of a DDoS attack means that the attack traffic is coming from different sources. The solution must be able to recognise this behaviour and stop the traffic as close to the source as possible, which is why the distributed detection and mitigation of DDoS attacks are best done in the ISP network.

With both public and private data centres now prime targets, more and more data centre operators are seeking solutions to this increasingly pressing problem.

Here to help
To stay ahead in the game, you need the right level of protection, tailored to suit your specific needs. Our solution is a complete platform that delivers managed DDoS services for customers. It meets the key requirements of a comprehensive DDoS solution by providing:

The ability to stop both volumetric and application-layer DDoS attacks: We provide the tools to diagnose, and stop, both high-bandwidth DDoS attacks as well as targeted application-layer DDoS targets.

True ‘distributed’ DoS attack detection: Rather than simple point-based detection techniques.

Multiple methods of threat detection and mitigation: We provide multiple attack detection techniques, ranging from statistical anomaly detection and threshold-based flood detection, to fingerprint-based detection

Scalability to handle all-size threats: We can detect threats of all sizes by leveraging flow technology in existing network infrastructure equipment. The solution can also stop threats of any size and provide surgical mitigation.

Multiple deployment options: Our solution can be easily deployed out of band, in-line or passively.

John Lincoln is vice president — marketing of telecommunications specialist Du’s Enterprise Segment in Dubai. For more information, contact managedservices@du.ae