Proactive or Reactive, Which is the Better Method for DDoS Defence?
DDoS attacks are now widespread; there happen many DDoS attacks targeting enterprises all the world over. In fact, in the recent past, there have been many massive DDoS attacks and security professionals are always garnering resources to combat such attacks.
Though there are many methods to fight DDoS attacks, the best ones are the proactive and reactive methods. Let’s attempt a comparison of these two methods, a proactive vs reactive study.
So, where do we begin out proactive vs reactive analysis? Let’s first discuss what these methods actually are…
In the case of the proactive mode, your defenses would constantly be looking for potential attackers. This mode would use in-line tool that has 100 percent visibility through packet analysis, thereby checking every single piece of the received traffic using pre-determined information and behavioral indicators. Thus it can determine what are bots or attacks and then block them.
In the case of the reactive method, you would be leveraging the flow data available from the edge routers and switches and would be detecting anomalies by performing meta-data analysis. When this analysis leads to the detection of something that’s potentially dangerous, for example, a DDoS attack, it reacts. This reaction happens by inserting the mitigation device. So it’s reactive in nature, which means the mitigation device is activated only when a danger is detected.
So, back to the proactive vs reactive question; which of them is best for business?
Let’s discuss the pros and cons of both the methods and try to understand which would be the better choice…
You’d tend to go for the proactive method, since it’s always on, always active and also because of its high-resolution detection capabilities. Hence you tend to use it with real-time applications, like video and gaming software and to protect critical things (like DNS infrastructure). That’s the plus; now the minuses. Well, the biggest minus is the price. In the case of the proactive mode, the system would always be on and would require 1:1 capabilities. Thus the proactive mode tends to be expensive, especially in the case of a big network.
The reactive mode, since it does the analysis using flow that’s already built into the network and since the mitigation device is introduced only when danger is detected, it happens to be cheaper. It suits smaller networks. The negative aspect is that there’s a limited resolution of flow and hence the reactive mode takes a slightly longer time to identify an attack and also to react.
So, which is the better option? Well, the answer is simple; it all depends on the needs that are specific to your business. It depends on whether your business needs just the cheaper, reactive method or whether you need the proactive one and you can afford it as well. It depends on the size of your network, it depends on how important the resources you endeavor to defend are.
Once you are decided on whether you need the proactive method or the reactive one to protect your company from cyber attacks, you can opt to buy the solutions from a leading security company.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.