Majority of present cyber threats are targeting government or finance institutions to cut them off the Internet, we face penetrations into protected systems or malware earning money for its creators. Most of these attacks come from computers of unsuspecting users that are under control of attackers and are part of botnet. What kind of countermeasures can national level internet service provide can take to reduce the impact of DDoS attacks and identify infected devices and botnet activities in his network?
CD-Telematika (a prominent provider of wholesale internet, data and voice services, and a leading supplier of fibre-optic infrastructure management, maintenance and construction services) offers anomaly detection and DDoS protection for their customers as a service. CD-Telematika can be seen as a pioneer in the Security as a Service field in Czech Republic and proved that protection against cyber threats can be automated and provided without the need of initial investment and specific knowledge on customer side.
We will demonstrate capabilities mentioned above on CD-Telematika environment that operates complex ecosystem for network traffic monitoring and analysis serving the DDoS protection use-case and anomaly detection use-case with the focus on infected devices and communication of botnet command & control activities. DDoS protection is designed to prevent large infrastructures like data centers and local ISP against volumetric DDoS attacks. Flow-based detection using dynamic baselining and adaptive thresholds enables to respond to various types of volumetric attacks in minutes in order to ensure smooth operation of network infrastructure and availability of services provisioned through the network. Anomaly detection is based on principles of network behavior analysis looking for suspicious communication and anomalies that correspond to network attacks or communication with botnet command & control centers.