We're getting ready to launch a set of faster services to combat a specific type of cyber attack.
For the past year, we have been operating a foundation service, which can mitigate against a distributed denial of service (DDoS) attack typically within a few hours. Our new automated services are faster, either cutting the response time to just a few minutes, or preventing any disruption to the network.
How does the present system work?
In a DDoS attack, the network is flooded with data with the intention of bringing it down. If we detect such suspicious traffic, our security analysts will, in consultation with the affected institution, filter out the threat traffic before it reaches the core of the Janet Network and send the clean traffic onwards to the customer. This process of detection, verification, consultation and mitigation usually takes a few hours.
Available for all members connected to the Janet Network as part of their subscription, this foundation service deals with large attacks that affect network connections and its importance cannot be underestimated.
Over the past year, there were 1,000 inbound DDoS attacks potentially affecting 221 different members. The biggest attack we dealt with was nearly 46 Gbps, which could have disrupted even the largest of our members’ network connections if not mitigated.
Although the threat landscape is always changing, over the last year we have seen that higher education (HE) and research institutions are more likely to experience a DDoS attack than further education (FE) organisations. About a third of universities were affected, compared to a quarter of colleges and skills providers.
How will the new services work?
We're now developing a further layer to the DDoS mitigation service to defend against attacks which target specific systems within an organisation’s network.
The first of these services involves setting up pre-configured profiles for different systems, such as web servers, email and telephone systems. The profiles provide more finely tuned alerts and specific mitigations. We are doing this in consultation with our members; we want to know the services members most want defended, and feedback on how to best configure the profiles.
The benefit of creating pre-configured profiles is that we don’t have to produce unique profiles for each organisation, which means it’s cheaper for us to apply and more affordable for members.
Members can also choose a custom profile if none of those we produce are suitable. This option gives members the power to customise the sensitivity of alerts, the types of mitigation applied, and provides more detailed reporting on any actions.
Because we will have already configured the alerts and reactions for each of the agreed service profiles, or a custom profile, mitigation is launched automatically once an attack has been detected, rather than manually applied. This takes reaction time down to about four minutes.
For very sensitive or valuable services, a further level of protection is available. A new top-tier permanently-on service can mitigate attacks immediately. Again a cost effective option of pre-configure profiles will be available, alongside the higher level custom options.
Threat intelligence is a valuable resource for any cyber security service. The more we know about how our members’ services are attacked and how we can best react to them, the better we get at defence.
General threat intelligence is available from global and national sources, but the information we gather about threats and attacks is a unique intelligence set specific to the organisations that make up the Jisc community. It more accurately reflects the environment that we need to defend and the job we need to do. The more members that sign up to our DDoS mitigation service, the better the threat intelligence we generate, and that’s good for everyone.
At our security conference in November we will be introducing these new, enhanced DDoS mitigation services and discussing provisional prices. Our objective is to make it affordable for all members, including smaller institutions and the FE sector, where funds are under most pressure.
In the meantime, if you’d like to know more about the service and how you can sign up, our security services manager, Nelson Ody, is the person to contact.