With the recent DDoS attacks against Brian Krebbs and DYN DNS, I had an idea about how the industry is going to respond.
I think we’re about to see big companies like Google, Microsoft, Amazon, etc. offering solutions that mitigate against DDoS. It might also be a separate company that leverages all those others–someone like Akamai.
No, not like they already do, but in a completely different way.
Instead of saying we can withstand an attack (which it seems they might not be able to), they will instead say that they’re going to modularize your critical infrastructure and place it in multiple providers in multiple regions.
And then you add monitoring.
So when DYN gets melted by smart coffee makers, the service will detect that DNS is not working and will migrate your DNS infrastructure to another provider instantly.
If your DNS is working fine, but Linode is being DDoS’d, you’ll be moved over to Amazon where a copy of your infrastructure is running.
It’s part of something I’m going to be talking about in 2017 where we need to start moving away from prevention and more towards reducing impact.
Maybe we can’t stop 10M toasters from melting a website, but maybe we can simply not be there for more than a few seconds when it happens.
I think that’s a direction we’re about to move in as an industry and in physical security as well. You can’t stop IEDs or pipe bombs in malls. But what you can do is make it so that everyone still goes to work the next day and that our reaction to these attacks don’t harm our attitudes and our economy.
Resilience > Prevention.