The impact of a DDoS attack can be immediate and plain. Often times, organizations do not take preemptive approach. They do not conduct proper risk and countermeasure analysis before DDoS attack occurs. Proper risk assessment requires looking at all the potential costs, not simply calculating the cost of downtime for a revenue generating services.
The motivations behind DDoS attacks are plenty. No longer DDoS attacks are primarily motivated by financial gain or conducted by state sponsored organizations. Today, all it takes is for someone to simply disagree with your opinion, political affiliation or stance on a topic to launch a DDoS attack using the plethora of tools or services available to them. To make matters worse, if your services are housed in a shared cloud environment, you don’t even have to be the target of the DDoS attack to be impacted by the collateral damage.
1) ) Behavior analysis is essential approach to detect any advanced attack.
2) Intrusion Detection:
Monitor, respond and report on key status, notifications and incidents with regards to
intrusion detection network and systems threats, attacks and anomalous activity.
NIDS typically work at TCP/IP, layer2 or layer 3 to inspect traffic in real-time and
apply detection methods based on known patterns, signatures or traffic flow behavior
to identify network based threats,attacks.
HIDS is used for server and Endpoint. It examines traffic bound to Firewall, policy
enforcement, scanning for spyware, registry files, rootkits and applications control like
registry changes, file changes, system logs, and process monitoring and approved