With the increasing use of computers in modern society, computer systems have become increasingly subject to cyber-attacks intended to disrupt the systems and/or steal data. Accordingly, the field of cyber security has developed to combat such cyber-attacks. Cyber security is particularly important in networked systems, where multiple computer resource interact to provide sharing of, for example, files and applications. Each networked system may require different cyber security resources in order to be effectively covered. Accordingly, many networking system owners choose to deploy customized cyber security measures to combat potential threats to their particular systems. Even more imperative, these particular customizations are needed in order to meet the overall structure and architecture of their networks, and the operations challenges they have. These requirements and corresponding measures may be more significant in large scale networks for communicating among numerous resources.
The properties and architecture of communication networks pose certain challenges in protecting the network's resources against cyber threats, in particular denial of service (DoS) and distributed DoS (DDoS) attacks. The challenges result from the many resources and services included in such a network, collaboration between resources, and the dynamic, and complex, services provided by such networks. The complexity of cyber-attacks plays a major role here as DoS/DDoS attack campaigns are more sophisticated and aggressive. To defend against such threats, security resources are deployed in the communication networks. The security resources include detection devices for detecting potential attacks/threats and mitigation devices to mitigate detected attacks.
Existing solutions face further challenges in provisioning and managing the security resources, particularly in large scale networks. To combat the increasing cyber security threats, organizations incorporate various security systems into their networks. The incorporation of multiple security resources increases the complexity of the network. As a result, these organizations face significant amounts of manual configuration and/or tuning for appropriate responses. Such configuration and tuning is very complicated, time and labor intensive, and may be unrealistic when faced with increasingly adaptive threats and/or increasingly changing networks.
Specifically, the particular requirements of each organization deploying a network may require significant customization of security solutions therefor. To this end, an organization may seek to develop, or deploy, customized security resources meeting its particular needs. Many vendors providing such security solutions seek to include as many features as possible to be able to fit the various needs, and customizations, of the maximum number of organizations. However, such overinclusion of features results in overcomplicated security systems that are not easy to manage. As a result, these overcomplicated security systems are not particularly flexible and, therefore, cannot be readily reconfigured to changes in needs. These issues are further exacerbated in larger scale networks.
In addition, due to the complexity of the networks and the ample number of different security systems, security resources, and/or techniques that can be utilized, manual configuration of such resources is prone to errors by a user (e.g., a system administrator). For example, such a user may be reluctant to capture all possible scenarios to detect and/or mitigate a potential cyber-attack and/or to define all objects that should be protected. Such misconfiguration would result in an unsecure protected environment.
Additionally, manual configuration cannot be rapidly adapted to capture DDoS burst attacks. The DDoS burst attack durations are shorter, i.e., attack campaigns have been characterized by short bursts of DDoS attacks which indicate automated coordination by the attackers. Thus, the security resources in the network should be configured or provisioned to mitigate such attacks. A manual provisioning, however, cannot achieve such rapid reconfiguring. Rather, the user may not even be aware of the issue until most or all of the damage has been done.
It would therefore be advantageous to provide a solution that would overcome the deficiencies of the prior art.