Home / Blogs

Identify DDoS Attacks with External Performance Monitoring (Part 2 of 3)

In Part One of this series, we examined internal server, network and infrastructure monitoring applications. Now let’s take a look at another way to capture DDoS information: external performance monitoring.

Option #2 – External Performance Monitoring Solutions in the Cloud

A second approach IT administrators can use to assess a potential DDoS attack is to use an external performance monitoring solution. Unlike network/infrastructure tools—which are usually installed inside a customer’s network—external performance monitoring solutions are typically provided by a third party and leverage monitoring locations from around the world.

External monitoring tools can encompass several elements:

  1. Virtual browsers to check for basic Website / application uptime and performance
  2. Real browsers to check for Website / application performance, errors and service degradation
  3. Network services such as DNS, FTP and email, among others

From a DDoS perspective, an external third-party monitoring solution makes sense. The purpose of this type of solution is to constantly monitor a Website, service or application and notify the user of downtime, slow responses or other issues. All of these are potential indicators of a DDoS attack.

That said, although a third party external monitoring solution can work at capturing DDoS attacks, these solutions are not foolproof. An external solution can tell an IT administrator that performance is degrading or has failed, but it cannot determine the reason. As I mentioned in our previous post, abnormal response times and downtime do not always indicate a denial of service condition.

Originally, the goal of third-party monitoring was to ensure that ISPs, hosting companies and servers were functioning as designed. Slow response times and outages could indicate a provider or server being down.

As mentioned in part one of this series, it is important to carefully analyze any data from a third-party before enabling your DDoS protection service.

Companies that do not host their own websites and use third parties like Amazon EC2 would benefit the most from third-party monitoring solutions.

Stay tuned for the next segment in our three-part series where we discuss Netflow/Peakflow monitoring and on-premise equipment.

By Donald Lee, Technical Sales Engineer at Neustar

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global