A Hollywood, Fla.-based company that specializes in DDoS protection services is recommending that channel partners combine two separate scoring systems to accurately assess customers' DDoS threat levels.
Prolexic, which has built a business around re-establishing business continuity in the wake of DDoS attacks, has issued a white paper describing how partners can combine the MIDAS Scoring System with NIST CVSSv2 to establish greater granularity in the delivery of DDoS risk assessments and post-event forensics.
"MIDAS was developed by AT&T Labs and has a risk scoring system that functions similar to a Richter scale for seismic activity," said Alex Heid, a senior security engineer with Prolexic. "It never got adopted as an industry standard, but its classifications for DDoS attacks really did stand out. When you look at the NIST version, which is more widely adopted, the measurements are based on confidentiality, integrity and availability. But, a DDoS attack really only affects availability. While the NIST calculation includes additional temporal score modifiers that can provide a generally accurate assessment of the availability rating, the MIDAS classifications can be used to revise the temporal score metrics and lead to a more accurate interpretation."
The MIDAS calculation takes into account the number of attacking connections, the target IP address and how saturated the network links are becoming as compared to how much traffic the infrastructure can handle. From this, it classifies the attack into one of four categories, based on the intensity and a number of sources involved.
"The MIDAS classifications give a more accurate picture because NIST really doesn't focus on availability in detail," Heid explained. "It's focused on confidentiality, integrity and availability, altogether. And since DDoS attacks only affect availability, the modification of the environmental score metrics and temporal score metrics help you get a more accurate assessment for your post-event analysis as well as for hypothetical scenarios where a company is preparing for potential attack."
The strategy is viewed by Prolexic as a valuable opportunity for channel partners to engage customers in discussions around distributed denial-of-service attacks, particularly in the banking and financial services industry, which have been very hard hit by DDoS exploits throughout the year.
"It's a good tool to get the conversation going, against the backdrop of the severity of these attacks," said Prolexic CEO Scott Hammack. "They're very broad range, from very simple, low-volume attacks to very complex and high-volume ones. To get a customer engaged, you need sort of transparency and a means to quantify what's going on in the wild. This means that objective and sets the stage for a technology-level discussion that leads to sales."
Prolexic was founded in 2003, focused on a cloud-based DDoS mitigation platform for global enterprises and government agencies. The company claims 10 of the world's largest banks among its customers and generates approximately 50 percent of its revenue through the channel.
PUBLISHED DEC. 4, 2012