Attacks that last for only 30-to-60 seconds often cause major disruption but are gone before organizations can come up with a mitigation strategy, Winward said. These burst attacks constantly change in both duration and frequency, making it like guerrilla warfare on a company's network, according to Winward.
In order to catch burst attacks, Winward said businesses are often stuck waiting for the next wave to come. Catching the attack is real-time is vital to coming up with filters and collecting the intelligence needed to come up with a mitigation strategy, Winward said.
Creating a firewall to filter log traffic, and then creating a policy to block specific traffic is a very manually-intensive process, according to Winward. Organizations can therefore best safeguard themselves against burst attacks by obtaining a tool that helps them determine in real-time which traffic is good and which traffic is bad, Winward said.