This post was authored by Rohit Goyal, Product Marketing Manager at Nutanix.
A lot has been written about DDoS (distributed denial of service) attacks from last week, and we wanted to take a slightly different perspective. This most recent DDoS attack reminds us that nothing is too big to fail. History corroborates it. Back in 2008, with the housing crisis in the U.S., we learned the same lesson. The general theory (proven true) was that the very large financial institutions were highly interconnected, and if they were to fail it would cause massive ripple effects and bring down the greater economy. Unfortunately, these institutions did nearly fail and had to be bailed out at the last minute by the Fed, and the economy tanked. As a result, the market and everyone developed a newfound appreciation for the decentralization of power, and of critical resources.
We find a similar situation with the DDoS attack. One of the major themes is around “checks and balances”. What if the appropriate checks and balances were in place to decentralize power and control? What if we noticed weakness in the design, and what if we were able to identify triggers and automatically resolve issues? What if we remove power from a “few” and disperse it to “many?”
All businesses are still vulnerable to cyber threats, and when services like DNS (Dynamic Name Resolution) that are controlled by very large central institutions fail, it causes a massive ripple effect across many online services that enterprises and consumers today have come to rely on.
A DDoS attack is when large numbers of distributed clients make more requests than a service can handle, causing it stop responding to real requests. In general, DDoS attacks are usually centered around a specific organization. However, this attack was against one of the largest Internet Services Providers (ISPs), Dyn, who manages name resolution for several Internet entities.
Imagine a scenario where you couldn’t map names to phone numbers on your mobile device because your phone was too busy to perform that function. This type of attack truly “paused” a large part of Internet activity, rendering organizations without access to corporate information. Information in these scenarios is typically not lost, it is temporarily unavailable as Internet servers are not able to keep up with the requests coming from a distributed set of clients. In this case, Internet of Things (IoT) devices were used as the attackers.
The tech industry will learn from these life lessons and strive to provide newer architectures and solutions, which can lower the overall impact when cyber attacks occur. Distributing power and control while rethinking design choices and building in machine intelligence is relevant to other organizations as it is to the tech industry.
We should also consider how the cloud has changed computing dynamics. When the financial institutions faltered, there were no measures in place to bail them out, these measures were put in after the fact. Similarly when Dyn was attacked, the architectures and designs were not able to hold up, and services were impacted. There is no easy or right solution when problems of this magnitude occur, it is about ensuring we learn from them.
Disclaimer: This blog contains links to external websites that are not part of Nutanix.com. Nutanix does not control these sites, and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such site.