Circle
Events
Blog

Download Publication

Software-Defined Perimeter as a DDoS Prevention Mechanism
Software-Defined Perimeter as a DDoS Prevention Mechanism

Software-Defined Perimeter as a DDoS Prevention Mechanism

Release Date: 10/27/2019

Working Group: SDP and Zero Trust

Distributed Denial-of-Service (DDoS) attacks are one of the most prevalent types of cyber attack, and their numbers are only climbing. DDoS attacks are large-scale incursions in which the perpetrator uses more than one unique source IP address (often thousands of them) to launch simultaneous attacks against a target. Organizations should be aware of this threat and on the lookout for the best DDoS mitigation methods.

In this paper by the Zero Trust Working Group, we advocate for Software Defined Perimeter (SDP) as a tool to protect private services from DDoS attacks. SDP is an architecture that provides integrated security, which is otherwise hard to achieve with existing security point products. SDP is efficient and effective against several well-known attacks, including HTTP Flood, TCP SYN, and UDP Reflection.

Key Takeaways:
  • An explanation of DDoS attack vectors and their layers and logical protocols according to the OSI and TCP/IP models
  • An overview of non-SDP mitigation methods
  • The steps for setting up an SDP configured as a DDoS defense mechanism
  • An explanation of three well-known attacks and how to use SDP to defend against them: HTTP Flood, TCP SYN Flood, UDP Reflection
  • A list of DDoS and other attack monitoring maps
Who It’s For:
  • People in security, enterprise architecture, and compliance roles within enterprises
  • Solution providers, service providers, and technology vendors

Download this Resource

LoginCreate Account

Prefer to access this resource without an account? Download it now.

Acknowledgements

Michael Roza Headshot
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 85 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud Key M...

Read more

Shamun Mahmud Headshot
Shamun Mahmud
Senior Research Analyst, CSA

Shamun Mahmud

Senior Research Analyst, CSA

This person does not have a biography listed with CSA.

Juanita Koilpillai Headshot
Juanita Koilpillai
Founder & CEO of Waverley Labs

Juanita Koilpillai

Founder & CEO of Waverley Labs

Juanita Koilpillai is Founder and CEO of Waverley Labs, a pioneer in software defined perimeters (SDP) and digital risk reduction solutions. She has 30 years’ experience researching and developing systems in computer security, network management and real-time distributed software. She leads the open source software-defined perimeter (SDP) effort for ‘black’ apps in the cloud with the Cloud Security Alliance and is an active contributor to N...

Read more

Nya Murray Headshot
Nya Murray
CEO of Trac-Car and Verviam IDaaS

Nya Murray

CEO of Trac-Car and Verviam IDaaS

Nya is a key contributor to the Zero Trust working group and author of several position papers published by CSA’s Software-Defined Perimeter working group. She is the CEO of Trac-Car and Verviam IDaaS and a senior information and communications technology (ICT) cloud cyber security and identity management consulting architect. Nya cons...

Read more

Jason Garbis Headshot
Jason Garbis
Chief Product Officer of Appgate, Inc.

Jason Garbis

Chief Product Officer of Appgate, Inc.

Jason Garbis is Chief Product Officer for Appgate, responsible for the company’s security product strategy and product management, and co-chair of the SDP Zero Trust Working Group at the Cloud Security Alliance, where he helps lead research and publication initiatives. He has over 30 years of product management, engineering and consulting experience at security and technology firms, including RSA, where he focused on identity management and...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?