A10 Networks is building out a security strategy that leverages AI and machine-learning techniques to help enterprises protect themselves against the growing threat of increasingly sophisticated distributed denial-of-service (DDoS) attacks.

The company this week expanded its A10 Defend portfolio with the A10 Defend Detector, an enhanced tool that had been part of A10’s Thunder TPS attack detection and mitigation suite and is designed to give organizations early warning capabilities so they can be more proactive in building up protections.

The tool integrates machine-learning technology to deliver scalability and industry-specific threat intelligence and enable automated detection capabilities to both enterprises and service providers on-premises and in the cloud, according to Gary Wang, senior product marketing manager at A10.

Defend Detector joins Defend Mitigator and Orchestrator in the growing Defend portfolio, along with the vendor’s DDoS threat intelligence. Defend Mitigator and Orchestrator also were part of the Thunder TPS package, with Orchestrator at the time named aGalaxy and being the centralized management system aggregating data from all managed Thunder TPS deployments.

A10 executives said they also are in early trials with some enterprises for its DDoS threat intelligence service, which also will be integrated into the Defend portfolio.

AI and Machine Learning are Key

The AI and machine-learning technologies are a central part of the Defend strategy, according to Wang.

“To combat modern DDoS attacks, it’s not just about eradicating zero-day ML-enhanced threats with ML-enhanced methods,” he wrote in a blog post. “It is also about proactively bolstering DDoS defenses with more accurate, in-depth, and proactive threat intelligence that is also ML-enhanced.”

Machine learning can sort through and analyze large volumes of data much faster than a human, which enables organizations to more quickly and accurately adjust their defenses to adapt to evolving threats.

“The best way to use machine learning in practice is through threat intelligence; so much of the alerts and information collected are just noise without the ML-enhanced analytics,” Wang wrote. “Therefore, AI and ML are integral to detection, mitigation, and threat intelligence, and can enhance accuracy and response times.”

The Defend portfolio is designed to provide AI-enhanced zero-day detection capabilities, analytics, and threat intelligence about DDoS attacks.

More Sophisticated DDoS Attacks

That will be important given the growing number and sophistication of DDoS attacks. Gartner analysts earlier this year outlined what enterprises can expect in the near future, and it isn’t good.

“With global political instability, patriotic hacktivism, state-sponsored attacks and espionage, distributed denial of service attacks will be used as the most common cyberattack type,” the analysts wrote. “Distributed denial of service attacks will be most sophisticated, and be higher in frequency and in volume of traffic, as compared with current attack trends.”

In addition, “with the growing bandwidth cost, DDoS mitigation service will continue to become more expensive in the coming months,” they wrote, though they added that an influx of new players in the DDoS defense and mitigation space is putting pressure on the market, giving organizations more pricing and price points to choose from.

Enterprises will need all the help they can get as the number and frequency of DDoS attacks increase. Netscout in September reported that in the first half of the year, threat groups launched about 7.9 million DDoS attacks, a 31% year-over-year increase. For its part, Cloudflare found that in the third quarter, there was a 65% quarter-over-quarter increase in HTTP DDoS attacks, which are designed to overwhelm targets like mobile application servers, ecommerce websites, and API gateways with massive amounts of HTTP requests.

An Escalation with ‘Rapid Reset’

Driving that spike were record-setting DDoS attacks first detected in late August that leveraged a novel zero-day vulnerability in the HTTP/2 protocol that was dubbed “Rapid Reset.” Cloudflare, Google, and Amazon Web Services all reported battling the largest DDoS attacks they had ever recor2ded.

In their report, Cloudflare researchers noted that HTTP/2 now accounts for 62% of all HTTP traffic, calling it a “version of the protocol that’s meant to improve application performance. The downside is that HTTP/2 can also help improve a botnet’s performance.”

A10’s Wang said the Rapid Reset attacks should do away with the misconceptions by some that DDoS threats are little more than a nuisance or inconvenience that will simply shut down websites for a time and are relatively easy to defend against.

With the proliferation of Internet of Things devices and the expanding DDoS-as-a-service market among threat actors, it’s becoming easier to launch such attacks, he wrote. At the same time, while AI is being used by defenders to enhance protections, it’s also be leveraged by cybercriminals.

“Modern DDoS attacks will continue to be a critical concern given their evolution in frequency, intensity, and complexity,” Wang wrote. “They are often used as smokescreens for ransomware and malware attacks and can ultimately lead to services becoming unavailable. This results in limited or no access to data, which is the lifeblood of organizations.”