Market research firm Infonetics Research released excerpts its latest DDoS Prevention Appliances vendor market share and forecast report, which tracks distributed denial of service (DDoS) appliances deployed to protect enterprise and carrier data centers, mobile networks, wired carrier transport and broadband networks, and government transport networks.


“While the market for dedicated DDoS prevention solutions remains strong, going forward the overall performance of the market and the vendors in it will be challenged by the widening availability of hosted/SaaS solutions and new integrated security platforms that include DDoS prevention as a feature,” notes Jeff Wilson, principal analyst for security at Infonetics Research. “Arbor Networks and Alcatel-Lucent recently announced a combined offering that couples Alcatel-Lucent routers and a specialized DDoS mitigation blade from Arbor. And F5 recently launched a specialized data center firewall product based on its BigIP traffic management platform, with DDoS prevention as a cornerstone feature.”

Wilson adds: “We expect other major security vendors to build specialized security platforms with integrated DDoS prevention that will go head-to-head with mid-range offerings from the dedicated DDoS appliance vendors.”


— Sustained DDoS activity will drive the prevention market to 24% growth in 2012 over 2011

— The data center segment of the DDoS prevention market is growing fast and is expected to pass the carrier transport segment by the end of 2012

— Arbor Networks, the largest vendor in the DDoS prevention appliance market, maintains a commanding overall lead with nearly 3/5 of global revenue, although Radware is challenging in the government network segment

— Combined, all segments of the DDoS prevention market–data center, carrier transport, mobile, and government–are forecast by Infonetics to top $420 million by 2016

— Mobile networks will see the strongest growth in the DDoS prevention market, with a 30% CAGR over the 5 years between 2011 and 2016


Infonetics’ biannual DDoS Prevention Appliance report provides vendor market share, market size, and forecasts through 2016 for DDoS appliance revenue by deployment location (enterprise and carrier data centers, mobile networks, government networks, and carrier transport and wired broadband networks) and by region (North America, EMEA, Asia Pacific, Central and Latin America, worldwide). The report also provides DDoS unit market share and forecasts by region.


The scene outside the Supreme Court after the justices narrowly upheld the Affordable Care Act looked chaotic, yet the scene on the back end of SCOTUSblog wasn’t — due in part to some serious planning.

SCOTUSblog is a website dedicated to news and analysis of the Supreme Court of the United States, run as a separate business by the lawyers at Washington, D.C.-based law firm Goldstein and Russell. It averages about 30,000 hits a day, but in the months leading up to the court’s ruling on the Patient Protection and Affordable Care Act, it became clear that something would have to be done to support a huge amount of traffic.

The blog staff knew that they were in for traffic problems when page views spiked during oral argument in March. Over a three-day period, the site received more than a million hits, creating a slow experience for users that was punctuated by crashes during peak hours.

“We were just really, really struggling to serve that audience,” said Max Mallory, deputy manager of the blog.

Mallory, a self-described liberal arts-type who learned IT on the fly after becoming deputy manager of the blog, said that the staff took stock of what they had and decided there was no way for them to rework it on their own. To accommodate the blog  traffic they expected when they reported on the court’s decision, they would need to get outside help.

SCOTUSblog planned for huge traffic boost
Options on what to do ranged from completely redesigning the entire site to optimizing what they already had and adding more servers.

“There was tons of stuff being thrown around,” Mallory said.

The bloggers decided to bring in a team of developers who, over the course of the two months between the argument and the decision, reworked various aspects of the website. Mallory said they fixed Javascript conflicts and plug-in issues, cleared out extraneous data, compressed the database and made cosmetic changes to the website that simplified loading.

Monday, June 18 was the earliest the court could have made its decision and served as the first testing day for the site’s changes. They decided to redirect traffic from the homepage to the live blog page, something they normally do on breaking news days. At one point, 40,000 simultaneous users were on the live blog, a fraction of what they expected on the big day, but it still revealed difficulties on the back end.

By Thursday, they had implemented a new plan — split the traffic between three servers. The main blog page would be hosted on Media Temple, the service they had been using all along. That page would redirect to a landing page that housed just the live blog, which would be hosted by WP Engine. Once those readers clicked to activate the live blog, that traffic would be hosted by third-party live blogging service CoverItLive.

In anticipation of a decision that still hadn’t come that day, traffic again spiked and the site stayed afloat, but still moved slowly. The WP Engine server handled the live blog page, but the Media Temple server was swamped by redirect requests.

“Friday morning I knew there was no way based on that performance we were going to be able to handle it,” Mallory said.

So Mallory reached out to Datagram, a server provider that handles hosting for some large blogs, and asked them to put him in touch with “the best optimizer of WordPress sites.” Datagram gave him the name of Andy LoCascio and his company, Sound Strategies. By the end of the day, LoCascio was in charge of rebuilding everything from the ground up.

After bringing LoCascio on board, the team learned all their work over the previous two months was essentially a waste.

“Literally everything that [could be] wrong was wrong,” Mallory said.

LoCascio’s team worked all day Friday and Saturday, adding a high-powered NGINX deployment on top of the Media Temple server, rewriting all Apache and MySQL configurations, fixing plug-ins and reworking caching. By Sunday, everything was finished.

Most court watchers expected the decision to come down on Monday. The blog surpassed its all-time traffic record by 2 p.m. and had more than 100,000 viewers on the live blog. Everything went well, but the big day had yet to come.

Finally, the media learned Thursday was going to be the day and the team was prepared to sit and wait. But on Tuesday evening they experienced a distributed denial of service (DDoS) attack, which left them scrambling to find a way to protect themselves from a nefarious attempt to crash the site.

They decided to eliminate the chain of servers at different companies and consolidate resources. The night before decision day, they set up four satellite servers off the main Media Temple server, each of which would host a cached version of the site that would be updated on a fixed, periodic schedule.

Two more DDoS attacks came the morning of the decision, but neither worked. Then, the news they and their audience had been waiting for broke.

“Right at 10:03 a.m. Thursday, we were getting more than 1,000 requests every second,” Mallory said.

In the end, SCOTUSblog received 5.3 million page views with no crashes or lag time. Load time never climbed above one second and CPU usage never ventured above 1%, a vindication of the new design. The site previously operated around 60% to 80% CPU usage with a hundredth of the traffic.

Traffic has since subsided and is expected to fade as the court heads for its summer recess. Mallory said the system set up for the health care decision will be shut off for now, but added that he and his colleagues will be prepared for the next major Supreme Court decision.


Kaspersky Lab, a developer of content management solutions, has warned end users to be on their guard against cyber criminals using the Olympics to launch phishing scams and DDoS attacks.

Kaspersky spokesperson Jagannath Patnaik said that end users might find themselves under siege from cyber criminals attempting to cash-in on the event. “One of the dangers is people being lured by mistake to an illegitimate site set up by someone who wants to profit from the event by pretending to sell items, like merchandise or tickets, that they are not authorised to,” he said.

“This could result in people giving up their personal information or surrendering a sum of money and being defrauded by scammers. This is a problem that may have been exacerbated by the ticket selling process the organisers have used,” he further added.

“Tickets have become available in stages and sponsors have had them to giveaway, whereas – if they were all sold at once – it might be easier to say the tickets that are appearing on sale after a certain date are unlikely to be genuine,” he said.

“There are going to be lots of people wanting to update Twitter and Facebook, access news sites and, possibly, shift money around between bank accounts to free up money for their trip. They should be wary about what connections they use to do this. It may not be an illegitimate Wi-Fi network set up by a crook, but it might be a publicly available one that someone can intercept the traffic of,” he said.


Anita Sarkeesian wanted to make a web series about how women are portrayed in video games. She asked the world for $US6000. Some of the people who thought that was interesting and worth doing have given her just shy of $US159,000.

Some of the people who thought it was not worth doing have defaced her Wikipedia page, written vile things to her on YouTube and… well, that’s what she already told us about in mid-June. But, wait, there’s more, as Sarkeesian explains in a new post on the Feminist Frequency blog:

In addition to the aggressive actions against me that I’ve already shared, the harassers launched DDoS attacks on my site, attempted to hack into my email and other social media accounts and reported my Twitter and YouTube accounts as “terrorism”, “hate speech” or “spam”. They also attempted to “dox” and distribute my personal contact info including address and phone number on various websites and forums (including hate sites).

Tropes Vs Women: Video Games is the name of the project. It’ll be a video series. It hasn’t even been made yet. That hasn’t stopped the trolling. I guess I should quote the mission statement of Sarkeesian’s project, though that implies that there is some mission statement out there that she could have had that would have merited this reaction — and that the only reason this reaction is condemnatory is because Sarkeesian’s mission statement doesn’t seem to merit the attacks sent her way.

Here’s the beginning of her Tropes Vs. Women: Video Games mission statement, to the extent that it even matters:

I love playing video games but I’m regularly disappointed in the limited and limiting ways women are represented. This video project will explore, analyse and deconstruct some of the most common tropes and stereotypes of female characters in games. The series will highlight the larger recurring patterns and conventions used within the gaming industry rather than just focusing on the worst offenders. I’m going to need your help to make it happen!

World-ending stuff, huh?

It’s not always that easy to be a woman in the world of gaming, but this is ridiculous.

Sarkeesian writes: “After struggling with whether or not to make the extent of the attacks public I’ve decided that it’s ultimately important to shed light on this type of abuse because online harassment and bullying are at epidemic levels across the internet.”

Agreed. It’s absurd. There are far smarter and funnier ways to disagree.


Cybercriminal gangs wielding hoards of malware-infected zombie machines are primarily using them for massive spam campaigns aimed at pushing pharmaceuticals, herbal remedies and porn, but they are also often rented out for more nefarious purposes, say experts who monitor them.

Botnets can be used to conduct distributed denial-of-service attacks (DDoS), leveraging the power of infected systems to disrupt and wipe out websites. Botnets often spread malware, and are the main engine behind phishing campaigns or the fuel behind powerful clickjacking campaigns. What started as an amateur activity on Internet Relay Chat (IRC) networks — using the power of people connected to IRC to knock victims offline — quickly became a for-profit venture associated with cybercriminal fraud activities, said Joe Stewart, director of malware research at Dell SecureWorks. “Now we see you’ve got governments and hacktivists getting into the game for reasons that aren’t really just money related, Stewart said.”

Stewart and other security experts say many enterprises have zombie machines running on their networks without even realizing it. Rather than being aimed to disrupt systems, the malware is being remotely controlled to seek an enterprise’s most prized possession: intellectual property.

“They’re highly focused on companies and governments,” Stewart said. “Anything you can imagine that somebody might steal in the virtual world, somebody has a botnet that is probably doing it.”

Stewart and other security experts say many businesses are far too reliant on automated systems; big security appliances such as intrusion prevention and detection systems designed to monitor network traffic. They’re calling for enterprises to instead hire skilled IT security pros to proactively monitor those systems and investigate issues. The approach, they say, improves the security systems already deployed in most enterprises by addressing and isolating issues before they become a serious problem.

The good news is some of the malware associated with widely known botnets can be detected using most traditional security appliances and endpoint security software, including antivirus. But a much more serious threat is targeted attacks – particularly those hurled at enterprise employees – that use malware combined with techniques that are designed to evade detection. Once an endpoint machine is infected by stealthy malware, a Trojan embeds itself and then attempts to reach out to cybercriminals for orders. Enterprise network monitoring tools can detect the nefarious traffic and block some of it, but over the years, cybercriminals have become savvy at tunneling communications using strong encryption algorithms, timing communication drops for odd hours when systems aren’t being fully monitored or sending out tiny communication packets that assimilate with normal network traffic.

“You can hope your corporate antivirus [detects botnet infections] at the gateway or on the desktop, but we know from testing that those capabilities don’t have the highest rates of detection,” Stewart said. “If you move into the network realm you can pick up a lot of this activity because it doesn’t change its network fingerprint very often.”

Botnet size doesn’t matter
Stewart said the most powerful botnets are not necessarily the largest. The Flame malware toolkit for example, contained a botnet of less than 200 infected machines in Iran, yet it wielded a powerful arsenal for those behind it. The limited scope of the attack, believed to be a nation-state driven cyberespionage operation, enabled the botnet operators to stealthily eavesdrop on their victims, steal data and capture video for years.

By contrast, Stewart said larger botnets give cybercriminals the advantage of leveraging the computing power of infected computers to spread malware and other malicious activities. They can be used to amplify a denial-of-service attack to take down a website or quickly spread malware and steal account credentials.

The Zeus and SpyEye malware families make up massive botnets that have, for years, wreaked havoc on the financial industry. The botnets spread quickly due to the business model put in place by the cybercriminals behind the malware. Using automated attack toolkits, the cybercriminals set up an affiliate network, rewarding other cybercriminals for infecting machines. Zeus gained notoriety in 2006. The malware can be coded to spoof websites, steal account credentials and drain bank accounts. Security firms have tried to knock out portions of the botnets by disrupting the command-and-control servers associated with them, but despite those efforts, cybercriminals have built-in mechanisms to bring them back online. The most recent effort came from Microsoft, which used legal action to wipe out Zeus botnet servers in the United States.

Detection: The human factor
There is no technology better than a skilled IT pro assigned to look for anomalies on the corporate network, said Johannes Ullrich, chief research officer at the SANS Institute. Skilled system administrators should be inspecting network traffic and system logs, applying creative thought in the process of flagging potential problems for further investigation, Ullrich said.  Packet analyzers and other filtering tools can help network security pros determine if suspicious traffic is malicious in nature.

“A lot of enterprises still rely on old, signature-based antivirus,” Ullrich said. “Particularly with [targeted] attacks and these kinds of botnets it depends on individuals at this point.”

The trend at many enterprises has been to outsource network monitoring activities, but Ullrich said that in his experience, outsourced security monitoring usually fails at detecting the targeted attacks and botnet infections that matter the most. Outsourced services follow a checklist and process a specific number of requests per hour, Ullrich said, adding that outsourced services would be better if they played a role in assisting a system administrator to “find the next new thing versus yesterday’s bot.”

“They don’t really understand the business and that’s why some enterprises are going through the expensive process of bringing it back in-house,” he said.

Endpoint security combined with network-based security such as host intrusion prevention (HIPS) technology and other reputation and filtering systems can help mitigate malware infections, said Mike Rothman, analyst and president of Phoenix, Ariz.-based security research firm Securosis LLC.  The firm recently concluded its malware detection series that focused on why detection is so challenging. Network security appliances can provide context on application and user behavior, but it requires adjusting and tuning to avoid a serious impact to end users, Rothman said in a blog post describing the firm’s research series.  The same goes for Web filtering and reputation-based. “Find a balance that is sufficiently secure but not too disruptive, navigating the constraints of device ownership and control, and workable across device locations and network connectivity scenarios,” Rothman wrote.