topic Looking for AI/ML tools for DoS/DDoS protections and traffic analysis in General Topics

Looking for AI/ML tools for DoS/DDoS protections and traffic analysis

NeonNetSec — Fri, 08 Dec 2023 13:31:16 GMT

Hi all,
Large organization - looking for recommendations of AI/ML tools that we could use to augment our traffic analysis and provide DoS/DDoS protections. I know there are many different ways this could be done but I'm just looking for some 1st-hand-experience on some solutions you guys implemented successfully:
- I am not familiar w/ Palo's AI/ML offerings in this space, if any
- I am interested in if it's possible to develop some sort of in-house neural network that could analyze our traffic logs and then help DoS/DDoS protection by Security Policy creation, or black-holing
- maybe something before the firewalls, at a router level, you could recommend

Thanks. I know this might be a spicy one.

Re: Looking for AI/ML tools for DoS/DDoS protections and traffic analysis

PavelK — Fri, 05 Jan 2024 04:47:53 GMT

Hello @NeonNetSec

Palo Alto does not focus on DDoS mitigation: Defending from DoS and volumetric DDoS attacks. The only exception is zone protection, but this is a basic feature. Building any solution on-premise will not protect you against volumetric DDoS attacks as your lines will get clogged before your on-premise devices could mitigate the attack. If you are protecting entire infrastructure, then I would be looking into scrubbing center (Either purchase this service or built your private one). If you are protecting web services, I would be looking into WAF solution. Alternative to these would be asking your ISP to enable DDoS protection on their side on ISP level.

Kind Regards

Pavel