The contract between Department of Homeland Security (DHS) and Galois was signed in January. However, HackRead had a chance to discuss the contract with Galois.
Galois and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) have formalized a contract to develop technology for preventing and combating extensive, sophisticated DDoS (Distributed Denial of Service) attacks.
In fact, an official announcement was made by Galois in which the company informed media about signing up a $1.7million contract with the DHS S&T Cyber Security Division. The contract is part of the larger Distributed Denial of Service Defenses (DDoSD) program initiated by the DHS S&T Cyber Security Division.
The problem with DDoS attacks is that these can cripple even the most established and largest organizations. These happen to be devastating for small and/or medium-sized businesses. The generated amount of traffic is adequate to drench their internet connections multiple times and it becomes challenging to get the ISP (internet service provider) to take the matter seriously and respond quickly.DHS Developing Technology to Thwart DDoS attacks Quicker than Ever Before
The project that DHS is planning with Galois is dubbed as DDoS Defense for a Community of Peers (3DCoP) and it involves peer-to-peer collaboration mechanism with which the organizations detect and combat DDoS attacks by working in cooperation.
According to Adam Wick, Galois’ Research Lead, Mobile & Security Systems Software:
“Current DDoS defense systems are proving ineffective because they operate in isolation, which introduces delays in the detection, reporting, and response to a DDoS attack. This delay is critical. It provides positive feedback to the attacker, who will continue to send more and more traffic to the target network. Our solution advances the state of DDoS defense by providing new tools that allow multiple defenders to coordinate their response, resulting in earlier detection and faster DDoS mitigation.”
It is not a hidden fact that DDoS attacks are a great threat for all kinds of industries and sectors alike such as news entities, financial institutions, critical infrastructure organizations and government agencies, etc.
Under the contract with DHS, Galois aims to curb rising DDoS attack threats via the following measures:
1: Minimizing mitigation response duration by at least 50% and 75 to 90 percent reduction in peak traffic
2: 25% reduction in the duration between the launching of DDoS attack and its detection
Resultantly, organizations and institutional entities will be able to thwart DDoS attacks prior to its completion.
HackRead had a chance to have a conversation with Adam Wick and here’s what we asked and what he replied:
Q: How would you like to explain the difference between your services and services provided by other companies?
Answer: “Currently, DDoS defense systems fail to address large DDoS attacks that fully “clog” the internet connection. In those cases, locally responding to an attack is no longer possible. In general, most solutions work in isolation, which introduces delays in the detection, reporting, and response to a DDoS attack. To effectively mitigate a large attack, an organization must involve organizations “higher up”, like ISPs, that can stop the flow of malicious traffic.
We’re developing a unique collaborative model, where multiple organizations automatically work together to detect DDoS attacks through automatic traffic analysis. They then generate traffic blocking rules for the malicious traffic and send that to ISPs further up the chain. The ISPs can, in turn, block the necessary traffic and mitigate the attacks.
One can see the basis of this in the way people react to DDoS attacks now, but many of these steps are manual and require complicated conversations over the telephone. In many cases, the process is further complicated because the parties involved have never spoken before, and have to build trust. After all, the actions that one takes to mitigate a DDoS can also be used to perpetrate an attack, so upstream ISPs need to convince themselves that they’re talking to the right person.
What we’re looking to do is speed up this process, dramatically, by automating the detection, analysis, and mitigation steps. At the moment, this mitigation can be automatic, or it can be manual. That way, even if an organization’s ISP isn’t hooked up to our system, network admins will be able to detect the problem early and trust our solution to have all the information (and all the evidence!) they need to convince their ISP to take early and effective action.”
Q: How will your firm will defend its client against DDoS attack leading to ransom such as the ProtonMail DDoS attack?
Answer: “Ransom in DDoS cases is one of those clear indicators that our current approaches to DDoS defense are failing. Attackers can only ask for ransom when an organization has no way to defend themselves. Ransom cases can be mitigated by having effective DDoS defense that doesn’t allow an attack to become a problem in first place. The most effective defenses in the coming years will take into account the bigger picture by connecting everyone involved, for a more timely response. If we can minimize the effect of large DDoS attacks, we effectively reduce cases where attackers demand ransom.”
Galois is a renowned firm in the computer science research and development sector. It has been operating since 1999 and boasts of a world class team of computer science experts, mathematicians, programmers, and engineers. The firm has positioned itself as the world’s most reliable company and is ready to take on even the most challenging computer science related task of the world.
It has also partnered with defense and intelligence agencies to develop cutting edge technologies to protect their systems and networks. Very often tech firms consult Galois to create reliable, safe and secure systems for their products and services’ security.AV Blog