That 80-20 Rule and DDOS

We have always viewed ITSonar as the perfect, cost effective early warning system for Cloud services and network performance. Our End User Experience centric measurements combined with machine intelligence helps IT teams understand when performance is sufficiently degrading to become noticeable to the End User. No gratuitous alarms to throw an already busy team into a crisis for issues that can be dealt with later on a scheduled downtime. No angry customer wake up calls because they experience issues before the IT team discovers them.  The mounds of data IT teams typically collect from all their devices do not correlate quickly into a decent hypothesis and often times never will due to the complexity of the environment.

If you detect an issue quickly and inexpensively, prioritize it appropriately and identify the fault domain automatically, you are 80% done, and you will solve 80% of the issues. For the remaining 20%, sure, more tools might be needed but the question is: Why pay for the wrecking ball when most of the times you just need a hammer?

We see this perspective materialize in many operational contexts in day to day issues that affect the delivery of IT services.  The value is very apparent, often more apparent than even we envisioned it to be.  As an example, ITSonar helped us quickly discover a DDOS attack on our website and then automate the response to repeat offenses.

The image below shows the response time globally for our site when the attack started. ITSonar alerted us right away and informed us that the issue was with our hosting slow response. By checking our webserver we saw it was a DDOS, and we got the range of IP addresses sourcing the attack. Quick WHOIS lookup and Voila!

Of course, we blocked the bad actor IP addresses. Note that this is a Cloud provider, so you cannot always just start blocking entire IP ranges. More importantly, we reported the issue and provided the ITSonar data and the server stats. In other words, we assigned ownership to the right organization, the one who should actually invest time and money in addressing the issue. At the same time, we provided the Cloud provider with information that would help with justification and forensics. After all, aren’t we all trying to run a business with limited resources?

Did the problem just go away? Well, no, it did not go away. It came back, sourced from a different range of IP addresses belonging to the same provider. Nothing surprising there but since we have the early warning system and are focused on automation, we went for the “squeaky wheel” approach.

  • ITSonar detects the issue
  • We automatically collect the stats
  • We automatically block the IP addresses
  • We automatically report the issues

After a couple of automatic email reports sent to the provider, the problem went away. Magic. Simple magic!

Can you buy an expensive tool to do something similar? Sure you can. But remember two things:

  • The 80-20 rule – for 80% of your IT issues you don’t need an expensive tool, just the right one
  • The ownership rule – you don’t have to own all the problems, particularly the ones not generated by your own business model

To detect and fix most of the issues, you don’t need to pay an arm and a leg for Watson. Just use an early warning system paired with automated response. It really is elementary my dear Watson!