{"id":3388,"date":"2014-06-05T16:05:13","date_gmt":"2014-06-05T16:05:13","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=3388"},"modified":"2020-05-06T10:31:34","modified_gmt":"2020-05-06T17:31:34","slug":"think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/","title":{"rendered":"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again."},"content":{"rendered":"<p>I recently talked to Davi Ottenheimer,* Senior Director of Trust at EMC, about the guidelines released by the Federal Financial Institutions Examination Council (FFIEC) in April of 2014 regarding preparations financial institutions must take to protect against DDoS attacks.<\/p>\n<p>DDoS attacks are a cause of concern across all major industries, from charity organizations to high-value targets like banks and financial institutions. However, recently there has been an increasing focus on the financial industry due to the potential impact to the economy.<\/p>\n<p>Financial institutions\u2014with online banking, mobile-device access to account information, and even back-office systems tied to the network\u2014are highly susceptible, which is why the FFIEC has the new guidelines.<\/p>\n<p>The FFIEC\u2019s \u201c<a class=\" bf_ungated_init\" href=\"https:\/\/www.ffiec.gov\/press\/PDF\/FFIEC%20DDoS%20Joint%20Statement.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Joint Statement: Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional&#8230;<\/a>\u201d specifies six steps that supervised financial institutions are expected to take. If you are responsible for networks at an FFIEC-supervised institution, you should review this Joint Statement carefully, and understand what your company is being asked to do at a policy level.<\/p>\n<p>I talked to Davi Ottenheimer on what the new regulations mean, and he said, \u201cAvailability of systems is a foundation of trust in today\u2019s always-on, always-connected world of commerce. The recent regulatory guidelines are a logical continuation of long-standing disaster-recovery and business-continuity concepts. Financial service providers now need to be ready not only to withstand denial-of-service attacks on their own, but also need to be using intelligence-driven security to catch wider threats and to participate with others in defense of the industry as a whole.\u201d<\/p>\n<p><strong>Does This Mandate Apply to You?<\/strong><\/p>\n<p>The FFIEC Joint Statement clearly applies to\u00a0<em>all<\/em>\u00a0FDIC-supervised institutions, including those with less than $1 billion in total assets.<\/p>\n<ul>\n<li>While it sets forth no legal requirements with penalties for noncompliance, FIL-11-2014 clearly implies that the FFEIC is placing the burden of protecting against DDoS attacks squarely on financial institutions and their IT teams.<\/li>\n<li>The Joint Statement provides links to two resources to guide financial institution IT teams in meeting the expectations:<\/li>\n<\/ul>\n<p class=\"rteindent2\">o\u00a0\u00a0 A detailed technical discussion of attack targets and types titled \u201c<a class=\" bf_ungated_init\" href=\"http:\/\/www.us-cert.gov\/sites\/default\/files\/publications\/DDoS%20Quick%20Guide.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DDoS Quick Guide<\/a>\u201d from the National Cybersecurity and Communications Integration Center<\/p>\n<p class=\"rteindent2\">o\u00a0\u00a0 A more process and best practices oriented \u201c<a class=\" bf_ungated_init\" href=\"http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-61rev2\/SP800-61rev2.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Computer Security Incident Handling Guide<\/a>\u201d from the National Institute of Standards and Technology<\/p>\n<p><strong>What Infoblox Can Do to Help You Comply<\/strong><\/p>\n<p>Interestingly, the\u00a0<a class=\" bf_ungated_init\" href=\"http:\/\/www.us-cert.gov\/sites\/default\/files\/publications\/DDoS%20Quick%20Guide.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DDoS Quick Guide<\/a>\u00a0talks about DDoS attacks impacting different OSI layers. We have seen attackers increasingly use DNS to launch DDoS attacks that are not only volumetric, impacting the victim\u2019s WAN bandwidth, but also can cause significant damage by impacting the DNS servers at the application layer. I asked Davi if there was anything specific to DNS that was called for.<\/p>\n<p>\u201cDNS is clearly within scope of recent regulatory guidelines,\u201d he said, \u201ceven though they are not specifically named.\u201d The following paragraphs explain how Infoblox capabilities match up with the specific requirements for addressing DDoS as well as how they address DNS vulnerabilities.<\/p>\n<p><em>Monitoring Internet Traffic (Step 2)<\/em><\/p>\n<p>Infoblox Advanced DNS Protection (ADP) provides forms of monitoring purpose-built to counter the DDoS threats the FFIEC is asking institutions to guard against. The solution delivers a unique approach to protecting against DNS-based attacks by continuously monitoring, detecting, and dropping packets of DDoS attacks\u2014including amplification, reflection, floods, exploits, tunneling, cache poisoning, and protocol anomalies.<\/p>\n<p><em>Ensuring Staffing for the Duration of an Attack and Managing Traffic Flow (Step 4)<\/em><\/p>\n<p>Infoblox Advanced DNS Protection meets the expectation set forth in Step 4 and goes it one better. ADP\u00a0<em>automatically<\/em>\u00a0distinguishes between legitimate queries and malicious traffic during an attack. It also automatically\u2014and intelligently\u2014manages the traffic flow, serving legitimate requests while it drops malicious ones. So it makes the kind of on-call contract staff recommended in Step 4 unnecessary by supplying a more reliable automated alternative.<\/p>\n<p>The illustration shows Infoblox Advanced DNS Protection under DDoS attack, and its response to good DNS queries. While the attacks were being launched (red line graph), Advanced DNS Protection also received 50,000 good DNS queries per second, all of which it responded to (blue line graph), even as the attacks peaked. The test was done using an independent third-party security and performance-testing platform.<\/p>\n<p align=\"center\">Continuing to respond to legitimate queries, even as an attack peaks<\/p>\n<p><em>Sharing Information to Help Identify New Threats and Tactics (Step 5)<\/em><\/p>\n<p>Advanced DNS Protection receives regular automatic updates based on detailed threat analysis and research, providing ongoing protection against new attack types as they surface. This information can be shared across and between institutions and agencies.<\/p>\n<p><em>Adjust Risk Management Controls in the Wake of an Attack (Step 6)<\/em><\/p>\n<p>In the wake of an attack, Infoblox security solutions can help IT take measures to fortify DNS services against future attacks based on detailed reporting that provides a centralized view of all the attacks happening across the network, giving visibility into the type and scope of the attacks. Reports include details like number of events by category, rule, severity, member-trend analysis<strong>,<\/strong>\u00a0and time-based analysis. In addition to providing the intelligence needed to take action while an attack is in progress, they can be analyzed for the planning of future defense.<\/p>\n<p>But wait\u2014there\u2019s more.<\/p>\n<p>The FFIEC points out that during 2012 and 2013, attacks launched by a Hamas Organization calling itself \u201cCyber Fighters of Izz Ad-Din Al Qassam\u201d hit U. S. banks and in some cases shut down services altogether. The FFIEC expects attacks of this sort to continue, and warns that financial institutions are at risk of disruption of operations, loss of reputation, and\u00a0<em>even fraud committed under the cover of DDoS attacks launched as diversions<\/em>.<\/p>\n<p>Infoblox has this covered as well. Infoblox DNS Firewall protects enterprises against malware-based data exfiltration by blocking malware accessing the Internet via DNS.<\/p>\n<p>For more details, see our white paper titled \u201cFIL-11-2014: What Does It Mean to You?\u201d, which summarizes the FDIC letter and the FFIEC Joint Statement and then matches the capabilities of Infoblox solutions for protecting against DDoS attacks to specific expectations in these documents.<\/p>\n<p>*<em>Davi Ottenheimer has over 20 years of experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is author of the Wiley books &#8220;The Realities of Securing Big Data&#8221; and &#8220;Securing the Virtual Environment.&#8221; He formerly was responsible for security at BGI, the world&#8217;s largest investment fund manager. Before that he was a &#8220;dedicated paranoid&#8221; at Yahoo! and responsible for managing security for hundreds of millions of mobile, broadband, and digital home products. Davi received his postgraduate academic master of dcience degree in international history from the London School of Economics.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I recently talked to Davi Ottenheimer,* Senior Director of Trust at EMC, about the guidelines released by the Federal Financial Institutions Examination Council (FFIEC) in April of 2014 regarding preparations financial institutions must take to protect against DDoS attacks. DDoS attacks are a cause of concern across all major industries, from charity organizations to high-value [&hellip;]<\/p>\n","protected":false},"author":254,"featured_media":1496,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[16,15],"class_list":{"0":"post-3388","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-community","8":"tag-infoblox","9":"tag-security","10":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.<\/title>\n<meta name=\"description\" content=\"I recently talked to Davi Ottenheimer,* Senior Director of Trust at EMC, about the guidelines released by the Federal Financial Institutions Examination Council (FFIEC) in April of 2014 regarding preparations financial institutions must take to protect against DDoS attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.\" \/>\n<meta property=\"og:description\" content=\"I recently talked to Davi Ottenheimer,* Senior Director of Trust at EMC, about the guidelines released by the Federal Financial Institutions Examination Council (FFIEC) in April of 2014 regarding preparations financial institutions must take to protect against DDoS attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-06-05T16:05:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:31:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-coe-banner-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Renuka Nadkarni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Renuka Nadkarni\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/\"},\"author\":{\"name\":\"Renuka Nadkarni\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/111901fc66473b7a5d5d6cf2ae869ef9\"},\"headline\":\"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.\",\"datePublished\":\"2014-06-05T16:05:13+00:00\",\"dateModified\":\"2020-05-06T17:31:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/\"},\"wordCount\":1097,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ipv6-coe-banner-1.jpg\",\"keywords\":[\"Infoblox\",\"Security\"],\"articleSection\":[\"Community\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/\",\"name\":\"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ipv6-coe-banner-1.jpg\",\"datePublished\":\"2014-06-05T16:05:13+00:00\",\"dateModified\":\"2020-05-06T17:31:34+00:00\",\"description\":\"I recently talked to Davi Ottenheimer,* Senior Director of Trust at EMC, about the guidelines released by the Federal Financial Institutions Examination Council (FFIEC) in April of 2014 regarding preparations financial institutions must take to protect against DDoS attacks.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ipv6-coe-banner-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ipv6-coe-banner-1.jpg\",\"width\":600,\"height\":413},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Community\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/community\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/111901fc66473b7a5d5d6cf2ae869ef9\",\"name\":\"Renuka Nadkarni\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g\",\"caption\":\"Renuka Nadkarni\"},\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/renuka-nadkarni\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.","description":"I recently talked to Davi Ottenheimer,* Senior Director of Trust at EMC, about the guidelines released by the Federal Financial Institutions Examination Council (FFIEC) in April of 2014 regarding preparations financial institutions must take to protect against DDoS attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/","og_locale":"en_US","og_type":"article","og_title":"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.","og_description":"I recently talked to Davi Ottenheimer,* Senior Director of Trust at EMC, about the guidelines released by the Federal Financial Institutions Examination Council (FFIEC) in April of 2014 regarding preparations financial institutions must take to protect against DDoS attacks.","og_url":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/","og_site_name":"Infoblox Blog","article_published_time":"2014-06-05T16:05:13+00:00","article_modified_time":"2020-05-06T17:31:34+00:00","og_image":[{"width":600,"height":413,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-coe-banner-1.jpg","type":"image\/jpeg"}],"author":"Renuka Nadkarni","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Renuka Nadkarni","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/"},"author":{"name":"Renuka Nadkarni","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/111901fc66473b7a5d5d6cf2ae869ef9"},"headline":"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.","datePublished":"2014-06-05T16:05:13+00:00","dateModified":"2020-05-06T17:31:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/"},"wordCount":1097,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-coe-banner-1.jpg","keywords":["Infoblox","Security"],"articleSection":["Community"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/","url":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/","name":"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again.","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-coe-banner-1.jpg","datePublished":"2014-06-05T16:05:13+00:00","dateModified":"2020-05-06T17:31:34+00:00","description":"I recently talked to Davi Ottenheimer,* Senior Director of Trust at EMC, about the guidelines released by the Federal Financial Institutions Examination Council (FFIEC) in April of 2014 regarding preparations financial institutions must take to protect against DDoS attacks.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-coe-banner-1.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ipv6-coe-banner-1.jpg","width":600,"height":413},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/community\/think-you-are-compliant-with-ffiec-guidelines-regarding-ddos-defense-think-again\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Community","item":"https:\/\/www.infoblox.com\/blog\/category\/community\/"},{"@type":"ListItem","position":3,"name":"Think You Are Compliant with FFIEC Guidelines Regarding DDoS Defense? Think Again."}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/111901fc66473b7a5d5d6cf2ae869ef9","name":"Renuka Nadkarni","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0661e443c4c379f0c36c9451f82921d754eda7aa497a8cbc3002b9c3a298bcce?s=96&d=blank&r=g","caption":"Renuka Nadkarni"},"url":"https:\/\/www.infoblox.com\/blog\/author\/renuka-nadkarni\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3388","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/254"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=3388"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3388\/revisions"}],"predecessor-version":[{"id":4083,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3388\/revisions\/4083"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/1496"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=3388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=3388"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=3388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}