Security News

NCAA March Madness 2014 Dell SonicWALL Application Control

By

In this Dell SonicWALL SonicAlert we will take a fun look at telemetry data for our Application Control signatures for the 2014 NCAA March Madness Basketball Tournament. Our telemetry data consists of a count of signatures that have matched network traffic from our customers’ firewalls as reported back to us. In this case we will look at the number of hits per day for HTTP traffic going to the NCAA.COM, the host domain for the tournament. The hits data shown in the graph below represent one HTTP page request for webservers hosting the ncaa.com domain, as identified by our application signature SID:3468, “NCAA March Madness — HTTP Activity”. The data represents hits sampled during the time period two weeks before the tournament start date of March 17th and continuing a few weeks after the April 6th end date.

NCAA March Madness HTTP Traffic 2014 Chart

There are a couple of observations to make about the data. The first interesting pattern in the 2014 data (blue line) in graph above is that there is very little HTTP traffic to the ncaa.com domain preceding the tournament start date. Then in the early rounds of the tournament there is a huge spike in hits–approximately half a billion HTTP requests on March 20th and 21st, 2014, in fact. My hypothesis is that many of these requests are people watching the early rounds of the tournament online (from work), but later in the tournament–when there are less games–it is more likely that the replay will be available on cable television which can be watched at home, after work hours. There are sixty-four teams in the first round, so most of these games cannot all be televised. If you are a fan of one of these regional collegiate teams and you want to watch your team play their first round game–which might be their last game–then online streaming may be your only option. Another possible explanation is that many fans will be updating their predictions online during the first days of the tournament.

A second observation about the 2014 data is that you can see that the traffic soon tapers down and remains steady at near 130 million requests per day (during the weekdays) for the remainder of the tournament–and, in fact, even for weeks after the tournament finishes. This makes sense from the standpoint that many will have missed a few games and want to go back and watch game replays, or check game and player statistics after the tournament end date–even many weeks later.

In summary, the graph of the NCAA March Madness tournament shows some interesting traffic patterns starting on or around the second week of March, spikes on the first day of the tournament–usually around March 17th–and continues for many weeks after the tournament end date on or around April 6th.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
DropperXSW.A: Registry only malware (April 23rd, 2015)
Parite.CBR a polymorphic virus which infects all portable EXE files
Research Paper: Blackhole Exploit Kit - Rise and Evolution (Sep 17, 2012)
New Storm Variant (June 27, 2008)
New Variant of Dharma Ransomware spotted in the wild.
Windows IE Use-After-Free Vulnerability MS13-047 (June 21, 2013)
Yet another Linux malware spotted in the wild (Feb 26, 2016)
Fake image file containing Javascript leads to Avaddon ransomware