I recently participated in a webinar hosted by IHS, where Jeff Wilson, Senior Research Director of Cybersecurity Technology at IHS, led the discussion on “Service Provider Deployment of DDoS Mitigation.” The webinar also featured commentary by Stephen Clark, Director of IP Networks at Telesystem, which has deployed the Corero SmartWall® Threat Defense System. Key topics were new security solutions available for the service provider environment, key trends driving service provider deployment of in-line DDoS mitigation, and new revenue opportunities for service providers.
Wilson noted that distributed denial of service (DDoS) solutions have evolved dramatically since the first DDoS attack was witnessed in the mid-1990s. At Corero we classify the early mitigation techniques as DDoS 1.0; these rely mainly on black-holing traffic until a DDoS attack subsides; this approach requires a lot of manpower, and does not prevent the DDoS attack from affecting the service provider or their downstream customers. Surprisingly, even though there are new solutions available, many companies still use black-holing as an answer to DDoS attacks.
Later, DDoS 2.0 solutions evolved into out-of-band scrubbing centers that detect DDoS threats and subsequently generate alerts that require an operator to take action, which can take considerable time, possibly leaving the environment under attack in some cases for multiple hours. Because scrubbing centers require a significant amount of human capital and equipment, this approach has remained out of reach to everyone except Tier 1 service providers.
According to Wilson, 2015 marked a turning point in DDoS mitigation solutions; it was time for a new economic model, one that made affordable solutions for the smaller Tier 2 and Tier 3 and enterprise customers. “Now you don’t have to wait to get more than 50 Gbps of onsite mitigation capacity,” said Wilson. DDoS 3.0 solutions (like Corero’s SmartWall® Threat Defense System) are on-site, inline, automated and affordable; it responds in real-time to even the smallest DDoS attack, many of which would go unnoticed by a scrubbing center.
Now that DDoS mitigation solutions are more affordable and scalable, there is opportunity to not only save on operational and bandwidth costs, but also to generate new revenue. Service providers can turn mitigation structure around to re-sell it as a service to their customers downstream. Wilson said, “If the economics work customers are willing to make capital investments in DDoS mitigation.” Similarly, it makes sense economically for the customers of service providers to take advantage of a secure cloud; they are willing to pay for such a value-add service. Enterprise customers need and want protection from DDoS attacks; soon enough, they will demand such protection, and it will be a liability for service providers who don’t offer it.
Providers deploying this purpose-built First Line of Defense® against cyber threats will have the opportunity to differentiate their services through their DDoS security infrastructure. As such, they are able to not only minimize churn but also create incremental revenue streams and longer-lasting customer relationships.
To learn more, view the webinar on demand.