Do Service Provider Networks Need Better Security?

Sean Newman
By | February 07, 2019

Posted in: ISP DDoS Protection

How are communications service providers (CSPs) coping with network security threats these days? Heavy Reading conducted an anonymous survey of CSPs who are members of their Thought Leadership Council. According to that survey, “Council members say there are several security issues driving the development of those plans, including distributed denial of service (DDoS), illegal intercept, ransomware and data exfiltration, all of which were seen as critical issues by more than 60% of panelists.”

Two other noteworthy data points from the article are: 

  • Almost two thirds of TLC members say their companies are allocating less than 5% of the budget for network security.”

  • 41% of companies surveyed gave themselves a “C” in terms of their overall network security plans.

The author concludes, that the results clearly indicate that CSPs feel they are currently doing a good job with network security; and goes on to say “however, there are several new technologies and services that must be addressed in order to maintain necessary levels of network security.”

The Need for DDoS Protection

One of those technology areas is DDoS protection. Of course, any Internet related service or hosting provider can be an unwilling accomplice to DDoS attacks that transit or terminate on their network. Providers and their customers are inseparably linked by the challenges DDoS attacks present. 

Protecting the Network Edge

The challenge is that large providers have come from the position of being focused on transit – shifting huge volumes of packets – and letting downstream providers and end users worry about whether they needed to inspect or drop those packets for security reasons. Things are changing however, such that CSPs are now increasingly concerned about protecting their network edge. These providers want to keep junk traffic (DDoS attacks) off their network because it’s begun consuming more of their bandwidth. The more DDoS traffic consumes bandwidth, the more providers are compelled to either upgrade their network capacity, or deploy DDoS protection. The alternative is to just keep blackholing all traffic to any customer under attack, which is increasingly unacceptable because that completes the attack, by taking the target offline for its duration.

Security as a Service

To counter this, CSPs and other tier-2/3 providers now have the opportunity to offer security as a service and/or to differentiate from their competitors by including DDoS protection. Such protection wasn’t viable until a few years ago. Furthermore, it can be provided in cost effective scaling increments, from 10Gbps to 100Gbps, to support bandwidth and inspection requirements as needed. Such technology provides configurable policies to deliver a broad range of specific protection mechanisms to defend critical network assets against today’s sophisticated DDoS attacks. 

Corero provides automatic, best-in-class, innovative DDoS protection solutions for customers across the globe; to learn how you can protect your organization from the DDoS threat, contact us.

You May Also Be Interested In: