Do Service Provider Networks Need Better Security?

How are communications service providers (CSPs) coping with network security threats these days? Heavy Reading conducted an anonymous survey of CSPs who are members of their Thought Leadership Council. According to that survey, “Council members say there are several security issues driving the development of those plans, including distributed denial of service (DDoS), illegal intercept, ransomware and data exfiltration, all of which were seen as critical issues by more than 60% of panelists.”

Two other noteworthy data points from the article are:

  • Almost two thirds of TLC members say their companies are allocating less than 5% of the budget for network security.”

  • 41% of companies surveyed gave themselves a “C” in terms of their overall network security plans.

The author concludes, that the results clearly indicate that CSPs feel they are currently doing a good job with network security; and goes on to say “however, there are several new technologies and services that must be addressed in order to maintain necessary levels of network security.”

The Need for DDoS Protection

One of those technology areas is DDoS protection. Of course, any Internet related service or hosting provider can be an unwilling accomplice to DDoS attacks that transit or terminate on their network. Providers and their customers are inseparably linked by the challenges DDoS attacks present.

Protecting the Network Edge

The challenge is that large providers have come from the position of being focused on transit – shifting huge volumes of packets – and letting downstream providers and end users worry about whether they needed to inspect or drop those packets for security reasons. Things are changing however, such that CSPs are now increasingly concerned about protecting their network edge. These providers want to keep junk traffic (DDoS attacks) off their network because it’s begun consuming more of their bandwidth. The more DDoS traffic consumes bandwidth, the more providers are compelled to either upgrade their network capacity, or deploy DDoS protection. The alternative is to just keep blackholing all traffic to any customer under attack, which is increasingly unacceptable because that completes the attack, by taking the target offline for its duration.

Security as a Service

To counter this, CSPs and other tier-2/3 providers now have the opportunity to offer security as a service and/or to differentiate from their competitors by including DDoS protection. Such protection wasn’t viable until a few years ago. Furthermore, it can be provided in cost effective scaling increments, from 10Gbps to 100Gbps, to support bandwidth and inspection requirements as needed. Such technology provides configurable policies to deliver a broad range of specific protection mechanisms to defend critical network assets against today’s sophisticated DDoS attacks.

Corero provides automatic, best-in-class, innovative DDoS protection solutions for customers across the globe; to learn how you can protect your organization from the DDoS threat, contact us.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.