Ensuring Uptime & Meeting SLAs in the Face of DDoS

In an “always-on” world, where customers expect constant service availability to conduct business, or to simply communicate, any downtime can be more than just an inconvenience. In some industries, such as financial trading, merely seconds of downtime are incredibly disruptive and damaging. When a website is down, that usually means that clients or customers can’t find the business online, or access its products/services. That’s why tenant customers demand constant uptime from their hosting or data center providers who, in turn, need to offer Service Level Agreements (SLAs) that guarantee a high percentage of uptime (usually anywhere from 99.9% to 99.9999%). Even 0.01% downtime can dramatically affect a business’ bottom line. Depending on the nature of the applications or services being hosted, even downtime within the offered SLA can cause significant impact over the course of a year, as this can still equate to minutes, or even hours, of downtime.

Costs of Downtime for Providers

In the event of downtime, providers often have to pay punitive damages for failure to deliver on their promise. Some providers offer a compensation, such as a credit to the tenant customer’s account, usually a percentage of the monthly fee. However, that credit might not outweigh the downtime cost to the tenant. In addition to those costs, the provider may lose customer trust, brand reputation and even lose customers completely. No matter how you slice it, the failure to meet SLA standards is costly for both providers and their customers.

How Can Providers Ensure Uptime?

A great many things can lead to service downtime, but one of the increasingly common causes is distributed denial of service (DDoS) attacks. ISPs and hosting providers are attractive DDoS targets for cybercriminals, because an attack has ripple effects to hundreds or thousands of their downstream customers. DDoS incidents often result in customer churn, and damage to a brand’s reputation, so it is imperative for hosting, data center and service providers to have DDoS mitigation solutions in place to protect their own business, as well as that of their downstream customers.

Unfortunately, many providers still struggle with DDoS attacks because they are relying on home-grown, or legacy solutions, such as scrubbing centers, that are either slow to react, have limited capacity, or both. Furthermore, their significant reliance on manual intervention from security analysts often results in 1) accidentally blocking good traffic, 2) blackholing all traffic to the target, or failing to discern/detect bad traffic in the first place, or in time.

Although the vast majority of modern DDoS attacks are still relatively small (less than 10Gbps), in recent years Corero has observed a notable increase in attacks that are in the tens to hundreds of Gbps range; this trend is particularly troublesome for providers who have been relying on back-hauling attack traffic to centralized scrubbing centers. Because scrubbing center capacity is typically a fraction of a provider’s edge capacity (often only around 10%), there is increasing risk of a single attack, or concurrent attacks to multiple tenant customers, will exceed the available protection capacity. When such events occur, it forces a provider to blackhole traffic (via BGP RTBH, or FlowSpec) to prevent the risk of collateral damage to other tenant customers. The trouble with this approach, is that it takes the attacked tenant customers completely offline, for the duration of the attack. In which case, the attacker has succeeded because the target is still offline as a result of their actions.

To deliver a differentiated service, and have the best chance of exceeding their SLA commitments, providers should be deploying the latest generation of dedicated, always-on, real-time, automatic DDoS mitigation solutions at their peering and transit points. These solutions can block all DDoS traffic from entering a network and eliminate the attacks before they can congest that network and impact downstream customers. The leading DDoS mitigation solutions block only the bad traffic, and allow good traffic to pass through, on a packet by packet basis, using granular detection mechanisms with surgical blocking filters. These mechanisms can include heuristic and closed-loop policy, allowing for rapid filter creation and deployment, with the ability to respond dynamically to the evolving nature of today’s sophisticated multi-vector DDoS attacks.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments, without the downtime, or hassle, associated with other solutions. If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.