How to Handle Terabit-Scale DDoS Attacks

We now live in a world that is highly-connected to the Internet, and very vulnerable to volumetric distributed denial of service (DDoS) attacks. The vast majority of DDoS attacks are small and sub-saturating but the world is increasingly witnessing massive DDoS attacks, such as the October impacting DNS provider Dyn, which reportedly measured 1.2 Tbps. Such large, volumetric attacks are becoming more common, driven in part by the affordability and ease of DDoS hacking source code, and in part by botnet-driven DDoS attacks that leverage the Internet of Things.

Regardless of their size DDoS attacks are dangerous, and no organization is immune to them without proper DDoS defenses in place. Furthermore, even if one’s organization is not the intended target, that organization can’t rest assured; as we saw in the case of the Dyn DDoS attack, an attack on an Internet gateway does have trickle-down effects on other websites that depend on that gateway.

In the wake of so many DDoS attacks in recent months/years, many enterprises and agencies are seeking ways to protect themselves from such attacks. It is certainly possible to stop both large and small attacks; the technology exists. However, the average organization does not have enough IT security staff and budget to implement the technology that can stop terabit-sized DDoS attacks. The burden of stopping DDoS attacks should fall mostly on Internet Service Providers (ISPs) and Hosting Providers, because they have the resources to stop DDoS traffic at the top of the Internet funnel, and they can make DDoS protection affordable for their own customers.

Some ISPs and hosting providers have adopted modern DDoS mitigation technology that is scalable to handle terabit-sized DDoS attacks, at an affordable price. Furthermore, some now extend their DDoS protection as a service to their customers. By offering DDoS defense as a service, telecoms create a revenue stream that offsets the costs of the DDoS mitigation solution. In so doing, they make DDoS protection affordable for themselves, and for their downstream customers.

It’s not just a matter of providing better services to their customers; it’s also a matter of competitive advantage. ISPs and hosting providers can’t afford to invest in their infrastructure in the future if they are losing customers now, or if they are being usurped by those who have larger, more diverse service offerings. Enterprises are quickly realizing that action is required now, to protect future their business, and they are turning to their providers for the answer.

For more information, contact us.