ISPs Require Modern DDoS Protection to Ensure Uptime
The global lockdown, resulting from the COVID-19 pandemic, means millions of people around world consuming more Internet bandwidth because they are either telecommuting for work, or consuming online entertainment whilst holed up at home. Online availability has never been more important and much of the responsibility for that falls on Service Providers, who serve as the gateway to the Internet. Whenever an ISP is impacted by a Distributed Denial of Service (DDoS) attack to one of its downstream customers, this can create collateral damage to their other customers. When some of these customers are Service Providers themselves, this can magnify how widespread the service degradation, or complete outages can be.
Historically, Service Providers just focused on moving packets, in large volumes, but the increasing need for always-on Internet connectivity, combined with the ongoing increase in DDoS attack frequency, is driving more and more ISPs to deploy state-of-the-art DDoS protection. ISPs must continue to adapt and be vigilant to the ever-changing DDoS threat landscape. DDoS attacks have become more prevalent and more sophisticated, meaning traditional methods of mitigation are becoming less and less effective.
Over recent years Corero research has shown that the frequency and sophistication of DDoS attacks continues to increase. Additionally, although most DDoS attacks are in fact relatively small, during 2019 there was a measurable increase of 35% in the ratio of attacks that were more than 10Gbps. This is a continuing trend, now approximately double the 2016 levels. Given that many of the ISPs with dedicated DDoS protection still rely on out-of-band scrubbing centers, this increase in average attacks size can leave them struggling to defend attacks on multiple customers simultaneously.
In fact, there are multiple increasing challenges for those providers who still rely on out-of-band scrubbing centers: Firstly, attack monitoring for out-of-band scrubbing typically requires the use of NetFlow, which only provides visibility into packet headers and not the payloads, reducing the accuracy of detecting the latest DDoS vectors. Secondly, swinging traffic to a scrubbing center causes delays, which means the full impact of the attack is felt for a significant period of time, often measured in minutes, before mitigation commences. Thirdly, because scrubbing centers are, by definition, only a fraction of a provider’s edge capacity (typically around 10-20%), growing average attacks sizes increase the likelihood that scrubbing capacity is exceeded, especially when there are simultaneous attacks on multiple customers of that provider. When attacks do exceed their scrubbing capacity, ISPs are left with no choice but to blackhole all traffic to the customer(s) under attack, which means those customers are offline, completely. In such cases, the cybercriminals have won the battle, by successfully knocking their target offline.
Cybercriminals can do a lot of damage with DDoS attacks, in a matter of seconds, which is why time-to-mitigation matters greatly; impact from DDoS attacks can only be reliably prevented with the latest generation of automatic protection. As the revenue of organizations around the globe increasingly relies on their uninterrupted Internet presence, resilience can come down to fractions of a second.
More than ever, the world is dependent upon Internet availability; with many millions of people and businesses relying upon it. DDoS attacks are one of the most serious threats to Internet availability, so ISPs must take very seriously the decisions they make in terms of which DDoS mitigation solution they deploy.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.
Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.