Corero
Blog & News

How to Identify Revenue Expansion Opportunities with Managed DDoS Protection

ddos revenue

Service Providers (SPs) across both commercial and residential markets face significant challenges and competition. One of these challenges is how to balance the costs involved with protecting their infrastructure from cyber-attacks that can take down their service, alongside growing their business. In this blog, we look at how SPs can turn these seeming ‘costs’ into a way of generating new revenue streams, and how by offering DDoS protection as-a-service, they can retain and gain customers,

Customer loyalty is a key challenge for any business in today’s ever-changing world, and there’s something to be said about keeping customers happy, since the cost of keeping an existing customer is significantly less than acquiring a new one.  However, many providers are finding that customer acquisition costs (CAC) are rising, while the lifetime value of that customer (LTV) is falling dramatically.  With this in mind, how can SPs incentivize customers to stay loyal?

In our increasingly interconnected world, ever-faster connections and adoption of IoT devices, SPs are rightly focusing on maintaining service uptime and ensuring SLAs.  However, one of the biggest, if not the biggest, threats to uptime is Distributed Denial of Service (DDoS) attacks. This is why it makes sense to offer DDoS protection ‘as a service’.

The Value of Attack Visibility and Insights
Many organizations regard DDoS security as a cost center; however SPs are favorite targets for threat actors and it is essential to protect their infrastructure, since their tenant customers rely on them to be fully functional. Many providers are taking the extra step of offering DDoS protection as a service, so that customers can actually have visibility and insight into DDoS attack traffic affecting their network and gain actionable intelligence. Knowing what types of DDoS attacks that have been mitigated is not just a ‘nice to have’ – it makes good business sense to have the intelligence to be able to adjust DDoS mitigation rules that can block future attacks. It also critical for your security team to be immediately able to see if any network issue is due to a DDoS attack, or whether it is in fact due to some other network issues.  Having this visibility into attacks saves valuable time and ‘man hours’.

Archived security event data enables forensic analysis of past threats for compliance reporting. By providing each customer/tenant the insights into the attack traffic that’s being stopped, SPs can demonstrate immediate, tangible value to customers.

ROI on DDoS Security: Gain and Retain
Offering DDoS protection as a service to tenant customers is not just a revenue generator, but a competitive differentiator, because few providers can guarantee robust DDoS protection to their customers. Some SPs offer protection for free, as a value-add service, while some choose to generate incremental revenue by offering protection as a subscription service. Others may offer baseline DDoS mitigation services to all customers, but for those customers who place a premium on high service availability, the provider can create value-added options. Whether they offer DDoS protection service for free or for a fee, SPs gain and retain more customers.

What’s the Best Kind of Protection?
Given the sophisticated nature of today’s DDoS attacks, SPs require precise enforcement of mitigation policies against DDoS attack traffic. This can only be accomplished with line-rate performance and maximum-security efficacy. Legacy out-of-band, on-demand DDoS scrubbing centers and cloud services can create unacceptable delays between the start of an attack and when the actual remediation efforts begin. The legacy approach is also typically resource-intensive and expensive for providers because it requires highly trained personnel to monitor traffic 24/7.  It is also prone to error, since human security analysts can’t react fast enough to modern multi-vector DDoS attacks that are typically short in duration, small in volume and hard to distinguish from legitimate traffic. These short, sub-saturating, attacks are cause for concern, because they still result in poor network performance and inability to access applications and services.

In contrast, real-time, automatic DDoS mitigation technology enables DDoS protection at full edge bandwidth, scaling to tens-of-terabits per second of protected capacity, where previously only partial scrubbing capacity was feasible. It eliminates the requirement to manually analyze events and removes the need to reroute traffic, both good and bad, in order to surgically remove the DDoS packets, before returning it to the network. As a result, the detection-to-mitigation-to-protection timeline shrinks to seconds, or even sub-second.

With a DDoS Protection as a service model, providers can easily deliver real-time DDoS protection as a premium security service to their customers. It can be offered as a value-add service, or they can monetize their DDoS protection by offering tiered levels of protection to tenants. Providers can structure their value-add service in a variety of ways, and the service model can be centrally managed through the multitenant portal, which enables providers to onboard tenant customers, define and assign DDoS protection service levels and view attack dashboards for each. Each tenant customer can be easily configured to deliver the level of service they are paying for. Protected customers can login to their own view, to access DDoS attack reporting and analytics, and understand the value of the DDoS protection they are receiving. Tenants can see which attacks have been blocked, and they gain peace of mind.

In today’s competitive Service Provider market, DDoS protection as a service is a great way for ISPs to add value to their existing services and prevent customer churn.