Corero
Blog & News

Why Service Providers need DDoS Protection: for both them and their customers

Service providers play the important role of managing the critical infrastructure that supports Internet connectivity not only for their customers, but also for their own organization. They require robust defenses against distributed denial of service (DDoS) attacks because, as Internet gatekeepers for thousands of individuals and businesses, both they and their customers are frequently targeted by DDoS attacks.

What Kinds of DDoS Attacks Do Service Providers Experience?

Occasionally, attackers will launch extremely large high-bandwidth DDoS attacks. However, according to Corero’s Security Operations Centre (SOC) most DDoS attacks are actually short in duration and sub-saturating in volume. Furthermore, this observation continues, with research showing that 86% of attacks last less than 10 minutes, 81% are under 250,000 packets per second, and over 97% are less than 10Gbps in volume. With this kind of attacks behaviour now the norm, service providers are having to readjust their DDoS protection plans. Typically connecting to other providers using multiple 10Gbps, and increasingly 100Gbps, transit links, these big “pipes” can easily soak-up short, sub-saturating attacks. As a result, it’s rare that individual DDoS attacks saturate their upstream connections, or their backbone networks. However, these attacks can still degrade or disrupt service for their tenant customers who are typically on 1Gbps, or less, connections; an attack that is sub-saturating for a service provider can still saturate/overwhelm a tenant customer’s network. For this reason, short, sub-saturating DDoS attacks are one of today’s most significant cyber threats. To keep their customers online and productive, it is crucial for providers to deploy an effective protection solution that prevents any impact from DDoS, 24/7.

Automation is the Key to Effective Mitigation

DDoS attacks increasingly behave in similar ways to normal traffic, so they often evade standard/legacy DDoS defenses. In terms of transactions and overall business continuity, seconds or minutes of downtime can be very damaging. Short, sub-saturating, attacks typically evade human observation and manual mitigation. Today’s DDoS attacks are often automated and multi-vector; no human security analysts can compete with that. In contrast, an on-premises DDoS protection solution can automatically and accurately detect attacks and filter out junk packets in under a second, so end-users are not even aware they were being targeted. When it comes to small sub-saturating attacks, on-premises solutions significantly outperform on-demand cloud-based DDoS protection.

The myth of ‘always on’ DDoS Protection

Beware of cloud services that offer ‘always-on’ protection, as that can mean just always-routed through their cloud; it does not necessarily mean constant protection. Any element of ‘on-demand’ can delay mitigation by minutes, or even tens-of-minutes.

In reality, most service providers need the best of both worlds. They need to filter out all attacks, the majority of which are small and short, while also being prepared for the occasional volumetric attack that may exceed their bandwidth. The advice is therefore to consider a solution which includes upstream traffic control, or even consider investing in a hybrid DDoS protection solution i.e. a combination of an on-premises appliance and a cloud service. When Service providers have DDoS protection that is automated and filters out attack traffic in seconds, their customers will never even know they were targeted by an attack.

As a leading provider of Distributed Denial of Service (DDoS) protection solutions, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.