Corero
Blog & News

ISPs Gain and Retain Customers with DDoS Protection-as-a-Service

There’s intense competition among Internet Service Providers in both the commercial and residential markets. Customer churn is an ongoing concern for them, because many customers have little loyalty to any particular provider. Service uptime is a key factor for business users, because even a few seconds of downtime can drastically impact daily business, whether that’s online gaming, financial services or network security. Even if downtime and internet disruption don’t cause a breach of service level agreements (SLAs), they negatively impact ISP brand reputation, customer trust, and revenue. Did you know that one of the biggest (if not the biggest), threats to uptime is Distributed Denial of Service (DDoS) attacks?

The Value of Attack Visibility and Insights

Many organizations regard DDoS security as a cost center; however, ISPS are favorite targets for threat actors and it is essential for ISPs to protect their infrastructure, since their tenant customers rely on them to be fully functional. Many ISPs are taking the extra security step of offering DDoS protection as a service, so that customers can actually have visibility and insight into DDoS attack traffic affecting their network and gain actionable intelligence. Knowing the types of DDoS attacks that have been mitigated is not just a ‘nice to have’ – it makes good business sense to have the intelligence to be able to adjust DDoS mitigation rules that can block future attacks. Archived security event data enables forensic analysis of past threats for compliance reporting. By providing each customer/tenant the insights into the attack traffic that’s being stopped, ISPs can demonstrate immediate, tangible value to their customers.

ROI on DDoS Security: Gain and Retain

DDoS protection as a service offered to tenant customers is a truly competitive differentiator, because few providers can guarantee robust DDoS protection to their customers. Some ISPs offer protection for free, as a value-add service, while some choose to generate incremental revenue by offering protection as a subscription service. Others may offer baseline DDoS mitigation services to all customers, but for those customers who place a premium on high availability, the provider can create value-added options. Whether they offer DDoS protection service for free or for a fee, ISPs gain and retain more customers.

What’s the Best Kind of Protection?

Given the sophisticated nature of today’s DDoS attacks, ISPs require precise enforcement of mitigation policies against DDoS attack traffic. This can only be accomplished with line-rate performance and maximum-security efficacy. Legacy out-of-band, on-demand DDoS scrubbing centers and cloud services can create unacceptable delays between the start of an attack and when the actual remediation efforts begin. The legacy approach is also typically resource-intensive and expensive for providers because it requires highly trained personnel to monitor traffic 24/7. It is also prone to error, since human security analysts cannot react fast enough to modern multi-vector DDoS attacks that are typically short in duration, small in volume and hard to distinguish from legitimate traffic. These short, sub-saturating, attacks are cause for concern, because they still result in poor network performance and inability to access applications and services.

In contrast, real-time, automatic DDoS mitigation technology enables DDoS protection at full edge bandwidth, scaling to tens-of-terabits per second of protected capacity, where previously only partial scrubbing capacity was feasible. It eliminates the requirement to manually analyze events and removes the need to reroute traffic, both good and bad, in order to surgically remove the DDoS packets, before returning it to the network. As a result, the detection-to-mitigation timeline shrinks to seconds, or even sub-second.

With Corero’s DDoS Protection as a Service model, providers can easily deliver award-winning real-time DDoS protection as a premium security service to their customers. They can offer it as a value-add service, or they can monetize their DDoS protection by offering tiered levels of protection to tenants. Providers can structure their value-add service in a variety of ways, and the service model can be centrally managed through the multitenant portal, which enables providers to onboard tenant customers, define and assign DDoS protection service levels and view attack dashboards for each. Each tenant customer can be easily configured to deliver the level of service they are paying for. Protected customers can login to their own view, to access DDoS attack reporting and analytics, and understand the value of the DDoS protection they are receiving. Tenants can see which attacks have been blocked, and they gain peace of mind.

In today’s competitive ISP market, DDoS protection as a service is a great way for ISPs to add value to their existing services and prevent customer churn.