The COVID-19 pandemic resulted in millions of people around world consuming more Internet bandwidth because they are either telecommuting for work, or consuming online entertainment whilst holed-up at home. Online availability has never been more important and much of the responsibility for that fall on Service Providers, who serve as the gateway to the Internet. Whenever an ISP is impacted by a Distributed Denial of Service (DDoS) attack to one of its downstream customers, this can create collateral damage to their other customers. When some of these are Service Providers themselves, this magnifies how widespread the resulting service outages, or degradation, can be.
Historically, Service Providers just focused on moving packets, in large volumes, but the increasing need for always-on Internet connectivity, combined with the ongoing increase in DDoS attack frequency, is driving more and more ISPs to deploy state-of-the-art DDoS protection. ISPs must continue to adapt and be vigilant to the ever-changing DDoS threat landscape. DDoS attacks have become more prevalent and more sophisticated, and businesses have become more reliant on the Internet, meaning traditional methods of mitigation are no longer up to the job.
Over recent years Corero research has shown that the frequency and sophistication of DDoS attacks continues to increase and, correspondingly, most attacks are in fact now relatively small and short. Given that many of the ISPs with dedicated DDoS protection still rely on legacy out-of-band scrubbing centers, this evolution of the threat can leave them struggling to defend attacks and keep customers online.
In fact, there are multiple increasing challenges for those providers who still rely on out-of-band scrubbing centers: Firstly, attack monitoring for out-of-band scrubbing typically requires the use of NetFlow, which increases time-to-mitigation and only provides visibility into packet headers and not the payloads, reducing the accuracy of detecting the latest DDoS vectors. Secondly, swinging traffic to a scrubbing center causes further delays, which means the full impact of the attack is felt for a significant period of time, often measured in minutes, before mitigation commences. Thirdly, because scrubbing centers are, by definition, only a fraction of a provider’s edge capacity (typically around 10-20%), growing average attacks sizes increase the likelihood that scrubbing capacity is exceeded, especially when there are simultaneous attacks on multiple customers of that provider, as a result of increasing attack frequency. When attacks do exceed the available scrubbing capacity, ISPs are left with no choice but to blackhole all traffic to the customer(s) under attack, which means those customers are offline, completely. In such cases, the cybercriminals have won the battle, by successfully knocking their target offline.
Cybercriminals can do a lot of damage with DDoS, in a matter of seconds, which is why time-to-mitigation matters greatly; impact from attacks can only be reliably prevented with the latest generation of always-on, automatic, protection. As the revenue of organizations around the globe increasingly relies on their uninterrupted Internet presence, resilience can come down to fractions of a second.
More than ever, the world expects Internet availability; with many millions of individuals and businesses relying upon it. DDoS attacks are one of the most serious threats to Internet availability, so ISPs must take very seriously the decisions they make in terms of which DDoS protection solution they deploy.