By Ronen Priel, VP Product Management at Allot Communications.
DDoS attacks are a growing threat for enterprises and service providers, driven in large part by new technology trends such as the Internet of Things (IoT), where the focus has been more on functionality than security.
According to Frost & Sullivan’s latest whitepaper, Service Provider Requirements for DDoS Mitigation, DDoS attacks have been steadily growing in terms of scale, frequency, and complexity for years.
But DDoS took an unprecedented leap forward in 2016, peaking at over 1TBps for the first time ever – often targeting service provider networks.
At the same time, these attacks have become more accessible due to publicly available tools on the internet and for-hire DDoS services. In essence, DDoS has gone mainstream.
Threat actors have become more innovative by inventing new techniques and procedures in order to evade defences.
For example, some attackers have started doing “drive-by” attacks that last only a few minutes as a means of defeating time-dependent defences such as centralised scrubbing centres or on-demand cloud services.
It should come as no surprise then that DDoS attack mitigation is now a top priority for enterprises and service providers alike.
But the current state of enterprise security is insufficient to combat today’s DDoS attacks, and service providers find themselves in the crossfire, which is always costly.
DDoS also negatively impacts the Quality of Experience (QoE) subscribers have come to expect.
That is why they must be as innovative as the threats have become.
This requires solutions that not only address challenges unique to service provider networks, but also have the potential to yield benefits beyond attack mitigation.
For example, service providers that offer DDoS mitigation to their customers as a value-add feature or as a dedicated premium service can give them a competitive advantage in the market.
What to look for when it comes to DDoS protection
To address the realities of today’s DDoS landscape, service providers need to make sure they have the most innovative security solutions implemented on their network.
This also means revisiting DDoS defences and strategies on a regular basis to re-evaluate their effectiveness and ability to meet the service-level agreements and maintain a consistent QoE for their subscribers.
A comprehensive service provider security solution will need to be composed of the following characteristics:
• Scalability and efficiency to face different types of attacks. Being able to defeat DDoS attacks inline, in real time, at the attacker source will allow service providers to be more efficient at threats. They should begin by setting limiting policies on network infrastructure elements to ensure that they are not overwhelmed.
• Rapid detection and response to identify attacks. Inline solutions allow service providers to mitigate attacks in seconds in real time. This method provides exact and rapid mitigation of DDoS attacks, including short duration attacks. Coupled with deep packet inspection (DPI), inline solutions can manage the network traffic and provide service provider customers with a consistent QoE through prioritisation. DPI solutions can detect suspecting behaviours quicker and to mitigate attacks in real time without impacting the quality of the network at any time.
• Broad visibility of the network to have a clear picture of all network activity. Using multiple inline detection appliances is key for service providers when it comes to DDoS protection. A centralised controller would coordinate these inline devices, thereby allowing the service provider to detect attacks that are spread over multiple peering points. This distributed, but centrally managed, model gives service providers full visibility of their entire network so that they can be able to detect threats more efficiently.
• Granular controls across network entry points to differentiate IoT device traffic from other sources. This will minimise the impact of IoT-driven DDoS attacks, which are becoming increasingly common.
Service providers need modern mitigation solutions to face this ever-changing DDoS environment.
The key is to combine the advantages of a DPI inline appliance and a centrally coordinated DDoS mitigation model to mitigate attacks in an efficient way.
It will result in an optimal protection for service providers and their customers, and support asymmetric routing, application identification, and session awareness.
These kinds of comprehensive solutions are extremely difficult to find in the security market in a single, purpose-built appliance, but could offer vital capabilities for protecting service provider networks.
Last but not least, service providers who offer such high-level solutions will be rewarded with reduced costs and network optimisation.