CAIRO,
Egypt, 2nd
July, 2014:
The size, frequency and complexity of Distributed Denial of Services
(DDoS) attacks are increasing. According to figures from Arbor's
ATLAS network, in the Middle East, by the end of 2013, the average
attack size was 2.8 Gbps, higher than the global average of 2.3 Gbps.
Because of this, security and availability are now among the top
requirements of IT departments in businesses across the region
including Egypt. Unfortunately, when it comes to today's range of
sophisticated DDoS attacks, traditional security products, such as
firewalls or intrusion prevention systems, are proving to be
inadequate.
Mahmoud
Samy, Regional Director, Middle East, Russia, CIS at Arbor Networks
says that enterprises in Egypt are now more concerned about this than
ever before and Internet Service Providers (ISPs) in the country can
help them combat these threats, while simultaneously creating
lucrative new revenue streams. DDoS attacks that impact the
availability of services represent a significant opportunity for
ISP’s. In the face of the ever-present challenge of retaining
existing customers while attracting new ones, offering more
high-value services such as managed security could even prove to be a
competitive advantage.
The
market demand for managed security services is real and growing.
Moreover, the managed security and security monitoring services
segment will continue to yield the highest percentage of total
revenue in the Managed Security Services Provider (MSSP) market.
Service providers have some inherent advantages that enable them to
capitalize on this demand because they own the 'pipes' that transmit
data across the Internet. This makes ISPs in Egypt uniquely
positioned to deliver a comprehensive solution that can combat the
three primary types of DDoS attacks.
The
Three Types of DDoS Attacks
'Volumetric'
DDoS attacks are usually generated by Internet bots or compromised
PCs that are grouped together in large-scale botnets. Because of the
high-bandwidth and distributed nature of these attacks, the
congestion is likely occur upstream in the provider’s network and
therefore cannot be stopped at the enterprise or data-center edge.
In
addition, 'application-layer' DDoS attacks compromise the business
viability of service provider customers. These attacks target
specific services and consume lower bandwidth. These newer
application-layer DDoS attacks threaten a myriad of services ranging
from Web commerce and DNS services to email and online banking. And
they are becoming far more frequent than ever before. In Arbor’s
Annual Worldwide Infrastructure Security Report, nearly 90% of survey
respondents admitted to having experienced application-layer attacks.
The
convergence of volumetric and application-layer DDoS attacks poses a
significant threat to online services, and customers will be looking
for solutions.
An
increasing threat these days in the region is the targeting of
stateful devices. Since firewall and IPS devices are “stateful”
inline solutions, they are also vulnerable to DDoS attacks and often
become the targets themselves. Firewall and IPS devices will continue
to choke even during moderate DDoS attacks and can be first points of
failure during DDoS attacks.
Why
ISPs are ideally positioned to respond
The
best place to stop volumetric DDoS attacks is in the ISP cloud via
network-based DDoS protection because saturation happens upstream and
can only be re-mediated in the provider’s cloud. On the other hand,
the best place to perform application-layer DDoS detection is in the
data center itself because the attack can only be detected and
quickly mitigated at the data center edge. Only ISPs can provide both
a network-based service component to stop volumetric DDoS attacks and
a Customer Premises Equipment (CPE) based service component to stop
application-layer DDoS attacks. This approach presents a distinct
competitive advantage.
There
are cost efficiencies at work, too. Today with ISPs already supplying
managed firewalls, Secure Socket Layer virtual private networks (SSL
VPNs), intrusion detection systems (IDS), intrusion prevention
systems (IPS) and other security measures, adding an incremental
managed DDoS protection service can be relatively straightforward and
cost-efficient.
Providers
hoping to add a comprehensive DDoS mitigation service to their
offerings must ensure that the solution they implement support the
following:
- Both in-line and, more importantly, out-of-band deployment to avoid being a single point of failure on the network.
- True 'distributed' DoS (DDoS) attack detection, which requires broad visibility into the network, not just from a single network perspective, and the ability to analyze traffic from different parts of the network.
- Attack detection using multiple techniques such as statistical anomaly detection; customizable threshold alerts; and fingerprints of known or emerging threats that are based on Internet-wide intelligence.
- Mitigation that can easily scale to handle attacks of all sizes, ranging from low-end (e.g., 1Gbps of mitigation, deployed in the data center) to high-end (e.g., 40Gbps of mitigation, deployed in the ISP network).
The
solution must also feature managed security service enablers. These
include application programming interfaces (APIs) for integration
with existing systems; the ability to launch a customer portal
easily; provisioning templates; fault tolerance; and redundancy.
DDoS
attacks are continuing to rise and both public and private data
centers are prime targets. Today’s data center operators are
seeking solutions to this pressing problem. ISPs in Egypt have a
unique opportunity to respond by offering valuable network- and
edge-based services that protect their customers’ data centers
against DDoS attacks and drive incremental revenue.
