Should carriers, broadband providers, Internet Service Providers (ISPs), and others that provide high-speed connectivity be responsible for mitigating DDoS attacks? That is a question that proves to be debatable, akin to the notion that the water company should be responsible for leaky household pipes.
Regardless, DDoS attacks are on the rise and are becoming more successful and wide spread. Just ask the most notable victims of 2016, such as Dyn, KrebsonSecurity.com , and many others, and you’ll get answers that illustrate how widespread those attacks have become and more importantly, how harmful DDoS attacks are to business.
Unfortunately, there is no light at the end of the DDoS attack tunnel, according to consulting firm Deloitte, 2017 may become a year of crisis for DDoS attacks. Deloitte’s observations prove one thing, action must be taken to deal with what is becoming the largest scourge of internet connectivity, begging the question; where do those dire predictions leave service providers and their enterprise customers?
Obviously, it all comes down to technology, the technology to detect and counter DDoS attacks. In other words, automated response and mitigation systems need to be put in place to stop DDoS attacks before any real damage is done. Even so, where should that technology be placed to be effective? Should it go in the data center, or at the network edge, or deep within the NAC?
The answer to that question perhaps lies with an observation made by Petr Springl, Director of Products and Strategic Alliances at Flowmon Networks. Springl said “As heterogeneous and high-volume networks continue to grow so do the DDoS attacks. The need for high-performance detection and enforcement for 100G attacks has never been more important.”
Today, service providers, including Content Distribution Networks (CDN) and Internet Service Providers (ISP) are rapidly building 100G connections to meet customer and business needs. A fact that illustrates where DDoS protection should be implemented, at the service provider level, but is that possible with today’s technology?
Duncan Stewart, Director of TMT Research at Deloitte points out “Over the past few years, the scale of DDoS attacks has become steadily larger. It looks like 2017 will see this scale increase even more rapidly with the abundance of unsecure IoT devices and the fact that large-scale attacks have become simpler to execute. The consequence may be that CDNs and local mitigations may not be able to scale readily to mitigate the impact of concurrent large-scale attacks, requiring a new approach to tackling DDoS attacks.
Bruce Gregory, CEO of Corsa thinks he may have an answer to that conundrum. Gregory said “Service providers should be looking to implement high-performance enforcement engines, which interoperate with existing DDoS detection. Gregory added, “That technology should provide the necessary 100G line rate enforcement, and only impact traffic as a bump in the wire.”
Corsa has delivered on that ideology in the form of a new security appliance, the Red Armor NSE7000 Network Security Enforcement engine, which is designed to deliver scalable 100G DDoS protection.
“Applying Corsa’s DNA of simple, high-performance forwarding engines into our new network security enforcement solution is a ground-breaking move,” said Gregory. “Service Providers and network security architects can leverage Red Armor to deliver affordable and scalable enforcement against any size attack, from any number of sources, all at line-rate. We are pleased to be working with our Early Access Customers as they pave the way forward in evolving network security architectures.”
While Gregory has a vested interest in promoting Corsa’s products, one thing becomes abundantly clear; service providers should be embracing DDoS protection as a service, helping their clients avoid devastating DDoS attacks, while also helping to shut down the purveyors of those attacks as well.
Simply put, DDoS protection creates an opportunity for service providers to offer additional services that will benefit their customers.