Are ISPs Doing Enough To Protect Businesses Against DDoS Attacks?

Nine tenths of enterprises want better protection against distributed denial of service (DDoS) attacks from their ISPs, according to research from network security firm Corero, which claims ten percent of providers have such poor network visibility that the first time they are aware of a attack affecting a customer is when they make a complaint.

DDoS attacks have increased in frequency and ferocity in recent years, with easy to use technology making it easier than ever to stage assaults.

DDoS mitigation

The largest DDoS to date was measured at more than 500Gbps last year and many actors use the threat of such campaigns to extort money from companies who would suffer severe reputational or financial damage if their services were inaccessible for an extended period of time.

NatWest’s online banking system was the victim of an attack last August, as was parenting website Mumsnet, showing the range of potential targets.

“Given this situation, it’s no wonder that enterprise customers are demanding better DDoS protection,” said Dave Larson, chief operating officer of Corero, who claimed the average DDoS attack cost a large enterprise $444,000 (£309,000) in lost revenue and IT spending.

“Using yesterday’s tools to mitigate today’s attacks may save ISPs costs in the short-term, but it also puts their customers at greater risk of suffering a DDoS attack. To any organisation relying on the Internet to conduct business, the fiscal fallout from a DDoS attack can be exponential.”

Scrubbing

Corero expressed concern that a “significant” number of ISPs were using what it perceived to be outdated methods to mitigate DDoS attacks rather than use what it regards to be superior processes.

The company said many firms ‘blackhole’ traffic by routing it away from the intended target so its uplink capacity is not exceeded, however this blocks traffic indiscriminately, effectively blocking off a website or service. Half off all ISPs surveyed use this method.

It also cited scrubbing, a process which filters out malicious traffic in order to minimise the impact on a business, as an example of an outdated procedure, claiming it is expensive and slow as it takes 30 minutes from detection to mitigation. Forty-six percent of ISPs surveyed use scrubbing.

Corero told TechWeekEurope that scrubbing centres “coarsely” filter out bad traffic, are unable to detect shorter, smaller DDoS attacks and adds latency to the remediation process. But the cost is surely an issue for the ISP – not the customer. So why would the latter care?

“The expense to maintain and scale scrubbing operations can be a tough pill to swallow,” added Stephanie Weagle, Senior Director at Corero. “As attacks grow in frequency and sophistication, ISP’s are required to scale their mitigation solutions accordingly—so yes, the ISP’s are caught holding the bag.

“However, the end users feel the repercussions when DDoS traffic is not eliminated in the scrubbing scenario, and attacks continuously make their way downstream. ISPs that do not evolve their mitigation techniques along with the attack landscape leave their customer at greater risk.”

The ISPs view

One ISP that does use scrubbing is convinced it is an effective method. BT’s cloud-based DDoS mitigation platform called ‘Assure’ automatically redirects traffic to one of a number of scrubbing centres around the world and says this means customers can function as normal. It is adamant that the process is effective, rapid and does not negatively impact its customers.

“BT has a single platform for detection and mitigation, which means rogue traffic can be detected automatically and action taken very quickly to protect customer’s network,” Phil Swindle, vice President Security Portfolio, at BT told TechWeekEurope. “Our Assure DDoS mitigation technologies work by ‘cleaning’ internet traffic, sorting through the normal and malicious requests.

“We believe in allowing organisations around the world to connect easily and securely to the applications and the data they need, independently of where they are hosted. By using a cloud-based solution, the DDoS attack is mitigated before it hits the customer’s network and, in some cases, even before it enters the network. This means limited or no impact on the customer’s business and no compromised performance.”

TalkTalk considers itself to support customers against DDoS attacks but does not offer any specific services to its business users. Virgin Media had not responded to TechWeekEurope’s requests for comment at the time of publication.

Newer methods

In an ideal world, companies surveyed said they would like their ISP to have the ability to handle high volume attacks, have greater visibility of customers’ networks and to maintain bandwidth during an assault. All of this would take little or no human intervention, according to respondents.

“This also represents an important capacity issue for ISPs,” continued Larson. “Rather than using up spare bandwidth by re-routing malicious traffic to a scrubbing centre, ISPs need to learn to ‘sweat their assets’ by making their existing pipes work more effectively. This can be done by engaging an in-line DDoS mitigation tool which detects malicious traffic at the network edge, and stops it in its tracks.”

Real time prevention

The theory here is that by filtering traffic at the source, rather than re-routing it, ISPs are proactively blocking negative traffic, don’t need to be alerted to a DDoS assault, and don’t have to undertake the expense of re-routing it to a scrubbing centre or impose the inconvenience of blocking all traffic.

However despite all this, 80 percent of ISPs said they believed advanced DDoS protection was a business opportunity and half viewed DDoS-related defences as more important than other types of security for customers. The main issues appears to be cost, with half of providers unconvinced customers would be willing to pay, although 37 percent claimed their subscribers just weren’t interested.

“Telecoms providers are missing a trick here, by selling on cost not quality,” added Larson. “They have a golden opportunity to create valuable new revenue streams by providing a cleaner, more reliable pipe for their customers by adopting an always-on, in-line DDoS mitigation system.

“The industry is placing ever-higher premium on keeping data secure and their networks free from malicious actors, so ISPs can either use this as an opportunity to modernise their services and generate new channels for revenue – or risk a slow shrinking of their customer base.”

Are you a security pro? Try our quiz!