Distributed denial of service (DDoS) attacks routinely capture mainstream attention, and for years high-bandwidth mitigation fell into the domain of the largest Tier 1 carriers and highly-specialized DDoS mitigation service providers. The evolution of high-bandwidth inline DDoS mitigation solutions has now opened up the opportunity for service providers of all sizes to build out their own mitigation capability, helping to better combat attacks and enable new DDoS mitigation services. This slide deck examines DDoS best practices and new security solutions available for the service provider environment.
35. Thank You
This webcast will be available on-demand for 90 days.
For additional IHS Infonetics events, visit:
https://www.infonetics.com/infonetics-events/
Follow us on Twitter at @infonetics and @infoneticsevent
#DDoS
Editor's Notes
1: attackers have evolved
2: targets have evolved-now everyone is a target
3: mitigation solutions had to evolve
UPDATE WITH EVENTS FROM CORERO
Cloudflare-after initial attacks were mitigated by cloudflare, attackers went after their bandwidth providers (mostly tier 2 providers, who then foisted the problem onto the tier one providers they buy bandwidth from)
Rutgeurs university
Thai government
150G capable linux botnet
Botnet made up of CCTV camers
It never ends, attackers don’t discriminate…any company, any place, for any reason
20 years of attacks, but less than 15 years of commercial mitigation solutions…the first solutions came after the wave of public attacks that hit major brands in 1999/2000
The obvious assumption was to build something for tier 1 providers, as the traffic eventually rolled up to their networks, and they had the expertise and manpower to manage.
Mitigation was very manual, and focused on volumetric attacks
Will the Tier 1 providers help tier 2/3 when it really comes down to it?
25K public facility presences, and 15K private presences represents thousands of tier 2 providers: regional telecom providers, hosting shops, small cloud providers, etc.
With so much consolidation of data into larger and larger data centers (even for tier 2/3 providers), they have become easier to target, but also have an opportunity to consolidate protection and not rely on upstream providers to fix the problem (on their timeline).
TSM – eight (8), 10Gig links being mitigated
LSI – three (3), 10Gigs links being mitigated; Two (2) 1Gig links being mitigated
MaxxSouth – Four (4), 10Gig links; expect to be in mitigation mode by end of month
Firewall & manual intervention. Identification of attack vectors was difficult and mitigated, when applicable, via targeted null routing.
Attacks that were targeting ranges as opposed to single addresses were virtually impossible to mitigate. Frequency and scale of attacks increasing. Customer impact escalated form individuals to entire sections of the network mostly due to increased scale.
Attacks that were targeting ranges as opposed to single addresses were virtually impossible to mitigate. Frequency and scale of attacks increasing. Customer impact escalated form individuals to entire sections of the network mostly due to increased scale.
Prevents attack traffic from entering the network which eliminates the concern with saturating a link and choking sections of the network.
Provides real time monitoring and mitigation as oppose to noticing the attack and reacting after the customer experience is impacted.
Provides reporting, alarming, and regular updates of attack vectors and impact – Proof of performance
Provides active monitoring by Corero team and quick updates as new attacks scenarios occur
This is where you can talk about the possibility of providing protection on the upstream link
Present the product line in context of the bandwidth requirements. Dave L to mark up
Evolutionary deployment for existing customers
Existing DDS deployments can be scaled up without a fork lift upgrade with a SmartWall as an added component