The vast majority of enterprise end users (85%) want their ISPs to offer more comprehensive DDoS protection-as-a-service, according to Corero Network Security.
The research, which polled over 100 ISPs and 75 enterprise customers about their DDoS mitigation strategies, revealed that an alarming proportion of ISPs are still relying on outdated technologies to protect their customers. For example, forty-six per cent divert DDoS traffic through a scrubbing centre – an expensive and notoriously slow technique which typically takes around an hour from detection to mitigation. In addition, almost half of those surveyed (49%) ‘blackhole’ a victim’s traffic when they suffer a DDoS attack – which essentially does a hacker’s job for them, by denying service to a particular website.
In addition, nearly a fifth of the ISPs and hosting providers surveyed (9%) have such poor visibility over their customers’ networks that they only realize a DDoS attack is taking place when their customers complain.
Dave Larson, COO at Corero Network Security, explains: “Given this situation, it’s no wonder that enterprise customers are demanding better DDoS protection. Using yesterday’s tools to mitigate today’s attacks may save ISPs costs in the short-term, but it also puts their customers at greater risk of suffering a DDoS attack. According to a recent Kaspersky Lab report, DDoS attacks cost large enterprises an average of $444,000 USD in lost revenues and IT spending. To any organization relying on the Internet to conduct business, the fiscal fallout from a DDoS attack can be exponential.”
“This also represents an important capacity issue for ISPs. Rather than using up spare bandwidth by re-routing malicious traffic to a scrubbing centre, ISPs need to learn to ‘sweat their assets’ by making their existing pipes work more effectively. This can be done by engaging an in-line DDoS mitigation tool which detects malicious traffic at the network edge, and stops it in its tracks.”
Despite their current practices, the vast majority of ISPs surveyed (80%) saw a business opportunity in providing enhanced DDoS mitigation-as-a-service to their customers. More than half (51%) also rated DDoS defenses as more important than other types of security defenses for their customers.
But most are stalling due to concerns about increasing costs for their customers. When asked about their reasons for not providing a more robust type of DDoS defense, over half (51%) of ISPs say that their customers expect to receive clean pipes as part of their service and would balk at paying a fee. But given the inadequacies of the techniques currently being utilized, these expectations are unlikely to be met in the event of a DDoS attack. A smaller segment (37%) suggested that they don’t believe their customers are concerned with the impact of DDoS attacks – which is clearly at odds with the financial and reputational risks involved.
Dave Larson continues, “Telecoms providers are missing a trick here, by selling on cost not quality. They have a golden opportunity to create valuable new revenue streams by providing a cleaner, more reliable pipe for their customers by adopting an always-on, in-line DDoS mitigation system. The industry is placing ever-higher premium on keeping data secure and their networks free from malicious actors, so ISPs can either use this as an opportunity to modernize their services and generate new channels for revenue – or risk a slow shrinking of their customer base.”
Incapsula recently released an eBook you might be interested in – Guide to protecting SaaS apps from DDoS attacks.