Service Provider Deployment of DDoS Mitigation

Service Provider Deploymentof DDoS MitigationAn IHS Infonetics Webinar

#DDoS

© 2015 IHS

Today’s Speakers Service Provider Deployment of DDoS Mitigation

2

Dave LarsonChief Operating Officer

Corero Network Security

Stephen ClarkDirector, IP Networks

Telesystem

Allen TataraManager, Webinar Events(Moderator)IHS

Jeff WilsonSenior Research DirectorCybersecurity TechnologyIHS

#DDoS

© 2015 IHS

1

54

23

DDoS Attacks and Service Providers

Mitigation Architectures for Providers

Block Communications Overview

Deployment Discussion

Sponsor Approach

67

Conclusions

Audience Q&A

#DDoS

© 2015 IHS 4

20 Years of DDoS Attacks

First Hacktivist event: Zapatista National Liberation Army

Packeting for bragging rights

MafiaBoy DDoS: Yahoo!, Amazon, Dell, CNN, Ebay, Etrade

Spammers discover botnets

Organized crime:

Extortion

Estonia: Parliament, banks, media, Estonia Reform Party

Spamhaus attack: Reported to reach 310 Gbps

1993 20131995 1997 1999 2001 2003 2005 2007 2009 2011

DDoS Timeline

Anon hits Church of Scientology

Panix.net hit with first major DDoS

2015

Coordinated bank attacks: Attack sized to 170 Gbps,continues today

500 Gbps attack in Hong KongFrance swarmed after terror attackPlayStation & Xbox hit at Christmas

ProtonMailattack

© 2015 IHS 5

Solution Evolution

Primary focus: Tier 1 service providers

2003

2009

2013

2001

2007

2011

2015

Commercialproducts

Cloud scrubbing

De-factostandardsolution

Massive increasein attack volume

Massive increasein attack complexity

Demand foron-prem

New on-premsolutions

© 2015 IHS

The Dirty Secret: Tier 2/3 Peering Connections

6Source: peeringdb.com

© 2015 IHS 7

Long-Term Deployment Strategies

‣ We surveyed 25 tier 1 and 2 operators around the globe

‣ On-prem is a no-brainer for tier 1, and becoming a viable option for tier 2

‣ Even those who won’t deploy 100% on prem plan hybrid deployments

Partner for or purchase ahosted DDoS mitigation service

Deploy a hybrid solution, with bothDDoS mitigation infrastructure on

premise and hosted services

Build out our own DDoS mitigationinfrastructure in our data centers

-20% 0% 20% 40% 60%

12%

38%

50%

Percent of Service Provider Respondents

IHS Infonetics Cloud & Data Center Security Strategies & Vendor Leadership: Global Service Provider Survey; December 2015

© 2015 IHS 8

Mitigation Capacity

‣ Same 25 operators

‣ 77% expect to have only 50G of on-premise mitigation (or less)


>100G

100G

50G

10G

1G

0% 20% 40% 60% 80%

8%

15%

38%

27%

12%

62%

27%

12%

0%

0%

HostedOn-premises


© 2015 IHS 9

Providers Planning Investments Today

‣ DDoS mitigation is a top investment priority today

‣ Would make capital investments in on-premise DDoS mitigation if the economics work


Don’t know

Web application firewall

UTM

Sandboxing/advancedmalware protection

Intrusion prevention system

Integrated network securityplatform that offers firewall,IPS, and content security

Web security gateway

Virtual security appliances/security solutions for

virtualized environments

Next gen firewall

Firewall

DDoS protection system

-20% 0% 20% 40% 60%

4%

4%

4%

4%

4%

4%

8%

23%

27%

46%

50%


Secu

rity

Plat

form

s

© 2015 IHS 10

DDoS Mitigation Generates Revenue

‣ Providers can turn mitigation infrastructure around and re-sell as a service


Incident response

Authentication

Vulnerability assessment

Sandboxing/advanced threat prevention

Secure web gateway

Secure remote access

E-mail/messaging security

Firewall/UTM/NGFW

DDoS protection

0% 20% 40% 60% 80% 100%

46%

46%

46%

50%

58%

65%

69%

88%

96%

Percent of Respondents

Host

ed/M

anag

ed S

ecur

ity S

ervi

ces

IHS Infonetics Cloud and CPE Managed Security Services Market Size & Forecasts; March 2015

CY13 CY14 CY15 CY16 CY17 CY18 CY19$0

$500,000,000

$1,000,000,000

$1,500,000,000 DDoS Mitigation Revenue

© 2015 IHS

1

54

23





Sponsor Approach

67

Conclusions

Audience Q&A

#DDoS

© 2015 IHS

Unprotected Customer

Attack TrafficNon-Attack Traffic

DDoS Detection(NetFlow Collector/Analyzer)

NetFlow

Null Routeon Destination IP

Native Traffic Path

All traffic discarded

DDoS Defense 1.0 - Null Route

12

© 2015 IHS

Partially Protected Customers

DDoS Detection(NetFlow Collector/Analyzer)

Non-Attack Traffic

Diverted Traffic Path

New Route via BGP

GRE Tunnel to Customer

Native Traffic Path

Industry Leader’sScrubbing Approach

NetFlow

DDoS Defense 2.0 - Scrubbing

Legacy

13


© 2015 IHS


Non-Attack Traffic

DDoS Traffic Blocked Inline

CompletelyProtected Customers

DDoS Defense 3.0 - Inline, Always-On

Real-time Alerting and Reporting

14

In-line Appliance

© 2015 IHS

In-line ApplianceIn-line

Appliance

In-line Appliance

Always-On, Service Provider Managed Threat DefenseAvailable as a Shared or a Dedicated Threat Defense Service

Protected Resource

Single Customer

10G

10G

DEDICATED 10G THREAT DEFENSE

DEDICATED MULTIPLE 10G THREAT DEFENSE

10G

Protected Resource

Single Customer

10G

10G

10G

Protected Resource

Customer 1

40G

10M

SHARED <10G THREAT DEFENSE

Protected Resource

Customer 2

1G

Protected Resource

Customer N

100M

10G

10G

Internet

15

In-line Appliance

© 2015 IHS

Example Peering/Transit Point Deployment

SP

Upstream Provider A

In-Line Appliances Deployed on 10G Peering/Transit Connections

Upstream Provider B

Service Provider Network

16

In-line Appliance

In-line Appliance

In-line Appliance

In-line Appliance

© 2015 IHS


Alerting and Reporting

Non-Attack Traffic

DDoS Traffic Blocked

at Subscriber Edge

Completely Protected ISP, Hosting, and Enterprise

Customers

Example Subscriber Edge Deployment

17

In-line Appliance

© 2015 IHS

1

54

23





Sponsor Approach

67

Conclusions

Audience Q&A

#DDoS

© 2015 IHS 19


‣ Communication, Internet, and Computing Solutions Provider

‣ Block Communications Commercial Telecommunications divisions, Telesystem (www.telesystem.us) and Line Systems (LSI) (www.linesystems.com) offer voice, internet, and cloud computing solutions to thousands of commercial customers extending from the east coast throughout the Midwest

http://www.telesystem.us/

http://www.linesystems.com/

© 2015 IHS 20

Block’s DDoS Mitigation Deployment‣ Number/size of links protected

• TSM – eight (8) 10Gig links being mitigated

• LSI – three (3) 10Gigs links being mitigated; two (2) 1Gig links being mitigated

• MaxxSouth – Four (4) 10Gig links; expect to be in mitigation mode by end of month

‣ In-line deployment automatic DDoS mitigation on each of the vital interconnects

‣ Eliminate DDoS attack traffic at the peering edge

© 2015 IHS 21

Relief with In-Line Mitigation‣ Post deployment success.

DDoS is handled automatically, and good user traffic flows as intended.

Week start date Traffic blocked (GB)9/27/2015 7935.42

10/4/2015 5442.49

10/11/2015 4515.76

10/18/2015 2040.66

10/25/2015 5280.27

11/1/2015 6018.34

11/8/2015 4506.04

11/15/2015 3903.47

11/22/2015 5833.86

11/29/2015 4941.37

12/6/2015 2457.96

12/13/2015 5262.04

12/20/2015 25005.61

12/27/2015 8610.96

25 terabytes of DDoS attack traffic automatically removed! No human intervention

Near saturation attack event on

12/22

© 2015 IHS

1

54

23





Sponsor Approach

67

Conclusions

Audience Q&A

#DDoS

© 2015 IHS 23

What was your previous DDoS mitigation strategy?

© 2015 IHS 24

What drove the decision to look at new solutions?

© 2015 IHS

Corero SmartWall Network Threat Defense

ADVANCED DDOS & CYBER THREAT DEFENSE

TECHNOLOGY

BUILT ON NEXT GENERATION

ARCHITECTURE

COMPREHENSIVE ATTACK VISIBILITY & NETWORK

FORENSICS

SmartWall® Threat Defense System (TDS)

Service/hosting providers On-premises or cloud deployments Protection in modular increments of 10 Gbps In-line or scrubbing topologies

28

1/10/20 Gbps80 Gbps

320 Gbps

© 2015 IHS

Corero Cost Savings Opportunity‣ From a scrubbing center perspective*

- 85% rackspace advantage

- 75% power advantage

- 4x packet-per-second performance

- >85% OPEX savings

- >50% CAPEX savings

* Per gigabit of scrubbing center capacity

29

© 2015 IHS 30

DDoS as-a-Service ROI Advantage

Types of Customers

# of Current Customers

Average Monthly Charge

Current Monthly

RevenuePenetration

Rate# of DDoS

service Customers

% Upcharge New Price For Service

New Revenue

stream

10Gbps 100 $5,000 $500,000 50% 50 3% $5,150 $7,500

1Gbps 200 $3,000 $600,000 25% 50 4% $3,120 $6,000

100Mbps 500 $500 $250,000 20% 100 8% $540 $4,000

50 Mbps 100 $100 $100,000 10% 100 10% $110 $1,000

Additional monthly DDoS as-a-service revenue - $18,500 Additional annual DDoS as-a-service revenue - $222,000

© 2015 IHS 32

DDoS mitigation is everyone’s problem

The solutions for in-line mitigation have changed

There is opportunity today to save operational and bandwidth cost, and generate new revenue

© 2015 IHS

Audience Q&AService Provider Deployment of DDoS Mitigation

34

Dave LarsonChief Operating Officer

[email protected] Network Security

Stephen ClarkDirector, IP Networks

[email protected]

Allen TataraManager, Webinar Events(Moderator)[email protected]

Jeff WilsonSenior Research DirectorCybersecurity [email protected]

#DDoS

mailto:[email protected]




Thank YouThis webcast will be available on-demand for 90 days.

For additional IHS Infonetics events, visit: https://www.infonetics.com/infonetics-events/

Follow us on Twitter at @infonetics and @infoneticsevent

#DDoS

https://www.infonetics.com/infonetics-events/

Service Provider Deployment of DDoS Mitigation

Technology

Transcript of Service Provider Deployment of DDoS Mitigation