Fast Detection Protects Critical MEC Services from DDoS Attacks
Globally, DDoS attacks have increased 300 percent in 2020, spurred further by pandemic-inspired cyber crime. This has proven to be a wake-up call to organizations of all types – schools, higher education, communication service providers, and enterprise. As populations shelter in place and work, play, and learn from home locations, secure and reliable connectivity is essential not only for economic survival, but required for access to health services, education and other fundamental needs of society. An estimated 56 percent of enrolled learners globally have been impacted, according to UNESCO. The deep impact of the digital divide is now clear.
DDoS attacks impair availability of network and services, crowding out legitimate traffic with spurious and malicious traffic or slowing down response times. Large volumetric DDoS attacks as large as 2.3 Tbps can cause entire service provider networks to crash, denying service to large numbers of consumers and businesses. The more common, smaller and targeted DDoS attacks (<5 Gbps) are large enough to put a small hospital network out of service or provide a distraction for planting ransomware. Most of these smaller attacks, 75 percent, according to Neustar, are undetected. DDoS attacks are increasingly sophisticated and multi-vector, often building slowly to escape easy detection. For service providers, handling terabits of traffic every second, these smaller, slower attacks are especially difficult to detect and mitigate.
In a recently published white paper by Heavy Reading, 85 percent of communication service providers (CSPs) identified DDoS detection as a required function in 2023. CSPs will use multiple form factors, including physical, virtual and container, in both multi-access edge computing (MEC) sites and the centralized core of 5G non-standalone (NSA), 5G standalone (SA) and 4G networks – depending upon their 5G implementation strategy.
Why is Fast Detection so Critical?
When services are life critical or business essential, the rapid detection and mitigation of DDoS attacks minimizes damage to infrastructure or subscribers and may even halt the progress of an attack altogether. Seconds and milliseconds can count and can make a life-saving difference.
As mobile operators transition their networks for 5G and shifting from centralized data centers to multi-access edge computing, the significance of DDoS protection has grown. Operators are recognizing the significant threat of DDoS attacks to MEC nodes network availability, or to the downstream customers that are served. With multi-access edge computing, the number of potential attack points for DDoS will grow from a few centralized core sites to hundreds or even thousands of multi-access edge computing locations. These distributed detection points must detect and identify malicious traffic very quickly and then apply the appropriate mitigation
DDoS Detection Moves to Cloud-Native and Multi-Access Edge Computing (MEC)
DDos detection and mitigation that used to be considered a centralized core network function is now needed in MEC (multi- access edge computing) nodes as well.
In the Heavy Reading survey, a significant number of CSPs surveyed (16-19 percent) indicated that they would use cloud-native containers for DDoS detection and mitigation. This is surprising as historically, security functions including those providing protection against DDoS attacks, were only provided by large, purpose-built hardware in core networks and for volumetric DDoS attacks. This survey shows that DDoS detection will also be implemented in smaller, MEC locations in container (cloud native), virtual and physical form factors.
In the hybrid, dual-mode 5G network with ever-growing edge sites, the physical logistics of monitoring and correlating threat activity across this sprawling network are daunting. Two fundamental principles must be maintained.
Legitimate Traffic Must get Through
Detection technology must accurately decipher which traffic is legitimate and which isn’t.
In common DDoS attacks, the attacker sends volumes of small requests with the spoofed victim’s IP address to internet-exposed servers. The servers reply with large amplified responses to the unwitting victim. Of the 10M DDoS weapons identified in the A10 Networks State of DDoS Weapons Report, 75 percent came from only five attack vectors – Portmap, SNMP, SSDP, DNS Resolver, and TFTP.
Amplification attacks have also been launched using less common protocols, resulting in record-breaking volumetric attacks, such as the recent CLDAP-based AWS attack in Q1 2020, which peaked at 2.3 Tbps and was 70 percent higher than the previous record holder or the 1.35 Tbps Memcached-based GitHub attack of 2018. Even a fractional attack surface has the potential for generating very large-scale DDoS attacks.
Low Latency Must be Maintained
Mobile operators must maintain consistently high levels of performance and security.
Tight integration that is cloud-native and is in-line with traffic, allows a faster response to threats, minimizes latency and provides a consistent security approach that can be applied across the entire network, regardless of network technology.
Ericsson Packet Core Firewall, Powered by A10 Networks
The Ericsson Packet Core Firewall, powered by A10 networks enables security to be embedded in the user plane so that security functions are able to detect and react in milliseconds and can take advantage of automation and machine learning analysis that lowers human intervention and TCO.
The Ericsson Packet Core Firewall combines cloud-native user-plane threat mitigation and advanced security functions. It addresses security use cases for user-plane deployments in MBB and IoT segments.
By deploying Ericsson’s dual-mode 5G Core including the Ericsson Packet Core Gateway with integrated Packet Core Firewall powered by A10 Networks, operators are provided a seamless path to 5G migration with a strong, consistent security offering using advanced threat recognition and machine learning for protection against DDoS attacks, roaming intrusions and other IoT and internet-based threats.
For more information on Ericsson Packet Core Firewall, visit https://www.ericsson.com/en/digital-services/5g-core/packet-core-firewall.