How the Best Communication Service Providers Thwart DDoS Attacks

We’ve already established that communication service providers (CSPs) are highly vulnerable to DDoS attacks.

In our previous post, we learned that 85 percent of CSPs say DDoS attacks against their organization are either increasing or maintaining their pace.

But what can CSPs do to protect themselves against the relentless waves of DDoS attacks they face?

That’s what we’re here to find out with the help of the Ponemon Institute’s 2019 report sponsored by A10 Networks, “The State of DDoS Attacks Against Communication Service Providers.”

The report revealed that high-performing CSPs who are successfully thwarting DDoS attacks know that:

Let’s take a closer look at each of those statistics to discover exactly how the best CSPs are staying one step ahead of DDoS attackers.

What Is a High-Performing CSP?

Before we get started, let’s clarify what constitutes a high-performing CSP.

When we talk about high performers, we’re referring to the 29 percent of survey respondents who say their organizations have a high level of ability to detect and mitigate DDoS attacks.

By comparing that group of high performers to the overall sample, the report found that CSPs who are highly capable of DDoS mitigation are also more capable of DDoS prevention and detection.

Specifically, 51 percent of high performers are effective at preventing DDoS attacks, compared to 34 percent of the overall sample.

Similarly, 55 percent of high performers are effective at detecting DDoS attacks, versus 39 percent of the overall sample.

Bar graph showing the percentage of high performing CSPs who can prevent and detect DDoS attacks

So, when we talk about high performers, we’re not just talking about CSPs that are good at controlling the impact of DDoS attacks—we’re talking about CSPs who are able to prevent and detect DDoS attacks, too.

Smart CSPs See the Risks of IoT

Here at A10 Networks, we’ve always seen why IoT devices are especially vulnerable to DDoS attacks (read our previous blog post here to learn more).

As it turns out, high-performing CSPs think much the same way, with 57 percent reporting that they’re “very concerned” about Mirai-type attacks that mobilize IoT devices (only 49 percent of the overall sample said the same).

Bar graph showing how concerned CSPs are about Mirai-type DDoS attacks

In keeping with that, the greatest percentage of high performers (63 percent) say that IoT devices are the greatest DDoS-related security risk.

Comparatively, the greatest percentage of the overall sample (63 percent) named a lack of system connectivity and visibility.

Bar graph showing which areas CSPs view as being the most vulnerable to DDoS attacks

The takeaway: Just because IoT devices aren’t part of CSPs’ network infrastructure doesn’t mean they don’t pose a massive potential threat. All CSPs need to be aware of their vulnerability.

Comprehensive Threat Intelligence Is Crucial

Another distinguishing feature of high-performing CSPs is the level of importance they place on threat intelligence.

High performers’ threat intelligence differs from that of the overall sample in multiple ways:

Bar graph of the features of high-performing CSPs' threat intelligence versus that of all survey respondents

Given that both botnet and reflected amplification attacks are common, it’s not surprising that CSPs who have access to information about the weapons used in those types of attacks are better at detecting, preventing and mitigating DDoS attacks.

One thing that both high performers and the overall sample have in common, though, is their struggle to obtain up-to-date and relevant threat intelligence.

According to the report, the largest percentage of both high performers and the overall sample—61 percent and 70 percent respectively—agree that their DDoS-related threat intelligence is often too stale to be actionable.

Bar graph showing respondents' perceptions of their current threat intelligence

The takeaway: High-performing CSPs have access to threat intelligence with information about both DDoS-for-hire botnets and reflected amplification weapons locations. However, they still struggle to obtain truly actionable intelligence.

DDoS Scrubbing Has Major Benefits

One of the report’s major findings was that 75 percent of high-performing CSPs either currently offer DDoS scrubbing services to subscribers or plan to within the next 12 months.

By comparison, the same is true for 66 percent of the overall sample — that’s a difference of nearly 10 percent.

Bar graph showing CSPs plans to offer DDoS scrubbing services to subscribers

It’s important to note that CSPs who offer DDoS scrubbing services stand to reap several benefits:

As a result of those benefits, the decision to offer DDoS scrubbing services isn’t just a good idea in terms of security. It’s also a boon to business.

The takeaway: CSPs who offer DDoS scrubbing services won’t just enjoy stronger security for themselves. They’ll also be able to pass on those advantages to their customers.

In the end, all CSPs could stand to be more resilient against the ever-growing onslaught of DDoS attacks. By heeding the lessons unearthed in this report, they just might be able to.

To find out more about how top-performing CSPs are successfully defending themselves from DDoS attacks, read the full report here.


|

May 21, 2017

About Ahmad Nassiri

Ahmad Nassiri is the Security Solutions Architect for A10 Networks' eastern region. Mr. Nassiri is responsible for supporting pre-sales efforts of A10 Networks' security solutions portfolio. Mr. Nassiri is also focused on providing visibility to market, trends and developments within the security field to help A10 Networks expand its security solutions offering. Before joining A10 Networks, Mr. Nassiri was a Systems Engineer at Arbor Networks, focusing on network security and monitoring solutions for global networks. In this role, Mr. Nassiri assisted with the pre- and post-sales engineering support to Arbor's Service Provider-focused account teams. Mr. Nassiri has also held Sales/Systems Security Engineering roles with Verisign's Network Intelligence and Availability (NIA) division. During his tenure, he was focused on security intelligence, cloud-based DDoS protection, and Managed DNS services. Earlier, Mr. Nassiri held numerous security and engineering roles with BT Global Services. Mr. Nassiri holds a Bachelor of Science in Information Technology degree from the University of Massachusetts in Lowell. READ MORE