Re-writing the Playbook for DDoS Mitigation Strategies Dave Larson, COO Corero Network Security
No Pitch Presentation Policy Please help us produce more relevant content in the future by rating this session using our event app! Each presenter signs a speaker agreement certifying that their presentation will be educational and not a sales pitch. Attendees have a right to report speakers not adhering to the policy.
DDoS Attacks – 2015 Snapshot Total Attack Bandwidth Gbps Data shown represents the top ~2% of reported attacks JAN 2015 DEC 2014 MAR 2015 DEC 2015 JUN 2015 DD4BC (Banks) SEP 2015 400 300 200 100 DEC 1 2014 JAN 1 2015 FEB 1 MAR 1 APR 1 MAY 1 JUN 1 JUL 1 AUG 1 SEP 1 OCT 1 NOV 1 DEC 1 AUG 2015 OCT 2015 $1.5m per annum is the average cost to deal with DDoS attacks 82% Of companies reported DDoS attacks shut down or partially shut down their data centers 49% of companies expect DDoS attacks to increase in next 12 months Source: Ponemon Institute – Cost of DDoS Attacks – March 2015 Source: Digital Attack Map - DDoS attacks around the globe
The Problem is Real – and Pervasive Our average customer sees almost 4.5 attacks per day! Some customers see many more Across all verticals and segments No one is immune!
Increase in Low Bandwidth, Short Duration Attacks
Evolution of DDoS Defense
DDoS Defense 1.0 - Null Route DDoS Detection (NetFlow Collector/Analyzer) NetFlow Native Traffic Path Attack Traffic Non-Attack Traffic Null Route on Destination IP Unprotected Customer All traffic discarded © 2016 Corero www.corero.com
DDoS Defense 2.0 - Scrubbing DDoS Detection (NetFlow Collector/Analyzer) NetFlow Native Traffic Path Attack Traffic Non-Attack Traffic Non-Attack Traffic New Route via BGP Diverted Traffic Path GRE Tunnel to Customer Partially Protected Customers TMS Industry Leader’s Scrubbing Approach
DDoS Defense 3.0 - Inline, Always-On Comprehensive DDoS Analytics Real-time Alerting and Reporting Attack Traffic Non-Attack Traffic Non-Attack Traffic DDoS Traffic Blocked Inline Completely Protected Customers
DDoS Defense 3.0 - Subscriber Edge Deployment Comprehensive DDoS Analytics Real-time Alerting and Reporting Completely Protected ISP, Hosting, and Enterprise Customers Attack Traffic Non-Attack Traffic Non-Attack Traffic DDoS Traffic Blocked at Subscriber Edge
Automatic Mitigation In-line, automatic mitigation protecting >200Gbps of Internet bandwidth
Hosting Provider Challenge & Opportunity
Typical Subscriber Protection Many enterprises take advantage of more than one defense technique: Current Mitigation Techniques (multi-select) Response Percent On-Premises DDoS mitigation product 26.7% Cloud based scrubbing technology or service 11.1% Home grown or Open Source solutions 16.7% Traditional security infrastructure products (firewall, IPS, load balancers) 68.9% Rely on upstream service providers to eliminate the attacks Survey conducted in August/September 2015. Survey respondents are network and network security representatives that represent cross industry, global organizations.
Subscribers are Demanding More 74% of respondents would like to see their provider implement additional services to eliminate DDoS traffic from entering their networks. 52% indicate that they would even pay for a premium service offering to eliminate the DDoS challenge to their environment. ISP provide additional security services to eliminate DDoS Response Percent Yes 74.4% No 6.7% Unsure 18.9% Would you pay your ISP for a premium service that removes DDoS attack traffic before it is delivered to you? Response Percent Yes 52.2% No 14.4% Unsure 33.3%
The Opportunity 90% of respondents indicate that they would be willing to pay for a premium DDoS defense offering from their provider and a majority would be willing to allocate from 5% to 10% of their overall ISP spend to secure that service. What percentage increase of your current provider spend would you allocate to subscribe to this type of service? Response Percent Less than 5% 39.0% 5%-10% 50.6% 10-25% 2.6% More 1.3% © 2016 Corero www.corero.com
Capitalizing on the Opportunity Integrate into existing carrier operational and billing systems: REST based API's for north and southbound integration Leveraging Tail-F for centralized management and scalability Per customer visibility charts providing ease of validation Per customer attack bandwidth utilization which can be mapped into customer records, ensuring accurate per customer billing information Virtualized Management framework
Value-Add or Revenue-Add Infrastructure hosting companies are in a highly competitive marketplace: Customers are intolerant of downtime and service interruptions Instantaneous DDoS mitigation reduces downtime Reduces churn and improves new-business win rates Is a powerful differentiator Providers looking to add service lines: DDoS defence can provide an opportunity to keep prices up Can serve as an additional revenue stream to end users © 2016 Corero www.corero.com
DDoS Defense-as-a-Service Benefits Zero Downtime Service Offerings Corero’s instant mitigation vs a human NOC/SOC agent enables rapid response to alarms, real-time analysis of traffic, reroute to scrubbing center, re-inject traffic… Customer Premises Based Deployment Corero’s simplicity, resiliency, and the ability to remotely manage and monitor, enables appliance(s) to be deployed in-line at high value customers, or at high risk customers such as gaming or financial organizations. Unlimited Scalability Corero enables massive scale for extreme high bandwidth customers A New DDoS Economic Model Corero’s pricing model and reduced CAPEX/OPEX enables immediate ROI
Per Customer Security and Visibility Provider view
Thank you Dave Larson Dave.Larson@corero.com www.corero.com