Arbor Networks has long-standing customer relationships with more than 70% of the global service provider community, which enabled the company to gather input from 70 self-classified tier-1, tier-2 and hybrid IP network operators in North America, Europe and Asia for this year’s report. Based on a 12-month period from July 2006 through June 2007, the results of the survey are designed to provide practical data to network operators so that they can make informed decisions about the use of network security technology to protect their mission-critical infrastructure.
Key findings from the report include:
Bots Overtake DDoS as Chief Security Concern
Unlike Arbor’s previous editions of the survey, bots and botnets are now considered the most significant operational threat by ISPs, with distributed denial of service (DDoS) attacks coming in a close second. This year, a much larger percentage of the respondent pool believed bots and botnets to be a larger threat than DDoS attacks, perhaps providing some indication that botnet activity – beyond just that of DDoS – is more frequently impacting network security operations.
DDoS Attacks Going Pro
While mid-level DDoS attacks have plagued the Internet since 2000, survey respondents report a widening gap between common mid-level “amateur” attacks and multi-gigabit “professional” efforts involving tens of thousands of zombie hosts. Most surveyed ISPs reported significant improvements in the sophistication and coordination of DDoS attacks.
Attacks Outpace ISP Network Growth
During the last two years, most top-tier service providers completed significant investments in backbone infrastructure – upgrading links from OC12/48 (2 gigabits per second; Gbps) to OC192 (10 Gbps). However, surveyed ISPs reported sustained attack rates exceeding 24 Gbps – more than double the size of these recently upgraded links. Given that most individual core Internet backbone links today are no larger than 10 Gbps, most of the larger attacks today still inflict collateral damage on infrastructure upstream from the targets themselves.
VoIP is Vulnerable
Only 20 percent of ISPs surveyed currently have specific tools or mechanisms to monitor and detect threats against VoIP. This finding points to a vulnerability that service providers must address in the coming months.
Rise of Managed Security Services
As more mission-critical services are being converged onto IP-based networks, the demands on service providers to provide “clean pipe” services is escalating. This year’s survey found a significant increase in the number of service providers offering managed DDoS detection and mitigation services. More than one third of surveyed providers reported offering DDoS managed security services; another one third indicated they plan to roll out such services in the next 24 months to better protect the networks of enterprise customers.
“Given that over half of the surveyed ISPs believe that they can effectively mitigate most Internet attacks against their backbone infrastructure and customers, many ISPs now believe they are ahead of the curve. But all of this ISP optimism about infrastructure security should be tempered by the survey data on emerging critical infrastructure. Over half of surveyed providers said they had no means to either detect or mitigate attacks against DNS, and close to 90 percent have no means to protect critical VoIP infrastructure. One thing we know about cyber criminals is that they adapt and look for weaknesses. When it comes to network security, complacency should never be part of the equation”, said Danny McPherson, Arbor Networks chief research officer
R S S feed
