Limelight Launches New DDoS Solution & Research Findings About The Security Market
DDoS and other cyber attacks are clearly on the rise. According to Akamai’s recent State of the Internet Report, between 2013 and 2014, DDoS attacks rose 90%. And not only are the number of attacks rising, but the volume of those attacks is growing as well. Numbers from Radware’s 2014-2015 Global Application and Network Security Report, stated that 29% of attacks are over 1Gbps in size. It’s probably safe to say that attack volumes and frequency will only continue to increase, especially as companies continue to rely on the Internet to conduct their business.
Many organizations already recognize the need for security. According to recent research by Limelight Networks, only 8% of surveyed executives indicated that they weren’t using some sort of security for the delivery of their digital content. What’s more, 76% indicated that the delivery of digital content is “extremely important” to their business.
So what are organizations doing today to mitigate potential attacks that might interfere with their ability to deliver digital content? For many, it’s on-premise equipment (CPE). Of those surveyed in Limelight’s research, 31% are handling the security themselves. Others are employing a hybrid approach, using some CPE combined with cloud-based services. But there are a variety of problems with both of these approaches (pure CPE and CPE plus cloud). First, using any kind of CPE has both CAPEX and OPEX requirements. You not only need to purchase the hardware (redundantly, of course) but you need people to manage, update, upgrade, and operate it. Second, you need excess bandwidth (transit) to support an attack while also handling “good” traffic. Finally, combining CPE with cloud services adds significant complexity to your content delivery architecture.
What’s the alternative? CDN-based security. More than half (53%) of respondents in Limelight’s research plan to rely on their CDN provider to handle content delivery security concerns in the future. And for many customers, it makes total sense for several reasons:
- Upstream—if an organization is already using a CDN provider to deliver their digital content, detecting and mitigating an attack can come at the network edge, potentially thousands of miles from origin thereby sparing an organization’s network from any potential fallout or impact. When combined with scrubbing, only good traffic is returned to the origin preventing an organization’s bandwidth from being flooded with bad traffic.
- Absorption—as a distributed network, most CDNs have thousands of servers against which they can spread out an attack, even preventing Layer 3 and Layer 4 attacks (two common DDoS vectors) from ever reaching the origin.
- Resiliency—with those thousands of servers and terabits of egress capacity, the CDN quickly returns to normal operations in the wake of volumetric DDoS attacks. Even while under duress, the CDN can still continue to provide accelerated content delivery services.
Last week, Limelight announced its CDN-based security offering—DDoS Attack Interceptor. This solution, integrated directly with the Limelight’s content delivery services, provides proactive detection with mitigation technology in the cloud protecting customers against the downtime, loss of business and brand reputation impact associated with DDoS attacks. The solution is virtually transparent to customers and from a high-level, works the following way:
- Prior to an attack, Limelight’s detection technology is constantly fingerprinting a customer’s traffic to learn what “good” traffic looks like. This fingerprint is sent continuously to “off-net” scrubbing centers. According to Limelight, the scrubbing centers are in different data centers and do not share bandwidth with Limelight’s delivery POPs so that the attack traffic does not share resources with the good, or clean, traffic
- An attack presents itself against a target protected by Limelight
- The Limelight CDN begins to absorb most of the attack while, at the same time, proactive monitoring detects the DDoS attack and notification alarms are raised in the network operations center
- The customer is notified that they are under attack. If the attack is small enough and the customer has enough bandwidth to handle both good and bad traffic, they can opt to just let the CDN do what it does best. But if they don’t want to chance that the attack volume will increase, or if they don’t have the resources to handle it, they can opt to have the traffic scrubbed
- When scrubbing is enacted, traffic is rerouted to the off-net scrubbing centers
- The scrubbing centers already have a very detailed fingerprint of good traffic, so they may immediately begin aggressively mitigating the attack without having to be configured manually and without a lengthy “learning” period. The scrubbing centers return the clean traffic directly to Limelight’s CDN for delivery as usual using dedicated network interconnects for increased performance.
Limelight’s detection system constantly monitors for malicious traffic. However, since this monitoring is not happening in-line, Limelight claims it has no performance impact on a customer’s traffic. The detection covers the broadest range of DDoS attacks—both infrastructure as well as application layer attacks. According to Limelight, their solution can prevent certain zero day attacks using “behavior-based” techniques that compare measured baselines of both volume and patterns to more intelligently differentiate good traffic from bad.
It’s clear from the research that not only will DDoS attacks continue to rise (both in scope and scale) but that executives are worried about how to mitigate them. When the results can be loss of revenue, everyone starts to pay attention. And because the CDN as a cloud-based security solution provides a number of benefits over CPE or hybrid architectures, it’s no wonder that the major CDNs (Level 3 and EdgeCast by Verizon were the most recent before Limelight) have all added the service to their portfolios. It good to see Limelight moving up the stack with their product portfolio and offering more value-added-services, like security, to help them diversify their revenue away from purely storage and bit delivery. As DDoS and other attacks continue to grow in size and sophistication it will be interesting to see how these services evolve in an otherwise crowded security market with many different approaches and solutions to the DDoS problem.