Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Dave Larson, CTO of Corero Network Security speaks to analyst Teresa Cottam on the topical issue of DDoS security.

Imagine that a quarter of the water coming through your taps was contaminated. How would you feel when presented with the bill? Most people would be dumbfounded, frustrated and wondering why they pay for the contaminated water flow but amazingly, when it comes to their Internet service, many customers just put up with it, accepting it as just the way it is. You wouldn’t pay for dirty water, so why are so many people paying for bad traffic streaming from their Internet service providers?

The answer, according to Teresa Cottam, Chief Strategist at Telesperience, is that many customers lack the visibility and understanding of what’s really going on. Teresa explains: “They may demand a refund if the water stops coming out of a pipe, or when DDoS causes an outage, but they don’t fully understand the debilitating impact of smaller, chronic attacks on the pipe – the dirty water scenario”.

There’s no doubt that cyberattacks are a growing concern for many businesses. Barely a week goes by without media reports of another high-profile organisation falling victim to a DDoS attack. As a result, there is increased demand for DDoS defense as-a-service from enterprise customers that are struggling with service availability and outages due to denial of service attacks.

Further, each vertical market reveals variations in the motivations behind DDoS attacks, including cyberterrorism, political or ideological intentions, fraud, ransom, monetary gain, data exfiltration attempts or even a quest for competitive advantage. The drivers are endless, and the attacks keep coming. As such, DDoS is an important area of focus for service providers given their bandwidth capacity and volume of customers—and the fact that they are moving to a more expansive network architecture that is distributed to provide additional revenue bearing services targeted at specific subscribers.

The vast majority of Internet traffic contains a wide range of unnecessary and increasingly damaging traffic flow – ranging from spam to denial-of-service attacks to malware or botnet-related activity.  A telecommunications company’s role has traditionally been to direct traffic from one destination to another, without passing judgement about the content. Net neutrality, in which Internet carriers treat all packets the same, was prized above all else. But the tide of opinion is changing as the capability to offer customers a variety of services – and generate increasing revenues – is emerging.  Telecom companies now have the ability to deliver not the decaying mélange of Internet traffic, but a ‘clean pipe’ of good traffic, where the threats have been proactively removed.  For the online enterprise, the ability to secure premium service offerings to eliminate the DDoS threat to their business is in high demand.

Teresa Cottom adds: “There’s a clear opportunity for a win-win scenario here. Telecoms service providers can create valuable new revenue streams by providing a cleaner, more reliable pipe. While enterprises benefit from better quality of service – essential as we move towards the Cloud and digital business. The real question is, why haven’t telecoms firms grabbed this opportunity sooner?”

The problem historically has been the reliance on an inflexible, centralized approach to mitigation. Protection of this kind, which would filter out the bad traffic from the good, was accomplished through a scrubbing lane solution that was both costly and minimally effective because of difficulties integrating with distributed network architectures. However, this has changed as in-line, real-time mitigation solutions have become technologically viable. Suddenly, operators have been able to reduce their operational footprint and automate a lot of the processes involved in maintaining stable flows of good traffic. The ability to do this whilst also providing protection from threats such as DDoS attacks has changed the options on offer to both providers and end users – with both sides able to benefit through improved customer experience, service and, most importantly one might say, revenues.

DDoS threats have been evolving over the last few decades. As one of the earliest kinds of cyberattack, it has changed with the times and has maintained its place as a classic hacker’s tool. DDoS attacks have grown much more powerful, and easy-to-use toolkits to facilitate attacks are now available cheaply online. Furthermore we are observing new adaptive and multi-vector DDoS attacks, which aid hackers in activities such as network profiling – effectively opening the door to them circumventing organisations’ layered protection strategies. What’s more, Corero’s customers saw an average of almost 5 DDoS attack attempts per day by the end of Q2 2015; something that sends chills down the spine of accounting departments when you factor in the average cost of a DDoS outage, which can exceed £500,000 – equivalent to more than £5,000 per minute.

Providers can now deploy their DDoS mitigation operations at peering or transit points, using technology that is scalable and responsive. These systems are automated, always on and capable of responding to attacks in real-time – reducing headaches for providers everywhere. What’s more it’s possible to design policies uniquely for customers and ensure that they get only good traffic flowing through their pipes. Providing such a service not only streamlines the operations of providers, giving them increased visibility and making their services reliable, but it has the additional upside of protecting an organisation’s reputation, attracting more customers and enabling a new revenue opportunity.

Closing down avenues for threat actors and protecting the network from the downtime caused by DDoS attacks is a major selling point, making it a no-brainer for customers to switch to a provider that will offer this as part of their services. By providing security as part of their offering, telcos are able to broaden their appeal in a way customers will be receptive to.  Carriers can incorporate DDoS mitigation into their service offerings, enabling them to offer differentiated value-added security services. If a customer would like to have extra protection and services dedicated to keeping their pipes clean and defended from DDoS attacks, they will be able to incorporate that into their contract and pay a premium for that service. A provider that can be flexible and responsive to the needs of each unique customer case will be better positioned to cement their position in the market with a view to expansion. It is clearly a revenue-generating opportunity, with the added bonus of improving customers’ experience and customer relations.

These technological developments, combined with the ability for customers to compare services and prices online, presents both an opportunity and a risk for ISPs and telcos. Losing customers is far easier than gaining them – especially when the industry is placing ever-higher premium on keeping data secure and their networks free from malicious actors. Providers have a golden opportunity to modernise their services and generate new channels for revenue – or risk a slow shrinking of their customer base.

Dave Larson is Vice President, Product and Chief Technology Officer of Corero Network Security, driving the strategic direction, and execution of the overall product strategy of Corero’s DDoS mitigation and visualization business comprised of the award-winning SmartWall and SecureWatch platforms. In addition, Larson, leads Corero’s Product Management and Marketing organizations. He brings over 20 years’ experience successfully building innovative solutions and businesses for both startup ventures as well as multi-billion dollar public entities. He leads Corero’s delivery of enterprise and Telco grade, high-performance anti-DDoS solutions; one of the fastest growing segments of the network security market globally.