Zombie or botnet computer attacks are getting bigger, more frequent and more professional, and Internet service
providers (ISPs) are becoming the only ones that can protect themselves and their customers against such attacks, according to a new survey on Internet security operations in commercial networks.
For the first time in the survey's history, botnets surpassed distributed denial-of-service (DDoS) attacks as the top security threat for service providers.
Arbor Networks Inc., a network security and operational performance vendor, on Monday released its third annual Worldwide Infrastructure Security Report, which queried 70 global telecom service providers and ISP network operators. The purpose of the survey is to provide data that can be used by network operators to make informed decisions about the use of network security technology to protect their infrastructure and services.
Key findings in this year's survey -- which addressed security issues facing carriers between July 2006 and June 2007 -- showed that ISPs rank thousands of zombie computers across the Internet as the single largest threat facing their backbones. Zombie or botnet computers controlled by individuals or organizations are used to launch DDoS, SPAM and phishing attacks that can threaten ISP infrastructure and an increasing number of services.
ISPs in the survey ranked the following botnet attacks as the most significant threats to their infrastructure: DDoS attacks, SPAM, open proxies, ID theft and phishing.
"Attacks are 6,000% bigger than they were six years ago," said Danny McPherson, chief research officer at Arbor Networks. "Providers have to be able to protect themselves and their customers. Many ISPs and telecom service providers have upgraded their Internet backbones to OC-192 [10 Gbps] in the past two years, with the goal of converging services on the networks. But as malicious attacks get bigger, the fallout threatens to affect more services, including Voice over IP [VoIP], and could result in network infrastructure damage."
In 2001, some of the largest network attacks were 400 or 500 megabits per second (Mbps). This year's survey revealed that network operators were facing attacks of up to 24 gigabits per second (Gbps). A 24 Gbps attack is more than double the size of service providers' 10 Gbps (OC 192) backbone links.
As providers offer more services over their IP infrastructure, more mission-critical voice and data services can be affected by malicious attacks. Critical to the success of converged services is the provider's ability to offer guaranteed uptime and the quality that customers expect from the voice and data services they moved away from -- the traditional voice network and frame relay, for instance, or ATM for data. Yet only 20% of ISPs surveyed said they have specific tools to monitor and detect threats against VoIP, a vulnerability they need to address.
More than 50% of ISPs surveyed believe they can effectively mitigate most Internet attacks against themselves and their customers, but McPherson cautions that cyber criminals look for weaknesses, so ISPs should guard against complacency.
ISPs presented with managed services opportunity
Large enterprises have traditionally managed their own network security. But even a large link to their service provider's network is 10 Gbps. With network attacks of up to 24 Gbps, enterprise links to the Internet will be quickly overwhelmed. Small and medium-sized businesses (SMBs) tend to be open to buying managed services from their service providers, McPherson said, because they don't have the resources to deploy all of the equipment and applications needed to protect themselves.
If there is any silver lining to the increasingly harmful attacks, it is the opportunity for carriers to use their internal security protection and applications to develop more effective managed security services for their enterprise customers. "If someone has a 1 gigabit connection to the Internet and faces a 5 gigabit attack, that attack has to be mitigated on the service provider network," McPherson noted.
Carriers and enterprises need to have security on multiple layers, and businesses need help from their telecom providers, no matter how big they are, according to Amy Larsen DeCarlo, principal analyst of Internet/managed services at market research firm Current Analysis.
"Large carriers like Verizon, British Telecom and AT&T have bought a lot of companies that specialize in various areas of security to provide a more robust set of offerings in their own managed security services," Larsen DeCarlo said.
Many small managed security companies are focused on one piece of security, like credit card transactions, she said. If acquired, they become part of the managed services portfolio of a larger service provider or integrator such as IBM.
"These acquisitions also funnel back into their own transport services to create a clean pipe strategy," she said.
ISPs understand the revenue opportunity, Larsen DeCarlo said, but she added that integrating individual security solutions is a slow process.
"Providers haven't done the best job of integrating their acquisitions yet," she said. "That tends to take a long time."
In what may be a paradigm shift, market research firms have reported that large enterprises are beginning to put more trust in their providers because providers have a lot of intelligence information that can help them protect their enterprise networks from attacks, McPherson said.
Arbor's 2007 survey found a significant increase in the number of providers offering managed DDoS detection and mitigation services. More than a third of survey respondents said they currently offer managed security services, while another third said they plan to roll them out in the next 24 months.
"In the past, no one wanted to buy DDoS protection services unless they'd been attacked -- but that's changing," McPherson said. "Now we're seeing everything from government agencies to anyone with an online presence looking at managed network security services as part of their high-availability planning. If sites are offline for even five minutes, that could mean losing millions in revenue, and they just can't take that chance."
With bandwidth increasingly becoming a commodity, managed services become differentiators for carriers.
"In five years or so, service providers who need to cut their operational expenses may make security part of their standard offerings. It's a new top-line revenue opportunity for them," McPherson said, adding that since many service providers operate on extremely thin margins, any change to improve average revenue per user (ARPU) needs to be considered seriously.