#NPDTheHague18 – ISPs: The DDOS Window is Closing

Pavel Minarik, Chief Technology Officer at Flowmon Networks will be speaking at Neutral Peering Days on Thursday September 13 about the role of flow monitoring in network operation and security.

OK, things have moved on a bit since then, but not a lot. Is there still a mismatch between customer expectations and reality? Yes! The vast majority of enterprises still expect their Internet Service Providers (ISPs) to offer better protection from DDoS attacks.

Larger ISPs tend to offer the service, but they tend not to be altogether comprehensive (e.g. on behaviour analysis) and they come with a heavy price-tag, simply because they use old tools. Very few medium-to-small ISPs offer the service at all, due to what are perceived as prohibitive costs.

 Here’s a ‘Did you Know?’ about ISP security offerings.  It’s not new, but it still applies, so it’s well worth repeating: 

  • 51% of customers would be willing to pay their ISP for a premium service that removes DDoS attack traffic before it is delivered to them
  • 35% would allocate 5-10% of their current ISP spend to subscribe to this type of service
  • ISPs who offer security services rely on the following technologies:
    • 46% divert DDoS traffic through a scrubbing center
    • 49% ‘blackhole’ a victim’s traffic.

[Source: FierceMarkets & Corero report, 2016]

Traditional use cases are based on network visibility, capacity planning and troubleshooting. However, in my upcoming talk in the ‘Digital Transformation & Security’ strand of Neutral Peering Days I want to show that this technology has much more to offer by using network flow data to focus on security. That means assessing

  1. Network behaviour analysis and
  2. How data centers can protect themselves and their customers from DDoS.

Sharing the Load
I also want to show that effective services need not come with a huge price – smart cost-efficient deployments are possible.  To illustrate how these deployments work, I will be presenting a use case from a Czech ISP that offers not just DDoS protection but also Network Behaviour Analysis.  This means you get notice of indicators of compromise which can save you time in mitigating attacks – but with tools in place with which customers can investigate for themselves. It’s collaborative and cost-efficient, because you share the workload as dictated by your budget.

Take It While You Can
I want network operators and service providers to understand how to use this new toolkit. All that is needed is for providers to change their mindset a bit, and customers to change their mindset a bit too. Luckily, the opportunity is still on the ISP side, but if they miss it they could lose a customer to a cloud DDoS protection service. The window is slowly closing on what is a critical tool for customers which is key to customer retention.

About the Neutral Peering Days
On September 13 & 14, the Grand Hotel Amrâth Kurhaus in Scheveningen, The Hague will once again set the stage for the Neutral Peering Days.The Neutral Peering Days 2018 will bring together NL-ix members and partners and the international peering, ICT & interconnection community. For two days, leading industry experts will share their visions on the latest market and technological developments with senior-level attendees from around the world.

Registration is free at https://www.nl-ix.net/news/#Neutral_Peering_Days_2018

About the author


ISP Today is het Nederlandstalige platform voor de Internet Service Providers in Nederland. We presenteren nieuws van redactionele kwaliteit met relevantie voor de Nederlandse ISP community. Internet Service Providers en met name de mensen daarachter staan centraal op ISP Today.