“Build it and they will come” certainly applies to network services. As over-the-top (OTT) services and content delivery such as video and gaming have grown in popularity, internet service providers (ISPs) have had to invest in their network infrastructures to meet expanding demand. With this expansion, many ISPs are moving from a centralized service infrastructure to more meshed networks with service infrastructure distributed to the edge, which gives them the flexibility to provide services better targeted to customer needs.
With these increasingly complex architectural changes taking place, including content being acquired and cached directly at the edge of the network, ISPs face a new set of requirements for traffic visibility and security solutions.
This architectural shift changes the threat surface that network operators must defend from distributed denial-of-service (DDoS) attacks. Although DDoS attacks have been around for decades, these recent are create a need for more distributed threat detection and mitigation capabilities across the network edge. Effective solutions must be more automated to handle the increased number of attacks, and must leverage intelligence to stay ahead of complex threats.
Balancing the Needs of Performance, Security, Cost, Revenue, and Customer Experience
ISPs need a secure and service-optimized architecture that balances performance, security, cost, revenue, and customer experience. The following are important considerations:
- Visibility: Understanding what is going on at the service layer (Layer 7) is key to ensuring “service” performance is optimized. Such visibility enables delivery of a consistent customer experience, while allowing ISPs to reduce costs via focused investment and increase revenue via service bundles and partnerships with OTT vendors.
- DDoS detection: DDoS attacks remain the main threat to service availability. In response, ISPs need faster detection, automated analytics, and orchestrated mitigation to fend off attacks. Effective solutions provide context around detected anomalies, enabling ISPs to make the best mitigation decisions. This necessitates integration between DDoS, traffic visibility, OTT visibility datasets, and workflows.
- Threat intelligence: Threat intelligence is a crucial tool for DDoS detection and mitigation, identifying compromised devices communicating across an ISP network as well as automating responses to specific attacks.
- Threat mitigation: With threat mitigation being more distributed and utilizing multiple mechanisms, orchestrating capabilities across the network becomes key. Individual locations and capabilities cannot be viewed in isolation: ISPs need a holistic view of DDoS activity and mitigation across the network, with full analytics.
- Automation: Once intelligence, visibility, and mitigation infrastructure and tools are in place, automation becomes possible. Automation can identify and take systemwide action without human intervention, reducing the burden on resources.
- Service enablement: As more and more businesses come to rely on the internet for day-to-day business operations, ISPs have an invaluable opportunity to offer low-cost, scalable DDoS protection services.
Growing Importance of Monitoring, Securing, and Optimizing Terabit Networks
With massive increases in traffic and demand for tailored services, ISPs face significant challenges when it comes to monitoring, securing, and optimizing terabit networks distributed to the edge. This highlights the need for solutions that leverage analytics and intelligence to manage risk and intelligently orchestrate and automate threat responses.
Learn more about defending your network at scale