Kentik looks at how telecom operators can use big data in their DDoS security platforms.
Editor’s Note: In an attempt to broaden our interaction with our readers we have created this Reader Forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: dmeyer@rcrwireless.com.
To say that telecommunication operator businesses are facing unprecedented threats is not an overstatement. Core service offerings are commoditized and mainline revenues are flat or declining. Unfortunately, those same services must deliver rapidly increasing amounts of data, which means larger capital investments and higher operational costs. Meanwhile, highly focused over-the-top providers are regularly peeling away vulnerable service segments.
Security service offerings are a bright spot of growth though, with 25% to 35% year-over-year growth according to Gartner. The recent dramatic rise in distributed denial of service threats offers a particularly ripe opportunity to offer protection services that can enhance customer relationships while growing revenue and profits. To do so successfully, service providers will need to embrace big data as a key element of powerful DDoS protection.
The DDoS protection service opportunity
Recent events have brought the DDoS threat home in a way that makes it hard to ignore the risks. Back in 2014 – long ago in internet time – 41% of organizations globally were hit by DDoS attacks, with three-quarters of those (78%) targeted twice or more in the year. Far from dissipating over time, attacks have grown in severity and volume. Recent spectacular attacks include those against internet hosting company OVH, security researcher Brian Krebs, and most famously DNS provider Dyn, which resulted in outages at Twitter, Netflix, Amazon.com and many other websites for hours.
Meanwhile, businesses are investing in significant digital initiatives to fuel competitiveness, revenues and profits, and more IT assets are being outsourced to the cloud. That makes both top- and bottom-line aspects of businesses more susceptible to DDoS disruption. Partly as a result, worldwide spending on information security (per Gartner) was $85 billion in 2015, and is growing at a compound annual growth rate of 9.3%, making a projected market size of $117 billion in 2019.
Big data brings greater accuracy
Most people think of DDoS protection simply as “stopping attack traffic,” and in a basic sense that’s true. In an increasingly competitive environment, however, it’s not enough for a service provider to offer just the basics. The first generation of DDoS protection services were based on physical appliances for attack detection and mitigation. Appliances are still necessary and relevant for mitigation because application-specific integrated circuit and network processor power is needed for deep packet inspection when scrubbing traffic.
Detection is another story though. Legacy detection appliances are severely constrained in their CPU, memory and storage, which limits their ability to track high volumes of traffic data. They try to compensate by relying on manual configurations and resorting to a variety of computational shortcuts. But they nonetheless miss an unacceptably high percentage of attacks.
There’s no longer any reason for detection to be trapped in pre-cloud technology. Carriers are actively trying to move away from physical network function devices to cloud-based, virtual network functions. Scale-out design, particularly using big data technologies, is the key to gaining agility, efficiency and higher accuracy.
New, scale-out big data systems can continuously scan network-wide data on a multidimensional basis without constraint. They have the computational power to apply learning algorithms to baselining and reduce inaccuracies from manual configuration. The result can be 30% more accurate DDoS attack detection. This kind of leading-edge accuracy is the kind of value that telecom operators need to offer to stave off the threat of OTT players.
Big data analytics powers a consultative relationship
One of the chief advantages that telecom operators have is the fact that customers already entrust them with critical connectivity and infrastructure services. This trust places them in an ideal position to offer a highly consultative approach. Armed with cloud-based solutions that can be rapidly deployed in a multitenant fashion, service providers can help their customers understand and assess their situation better, arrive at the right portfolio of protection services and have the basis for ongoing
Unfortunately, first generation DDoS detection systems are nearly devoid of real analytics because the constraints of single server systems mean that pretty much all computing and storage is consumed just performing detection. They don’t have the space to store the high volumes of data needed to perform deep analytics. They don’t have the computing power to process billions of rows of data. This means that to offer valuable data in the pre-sales, post-sales or managed services phase of a customer relationship, service providers have to deploy a separate tool at additional cost.
That shouldn’t be the case, since customers can already send vast quantities of rich network telemetry – traffic flow records, BGP routing and SNMP metrics – to the detection layer of a DDoS protection service. Big data helps by retaining all of that data in full detail and making it possible to leverage it to advise customers with insights that add real value, cementing the trust relationship.
Platform considerations
Big data can mean many things since there are a plethora of platforms, both open source and commercial, that promise the sun, moon and stars to willing masochists. Many service providers have suffered trauma from rolling out ill-defined data lakes, then struggling to trawl those lakes for useful data and return on investment.
Most big data platforms aren’t fundamentally suited to real-time applications such as DDoS defense and network forensics. Many are built for slower business intelligence queries. New, online analytical processing big data systems are needed for the fast ad-hoc, multidimensional analyses on massive network traffic data that can deliver higher detection accuracy and deeper insights. Besides those ad-hoc analytical characteristics, DDoS protection requires the ability to ingest traffic at rapid rates, since a single customer edge router can easily generate thousands of records per second.
Secure, native multitenancy is another important consideration in a big data platform for DDoS protection services. Rolling out distinct clusters of computing and storage infrastructure per customers – even virtualized infrastructure – is expensive and slow. Multitenancy is highly efficient and also offers instant access without needing to wait for provisioning. Beyond that, service providers should be cognizant of the fact that OTT players typically utilize multitenant platforms. Not choosing a multi-tenant platform approach may put an operator at a competitive disadvantage.
Big data versus smart data
Aside from ignoring key platform requirements, there are some other potential traps for SP organizations that want to leverage big data for DDoS and other security service offerings. One trap is the impulse to develop everything in-house. It’s notable that most OTTs aggressively use other security-as-a-service tools – it’s their culture and it allows them to stick to their core focus. A second and related trap is getting sucked into long-term big data projects that start with a general-purpose big data platform and lots of promises. Look for tools that can get your next-generation service offering to the starting line now with a high degree of certainty and you can capitalize on the security services opportunity when it matters the most: right now.
Alex Henthorn-Iwane has more than 20 years experience in network infrastructure and management tools, in product management and marketing roles. Most recently, he was VP of marketing at QualiSystems, and before that he was VP of marketing at Packet Design.