Investment in the edge enables ISPs to offer a wide range of new services while creating more efficient network operations and infrastructure. But, with the attack landscape more volatile than ever, service providers will need to evolve their security strategies in 2021.
Over the past few years, Internet service providers’ network architectures have changed, with more investment in content and services infrastructure across the customer edge. This trend has taken on a new aspect in the last year, with many operators deploying or advancing plans to deploy edge datacentres. Everyone has heard of Multi-Access Edge Cloud (MEC), as it will enable a new range of services in 5G mobile with low-latency access to applications, but wireline ISPs are actually ahead of the game.
In 2021, with more critical infrastructure distributed across the customer edge rather than in centralized data centers, cybercriminals are likely to target this expanding threat surface.
New opportunities at the edge
A decade ago, ISP networks were hierarchical, with Peering, Core, and Provider Edge routers offering layers of connectivity and a clear north-south prevailing traffic flow, as eyeballs and enterprises consumed content sucked in through centralized peering and transit connections. This has changed, with networks now more meshed, routers becoming multi-purpose (in terms of connectivity), and traffic flowing every which way, as content caches and peering become more distributed.
Growth in the volume of OTT service traffic (especially video) has driven this shift, with ISPs needing to acquire or cache content as close to consumers as possible, keeping costs down and service quality up. This is not news, but it has changed how network investments are being made – with much more focus at the edge.
What is news, is that this distributed content delivery infrastructure is now being joined by other value-added services like cloud gaming, service enablers, and 5G packet-core. New software-defined data centers will contain this infrastructure, in some cases along with public cloud presence, all located at or near the customer edge in ISP networks.
These environments are racks of generic compute, where all the services and applications are virtualized or containerized, connected to an SDN fabric, with everything being fully orchestrated. They enable new services and greater flexibility, so ISPs have more opportunities for both revenue growth and cost savings on both operations and infrastructure.
The risk of the edge and a new approach to securing networks
As with every new opportunity, there is a risk, however. ISPs are used to defending the availability of their networks, services, and customers from DDoS attacks with mitigation capabilities deployed at major peering locations or core datacentres. But, given investment in capacity and service infrastructure at the customer edge, backhauling potential attack traffic across the network for inspection is no longer desirable or practical, especially given customer expectation of consistent performance and 100% availability – mitigating threats instantly has become hugely important.
To make matters worse, the DDoS threat landscape has also shifted; attacks are now more frequent – up 15% in 2020. They are also more short-lived and complicated, with attacks comprising 15 or more vectors up 2,851% since 2017. And, of course, there is the continuing danger that botnets can subsume IoT devices of all shapes and sizes and use them to launch DDoS attacks.
Because of network and threat landscape changes, service providers are realising that they need to mitigate threats in a more distributed way, blocking harmful traffic at its entry point–whether it comes from a peer, customer, public-cloud connection, or other source.
The three key network security tenets of 2021
The new attack landscape is driving a new set of requirements from ISPs for their DDoS defenses, with automation, orchestration, and integration as core capabilities – helping ISPs balance the risks that come with new opportunities:
- Automation: to manage the mitigation of more sophisticated attacks without increasing operational overhead; to speed up response, the internet is now viewed as a utility by many; and to enable new types of value-added DDoS protection services at greater scale, driving much-needed ISP revenue.
- Orchestration: to pull together and manage distributed mitigation across the network’s edge and beyond, protecting more fragile virtualized and containerized environments from attack effectively and efficiently.
- Integration: to combine the capabilities of router infrastructure and intelligent DDoS mitigation systems to best effect in complex multi-vendor environments, delivering faster response and lower cost.
The existing defenses ISPs have in place must evolve to meet these new requirements. Taking care of threats near the edge of the network is now essential, enabling the effective and efficient protection of the infrastructure supporting the next generation services that will drive ISP success in 2021.