2016 showed us that the Internet of Things (IoT) is a game-changer when it comes to service provider networks.
I am not only referring to the control plane or traffic filters but also the havoc a larger, herded botnet of IoT devices can cause.
Mirai is a standout example of the latter, demonstrating in devastating fashion the power of a strategically orchestrated attack – in this case harnessing 620+ Gbps of malicious traffic.
The scale by far exceeded by far the imagination of many. Would anyone beyond the security community have had expected DVRs or connected cameras to become weaponized?
With the proliferation of networking in everyday devices, the re-use of operating systems and the ongoing component price wars, it was only a matter of time.
With this reality in mind, is anyone fixing the problem at the device level?
And we better get accustomed to another inevitable reality: the fixes have to come from the network, more precisely service provider networks, as they host potentially vulnerable devices and are closer to the source of the attacks.
This is especially true as attacks of scale and rapidly evolving complexity become increasingly common. Late last year, the Leet botnet provided another alarming case in point by attacking a security company using hashed and changing payloads, evading detection and generating a crippling 600+ Gbps of attack traffic.
Looking ahead, the security industry is in agreement that 600+ Gbps is not near the maximum we will see. It is going to get worse.
So what does it all mean for service providers and what can they do to get ready and future-proof both profit and innovation?
The good news is that the vast majority of service providers F5 Networks works with are taking the challenge extremely seriously – a stance I suspect is replicated across the industry.
Encouragingly, network defense is on the rise. Today, it is a given – or at the very least an expectation – that service providers will have to analyze traffic leaving their networks, identify problems as they emerge and deal with issues like botnets with speed and substance.
This is the dawn of a new alliance fighting denial of service attacks, whether they are caused by individuals or nations.
For example, service providers are now forced to cooperate and honor things like Border Gateway Protocol (BGP) flowspec announcements. BGP is the protocol that manages how packets are routed across the Internet through the exchange of routing and reachability information between edge routers.
The bottom line is that we need better weapons to stand a fighting chance.
Processing power is useful but we need more intelligent ways of dealing with attacks. SSL offloading is key here in terms of protecting control plane and data center resources, helping to prevent evasion through encryption whereas behavioral analysis enables us to detect new attacks, automate the generation of signatures and share these across local and/or global communities.
As attacks target both Open Systems Interconnection (OSI) layers and compute power itself, it is vital to have a comprehensive understanding of applications and protocols. The ability to distinguish good from bad traffic is now essential to ensure adequate defenses are in place and crucial services remain operational. Another direct result of the new cyber-threat landscape is a growing need for solutions that harness field-programmable gate array (FPGA)-based processing power to help absorb massive amounts of data.
The landscape for service providers is shifting at lightning pace and the opportunities and pitfalls of IoT are forcing them to rethink how they operate.
This is reflected in a strong surge in customers coming to us to make sense of it all, whether it is S/Gi firewall solutions to protect both their infrastructure and subscribers from attacks, or safeguarding the data center perimeter (protecting the application, protecting the protocols and acting as a gatekeeper to identify and repel attacks).
At F5, we are also witnessing a greater demand for the protection of IoT-based applications and protocols. Beyond this, security infrastructure consolidation is the next step, aiming to reduce cost and latency while increasing efficiency and manageability.
Furthermore, we are quickly adapting to develop functionalities that will allow for load sharing and collaboration of DoS mitigation devices. The cyber-criminals and their methods of attack are changing but so are companies like F5. We are bringing not only the tools but also the intelligence to the network to defend itself.
Sitting on the sidelines is no longer an option. The problems are out there and evolving at pace. Now is the time to attack them head on.