Forget about fast lanes, who is worrying about secure lanes?
The FCC voted recently to approve a proposal allowing select companies the ability to pay a premium price to their ISPs in order to deliver their content with a faster service, or 'fast lane' when transiting their networks. There has been considerable discussion both for and against the proposal with respect to how it adheres to the philosophy of net neutrality and how it might impact competition among businesses, particularly small entrepreneurial ventures without the resources to afford premium delivery service.
Unfortunately, the debate’s focus on faster delivery has failed to contemplate the growing need for other types of premium offerings such as 'secure services' and some vitally important questions have been overlooked in the discussion: How will this proposal alter the security threat landscape? Has the security impact of faster delivery services been fully considered and are mitigation technologies prepared to deal with potential threats introduced by this new asymmetry? Why are customers content to pay for the delivery of DDoS attacks and cyber threats under the current unsecure delivery model, and why would they pay for them to be delivered even faster than ever before? It seems counterintuitive.
For example, if a service provider content delivery customer opts to pay more for faster service; will this make that customer a higher profile target in the eyes of attackers? If such a customer’s online infrastructure can be compromised and transformed into a propagator of DDoS attacks, or cyber threats, these attacks will be given heightened priority or additional bandwidth resources by the service provider, enhancing their efficacy. Providing increased bandwidth services without simultaneously addressing the security issues they create, seems irresponsible. Providing a premium differentiated service without addressing existing security concerns will only make defending against attacks in the future more difficult.
While 'fast lane' services do present a significant additional revenue opportunity for ISPs, many companies are also seeking 'secure lanes'. Security related services also present a significant opportunity for ISPs to further differentiate their services offerings while increasing revenue. One of the greatest security risks companies face is connecting their essential business infrastructures and applications to raw, unsecured Internet feeds. Customers are constantly bombarded with bad traffic along with the good, and are beginning to question why they are paying for the very same bandwidth that is being used to deliver attacks against them.
In order to implement 'secure lane' services with the performance and scale required by carrier networks, a new architectural approach to DDoS and volumetric attack mitigation will be required. It is no longer sufficient to think in terms of attack mitigation performance in the 1-2 Gbps range. Service providers will need to provide this capability across multiple 40G and 100G links. Fortunately, there have been a number of recent technological improvements utilizing both purpose-built, high-performance security appliances and virtual machine technology. That means they can be utilized to instantiate arrays of DDoS mitigation engines that can scale into the Terabit range -- designed to offer protected Internet services to premium subscribers.
Dave Larson, Chief Technology Officer and Vice President, Product is responsible for directing the Corero technology strategy as the company continues to invest in its next phase of growth; providing next generation DDoS attack and cyber threat defense solutions for the Service Provider and Hosting Provider segments. Larson has more than 20 years of experience in the network security, data communication, and data center infrastructure industries. Previously, Larson served as Chief Technology Officer for HP Networking and Vice President of the HP Networking Advanced Technology Group.