Susan Bowen, Vice President & General Manager, EMEA
In the wake of last year’s mega distributed denial of service attacks (DDoS), launched from an Internet of Things (IoT) botnet which took down some of the world’s largest websites, including Netflix and Twitter, there has understandably been a surge of concern from organisations that don’t want to become victims. DDoS protection its more critical than ever.
Late last year, an IoT botnet was responsible for the largest ever DDoS Attack, which came in at a record-breaking 1 TBps. There’s a lot of speculation that this attack was testing the water, and that much bigger attacks could follow this year.
This conjecture is based on the understanding that there are millions of IoT devices that can be easily compromised due to poor security. Larger attacks are certainly possible, given the vulnerabilities of IoT. Service providers need to be ready to defend against large scale DDoS attacks.
This requires a large amount of network bandwidth and DDoS mitigation capacity at multiple sites around the internet, as well as the ability to analyse data streams so clients only receive ‘clean’ traffic.
Multiple layers of filtering are required to keep up with the latest threats so threats can be identified, and malicious traffic stopped from reaching its target. It also pays to have dedicated engineers monitoring for the latest DDoS tactics to better protect customers.
Another area of security development in the cloud space is the introduction of advanced protection, based on behavioural analytics and analysis of cloud logs and data trails.
For instance, if someone usually logs into a VPN between the hours of 9 and 5, and then a log-on takes place at 10 in the evening this is detected and flagged. Or if traffic is coming from and going to an unknown or uncommon IP address this too is flagged.
This level of security is a step up from typical concerns about cloud security, such as where data resides and how it is protected. It also signals a greater maturity. While many organisations at large are focusing on hybrid clouds, with the potential to scale into public clouds, they are also exploring advanced security options.
This is a positive step and an indication of how cloud-based services are growing. It’s also a step in the right direction to meet security and compliance requirements which are going to become even sharper when the General Data Protection Regulations come into effect in 2018.
Click here to learn more about how Cogeco Peer 1’s tailored and specialist security solutions can protect your business