Cyber Fraud, Distributed Denial of Service Attacks (DDoS) and Other Intrusions Continue to Pose a Significant and Growing Challenge for Global Service Providers
Tuesday, 11 October 2005 17:15 EST



Arbor Networks, a leader in network security, released its first worldwide Internet Service Provider (ISP) security report today, revealing network operators are struggling to contain globally distributed denial of service (DDoS) attacks.

The report - which surveyed tier 1 ISPs, large content and hosting providers, tier 2 network operators and large broadband and dial-up network operators around the world -found that DDoS attacks are still the most crippling threat facing ISPs. At the same time, only 29 percent of the ISPs participating in the report said they offer security and DDoS-related service level agreements (SLAs) to their enterprise customers.

The network security experts responding to the survey said the motivations for the daily DDoS attacks were cyber terrorism/warfare; corporate espionage; extortion; disputes between adolescents on gaming sites and cyber protests.

In addition to identifying DDoS attacks as the primary threat facing the service provider community today, the survey also revealed:

-- While only 29 percent of the respondents offer security and DDoS-related SLAs to their enterprise customers, the survey concluded that the increasing number and size of the attacks will lead to more DDoS prevention services in the future;

-- The majority of service providers responding to the survey said that compromised hosts -- commonly referred to as zombies or bots -- are everywhere. All respondents reported attacks involving thousands of compromised hosts, and that zombie networks, or botnets, are employed in well over half of all DDoS events;

-- Service providers that deployed botnet measurement and detection tools placed the largest botnet army observed in a single attack at approximately 20,000 infected hosts and up to one Gigabit;

-- Almost 30 percent of the service providers noted that the primary threat from worms is not their payloads, but the network congestion and subsequent denial of service they cause.

"This survey quantifies what industry insiders have known for quite some time," said Yankee Group Analyst Chris Liebert. "Denial of service and fast propagating worms are real problems for worldwide ISPs, and they continue to struggle with these attacks that are made against their customers. While these attacks often do not harm the ISP's network, they easily take down service to their customers. ISPs need to do everything possible to protect their clients from denial of service attacks and other Internet threats."

As security threats become more sophisticated and destructive, Arbor hopes that the findings within this report will assist ISPs as they make decisions on how to protect their mission-critical infrastructure.

"We conducted this report to uncover service providers' greatest security worries and to illuminate some of these security challenges that take place behind the scenes," said Danny McPherson, director of business research at Arbor Networks. "The report clearly indicates that an entire criminal economy is evolving around denial of service activity -- driving some service providers to offer new network-based security services to combat these attacks."

Arbor has been researching next-generation cyber threats and developing solutions that prevent these network attacks for the last five years. According to analysts, Arbor has more than a 70 percent share of the worldwide service provider infrastructure security market.

The first in an ongoing series of reports, Arbor's survey was conducted in cooperation with the Internet network security operations community and is intended to help network operators better understand the most significant security challenges that face the industry today.

To receive a copy of Arbor Network's worldwide ISP security report, please go to: http://www.arbor.net/sp_security_report.php.

ABOUT ARBOR NETWORKS

Arbor Networks ensures the security and operational integrity of the world's most critical networks. Arbor's solutions are based on the proven Peakflow platform, intelligent technology for network-wide data collection, analysis, anomaly detection, and threat mitigation. Peakflow provides real-time views of network activity enabling organizations to instantly protect against worms, DDoS attacks, insider misuse, and traffic and routing instability, as well as segment and harden networks from future threats. Peakflow successfully prevents costly downtime, network cleanup, and loss of customer confidence. Arbor is headquartered in Lexington, MA, with a research and development office in Ann Arbor, MI and overseas headquarters in London and Beijing. For more information, go to www.arbornetworks.com.