2020 was a busy year for cybercriminals. As COVID-19 drove a dramatic acceleration of digital transformation, almost everything moved online. Today, cybercriminals have more potential attack targets than ever before. At the same time, the ongoing rollout of 5G technologies has accelerated the proliferation of connected IoT devices, making it even easier to recruit a botnet army to launch DDoS attacks. Last year, we saw the largest DDoS attack take place – recorded at 2.3Tbps.
Recently, there have been new developments including blackmail threats with ransom payments demanded to prevent a DDoS attack. Ransom-related DDoS attacks are on the rise, extorting organizations to pay millions of dollars.
As DDoS attacks continue to grow in magnitude, frequency and sophistication, it’s no longer feasible to address this growing problem with traditional blackholing, out-of-band scrubbing centers and manual intervention. To help bridge this gap, Juniper and Corero have partnered to develop a revolutionary integrated solution to stop DDoS attacks by leveraging Juniper Networks® MX Series Universal Routing Platform and software intelligence. Our integrated joint DDoS solution delivers real-time detection and line-rate mitigation, scaling from 100 Gbps to 40 Tbps. The solution leverages always-on packet-level monitoring, automated machine analysis and infrastructure-based enforcement across the network edge.
Today, we’re introducing version 10.3 of the Corero SmartWall Threat Defense Director (TDD), with new features and enhancements:
- 5G DDoS visibility with GTP payload inspection and IP intelligence plug-in
- DDoS protection services with service portal and tenant-awareness
- Flexible traffic control with BGP policy and multivendor support
5G DDoS Visibility with GTP Payload Inspection and IP Intelligence Plug-in
5G will result in a 10- to 100-times increase in connected devices as well as faster speeds and higher bandwidth. While this is great news for consumers and businesses, cybercriminals will also take advantage of these new capabilities. Many IoT devices are fundamentally not secure and will rapidly become preferred targets for cybercriminals to leverage during cyberattacks. And with more available bandwidth to utilize, cybercriminals can generate more powerful DDoS attacks that can overwhelm any organization’s network and services.
We’ve become used to DDoS attacks being launched from the internet. But what if the DDoS attacks are coming from inside the network? For mobile carriers, what if subscribers’ devices unknowingly become infected and are weaponized into botnets which launch attacks on others? If that happens, and when further investigation traces back that the attack is from the mobile carrier’s network, the business could suffer significant reputational damage. Mobile carriers have very limited visibility into end users’ activities due to privacy protection, which is yet another challenge. This is why the ability to conduct threat inspection based on the patterns of inside network traffic is important.
With this release, SmartWall TDD can look for attacks from the subscriber side of mobile networks. This is enabled by the new GPRS Tunneling Protocol (GTP) payload inspection feature. GTP is used in all mobile networks, including 5G. With SmartWall TDD’s GTP payload inspection capability, mobile carriers can extract the tunnel endpoint identifier (TEID) inside the GTP header, then skip over the GTP header and look inside the encapsulated traffic to examine the packet payload. In addition, with the IP intelligence plug-in, carriers can track to which source country and to which ASN that the attack came from.
With GTP payload and IP intelligence visibility, mobile carriers can identify malicious activity, inform the subscribers and eventually stop the attacks. This way, mobile carriers can protect their brand reputation and even offer the protection as a value-add service to subscribers.
DDoS Protection Service with Service Portal and Tenant-Awareness
As DDoS attacks gain more volume, frequency and complexity, organizations increasingly look to service providers for DDoS protection services to augment their existing defense. The DDoS protection and mitigation market was valued at $2.01 billion in 2018 and is projected to reach $5.59 billion by 2026, growing at a CAGR of 13.6% from 2019 to 2026. Offering DDoS protection and mitigation services allow service providers to capitalize on high customer demand, develop a new revenue stream and stay more competitive in the market.
The SmartWall Service Portal is an optional component that enables service providers to offer DDoS protection as a managed service. Providers can view aggregate traffic data and analyze attacks across the entire network, protected by SmartWall TDD, and view traffic data and attack activities on a per-customer basis. Additionally, customers can log in to their own view of the service portal and see the attack information that relates to their organization. This enables them to immediately see the benefit of the DDoS protection service both historically and in real time.
With this release, we’ve added additional flexibility for providers to define services levels and have the policy automatically matched and applied to the different tiers of defined services levels. This gives service providers a stronger monetization strategy with different pricing associated with different tiers of protection services.
Flexible Traffic Control with BGP Policy and Multivendor Support
Today, when organizations encounter large-scale DDoS attacks, typically they either resort to blackholing or redirecting the traffic to a scrubbing center. With blackholing, certain tenant traffic can suffer from collateral damage and sometimes even go completely offline. Scrubbing services, which require backhauling the traffic and manual intervention, are often very costly.
Customers now have more BGP policy control with the SmartWall TDD 10.3. They can do more with the traffic before it gets to MX Series routers or choose to steer it to MX routers for inspection and mitigation. For example, if there are other vendors’ devices in the network, with this release, customers can have flexible control with the flowspec actions as a result of the BGP policy control.
Customers now get the powerful middle ground where they can actually do more of the filtering themselves with upstream traffic control, preventing their links from being saturated. Additionally, payloads of remaining traffic on the links are inspected and attacks are mitigated with MX routers powered by the Junos Trio chipset.
Seeing is Believing
Enhancing DDoS protection furthers our strategy and commitment on realizing the Juniper Connected Security vision, enabling the Threat-Aware Network for service providers and enterprises alike.
Please join us for an upcoming webinar on July 22nd to get a technical deep dive and see the live demo in action.