LEXINGTON, MA -- 11/11/08 --
Malicious attacks on networks continued to
grow at an alarming rate over the past year, according to a report issued
today by
Arbor Networks, a
leading provider of secure service control solutions for global business
networks. Arbor's fourth annual Worldwide Infrastructure Security Report
includes responses from nearly 70 IP network operators in North America,
South America, Europe and Asia, and is designed to provide useful data to
network operators so that they can make informed decisions about their use
of network security technology to protect their mission-critical
infrastructures.
Attacks Are on the Rise -- and More Sophisticated
In addition to a notable increase in the number of attacks against network
infrastructure, this year's report also found that smaller and more
sophisticated attacks -- including service-level and application-targeted
attacks, DNS poisoning, and route hijacking -- are more difficult to manage
than larger, brute force attacks and can cause a serious disruption in
network service or enable further compromise.
"Detection of application layer attacks is more difficult than with flood
based attacks," commented Danny McPherson, chief security officer for Arbor
Networks. "Providers need to have deep application insight into IP services
and applications -- such as DNS, HTTP, VoIP, IM and P2P -- in order to
identify, and mitigate such attacks. To do so effectively, ISPs today must
have the ability to detect and surgically remove only the attack traffic
while maintaining legitimate business traffic -- thereby ensuring the
highest level of customer satisfaction."
"Miscreants continue to ramp up their sophistication to infiltrate and
disrupt network resources," said Michael Suby, Director of Stratecast (a
Division of Frost & Sullivan). "This annual report from Arbor Networks is a
valuable resource for the service provider community and confirms the
evolving nature of threats and the challenges they present to service
providers worldwide. This is not the time to be dormant in taking action to
remediate."
Brute Force Attacks Are Growing Exponentially
Attacks on a network to make it unavailable to its intended users -- known
as distributed denial of service (DDoS) attacks -- were as large as 40
gigabits in the last year. The largest sustained attacks reported in the
last two years were 24 gigabits per second (Gbps) and 17 Gbps,
respectively, representing a 67% increase in attack scale over last year,
an increase of nearly 2.5x of the largest attack reported in 2006, and a
100-fold increase since 2001. Furthermore, 36% of survey respondents last
year reported observing sustained attacks larger than one Gbps. The number
of respondents observing one gigabit per second or larger attacks nearly
doubled this year.
"The growth in attack size continues to significantly outpace the
corresponding increase in underlying transmission speed and infrastructure
investment," said McPherson. "And, while most ISPs now have the
infrastructure to detect bandwidth flood attacks, we found that many still
lack the ability to quickly mitigate these attacks; only a small percentage
of the providers we surveyed said they have the capability to mitigate DDoS
attacks in 10 minutes or less. What's even more concerning is that even
fewer providers have the infrastructure to defend against service-level
attacks or this year's reported peak of a 40 gigabit flooding attack. This
is an area of weakness for operators that can be exploited quickly."
Botnets Are Still a Concern; VoIP and IPv6 Are Emerging Threats
Although network infrastructure is under constant attack from a number of
different vectors today, bots and botnets still rank highest as the largest
problem facing network operators in the next 12 months. Botnets (26%)
continue to be the primary vehicle for delivering the largest problems to
network operations and security engineers, followed closely by DNS cache
poisoning (23%) and BGP route hijacking (15%).
The survey also asked providers where new threats could emerge in the next
year. 55% of respondents said the scale and frequency of security threats
for IPv6 will increase as it becomes more widely deployed, while only 8% of
respondents believe threats will decrease with improved IPv6 deployment.
And although VoIP continues to be a rising attack vector for miscreants,
providers are underprepared to protect their VoIP infrastructure from
attack, the study found. Only 21% of respondents indicated that they had
tools in place to detect threats against VoIP infrastructure or services.
"This year's report underscores the twofold challenges faced by ISPs
today," said McPherson. "ISPs are currently waging a multi-faceted battle
as they face increased cost and revenue pressure, along with multi-threaded
attacks that are growing in size, frequency and sophistication. The good
news is that through improved communications and information sharing in the
operational security community -- this report included -- the service
provider community will be better prepared for the fight against Internet
threats today and in the future."
Operational Resources Are Strained
In addition to attacks that are growing in size and sophistication, this
year's report identified that service providers are facing increasing cost
and revenue pressure in a slowing global economy. As a result, operational
network security resources have become strained, and many organizations are
turning to Managed Security Services (MSS) -- network security management
from a network services provider.
"Many organizations generate most or all of their revenue from Web or other
network service transactions, and their Internet 'presence' is critical to
their fiscal well-being," said Rob Malan, co-founder and CTO of Arbor Networks.
"As a result, many organizations now consider a subscription to MSS as an
everyday cost of doing business on the Internet, and budget for these
services just as they would disaster recovery, data backups, and
traditional network redundancy." Overall, more than half of the providers
surveyed believe serious security threats will increase in the next year as
their security teams are hampered by fewer resources and increased
workload.
Multimedia:
-- Arbor Networks Blog Post with
additional details
-- Worldwide Infrastructure
Security Report
-- ASERT Flickr
page (for access to WISR charts)
About Arbor Networks
Arbor Networks is a leading provider of security and network management
solutions for global business networks, including more than 70 percent of
the world's Internet service providers and many of the largest enterprise
networks in use today. Arbor delivers secure service control solutions that
both protect global networks from the edge to the core from a host of
threats, as well as help customers gain network-wide visibility they can
translate into actionable business intelligence to generate new forms of
revenue and maintain a competitive advantage. Arbor's solutions give
customers a single, unified view into their networks' performance, helping
them to quickly detect anomalous behavior, mitigate threats and enforce
policy. Arbor also maintains the world's first globally scoped threat
analysis network -- ATLAS -- which uses technology embedded in the world's
largest ISP networks to sense and report on comprehensive worldwide threat
intelligence.
To learn more about Arbor Networks, please visit:
http://www.arbornetworks.com. To learn more about ATLAS, please visit:
http://atlas.arbor.net. To learn more about the Arbor Security Engineering
& Response Team (ASERT) -- the company's security research arm -- please
visit the ASERT blog: http://asert.arbornetworks.com.
Note to Editors: Arbor Networks, ATLAS and the Arbor Networks logo are
trademarks of Arbor Networks, Inc. All other brand names may be trademarks
of their respective owners.
