As more bandwidth becomes generally available, network operators are realizing that fatter pipes are a double-edged sword.
A new security survey of 111 network operators conducted by Arbor Networks, a provider of security and monitoring tools for network operators, finds that there has been an over 100 percent increase in distributed denial of service (DDoS) attacks and that for the first time those attacks have exceeded the 100 gigabit-per-second barrier.
According to Paul Scanlon, a solutions architect for Arbor Networks, this increase in both the frequency and size of DDoS attacks means that cybercriminals are relying on brute-force tactics more than ever. However, those attacks are now accompanied by more subtle threats aimed at collecting data from specific files to create a blended attack vector that combines brute force with targeted attacks.
Those brute-force attacks, aimed primarily at DNS servers and HTTP traffic, are overwhelming firewalls and intrusion prevention systems, with 49 percent attributing a firewall or intrusion prevention system (IPS) directly to a DDoS attack.
Scanlon says the study shows that IT organizations of all sizes are going to need more robust security infrastructure just to keep pace with the amount of bandwidth that is available to enable a DDoS attack.
But that could be problematic; as IP4 addresses increasingly become exhausted, networks will rely more on IP6 addresses that could introduce potential security concerns. That’s also especially problematic because 60 percent of the network operators said they have no visibility into the packets on their networks.
In short, if network operators represent the front line of our collective security, the line is getting dangerously close to giving way.