infoTECH Feature

December 23, 2014

Greater Protection, Greater Revenue: Security as a Service for Hosting Providers

By TMCnet Special Guest
Joe Eskew, Vice President, NSFOCUS

According to the Identity Theft Resource Center, there had already been 744 data breaches and over 81 million recorders were exposed in the U.S. by Dec. of 2014, an increase of 24.8 percent over the same period last year. A 2013 survey conducted by the National Small Business Association found that 78 percent of organizations have experienced at least one data breach over the last two years. Not to mention the many high-profile security breaches that the big-name brands suffered in 2014, including Google (News - Alert).

Other than data breaches, attacks on data centers take many forms. CloudFlare, a CDN and anti-DDoS services provider and OVH, a large hosting provider in Europe, both reported NTP amplification attacks exceeding 350Gbps. 2014 could reasonably be called the “Year of the DDoS Attack.” Since the beginning of this year, hosting providers have begun to see an increase in multiple Network Time Protocol (NTP) amplification and reflection DDoS attacks.

In fact, earlier this year, a major data center in Australia detected a new, large-scale NTP amplification attack called a Combination Distributed Reflective Denial of Service (CDRDoS). Before the attack took place, the data center had seen the writing on the cybersecurity wall and updated its services to provide a variety of data scrubbing options for its clients in order to detect and mitigate DDoS threats. The implementation of the DDoS mitigation system couldn’t have come at a better time.

When the NTP attack occurred, the data center was pleased to find that the system did what it was designed to do: defend the data of the customer under attack while preventing the attack from interrupting its own business operations. Both the data center and its customers were able to stay online and conduct business as usual.

Being a Hosting Provider is No Longer Enough

As attack vectors increase, many hosting providers find that they need to ramp up their security offerings, essentially becoming a Security as a Service organization. The good news is that if implemented and managed properly, adding security as a service has the potential to generate new revenue streams for many hosting centers.

If you are a hosting or service provider company, whether it be website hosting, cloud computing, network, etc., it is time for you to take a good look at providing anti-DDoS as a marketable service.  Typically, when an attack occurs, the customer’s site is shut down – either by the hosting provider in an effort to protect its other customers, or by the attack itself. To prevent this kind of downtime, your customers will gladly pay extra for this anti-DDoS service.

What are the steps you should investigate when looking to offer Security as a Service? Here are three best practices to help you get started.

  1. The simplest answer is to build a cleaning center – or centers, depending on size, geographic diversification and available routing/bandwidth. This involves placing detection equipment at the edge routers and purpose-built scrubbing appliances that can have attack traffic easily routed to them. This solution is a good catch-all that works well against common DDoS attack types. Charges for this service will depend on your market.
  2. Offer anti-DDoS appliances or Web application firewall (WAF) appliance to end-customers that can auto-communicate with your cleaning centers.  In this way, you can provide more granular inspection for a specific customer’s traffic on premise. Each appliance is specially tuned, based on a wide variety of factors, and can act as a “speed bump” for even large-scale attacks. The smaller (in the 1-2 Gbps range) on-premises appliance detects even the harder-to-uncover layer-7 attacks (because the appliance knows this smaller environment, it can detect anomalies faster than a broad-based detection engine). If the attack is larger than the cleaning capacity of the smaller device, it can automatically signal the provider’s cleaning center to take the traffic and scrub it. This ensures that attack traffic gets mitigated quickly and business continuity is maintained.
  3. Deploy the layered approach above, but also look for a security provider that offers a subscription service to assist you with customer onboarding, fine-tuning and threat mitigation.  In this scenario, a security team provides proactive detection and prevention before the DDoS attack, response and mitigation during the DDoS attack and analysis and reporting after the DDoS attack. This will ease your administrative load while allowing you to offer aggressive SLAs for the service. The best part is, you can recoup the cost of this subscription as a pass-through to the customer.

Whichever route you choose, you will have built a well-rounded offering that enhances your brand. Your customers will be happy because they are not being “black-holed” (the process of shutting down the customer’s network access, thus sending all inbound requests into a proverbial black hole). You will be happy because potential attacks won’t impact your other customers. Best of all, you have the opportunity to generate additional revenue.

About the Author: Joe Eskew, vice president of NSFOCUS, previously served as the VP of worldwide sales - virtualization at Oracle (News - Alert). He played key roles at technology leaders IBM, Xerox PARC, Andersen Consulting, Citrix and Network Associates (McAfee/Intel). He graduated from the University of Southern California.




Edited by Maurice Nagle
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers