In September 2016, the United States internet infrastructure took a heavy blow that left many of the Fortune 500 businesses in digital darkness. The attack, initially pinned on a hostile nation-state, was in fact the work of teenagers wielding a botnet of about 100,000 IoT devices.
Today, the COVID-19 pandemic has forced many to suddenly start working from home, no matter their connection and, most importantly, the security of their home network. This spike of remote workers relies on residential connections that are oversubscribed and overflooded with bad traffic. They connect an estimated 20 billion smart devices to their home networks, which can be just as vulnerable as the ones that made Mirai possible back in late 2016.
The strain of dealing with so many people online at the same time is already taking its toll on the ISP network, creating disruptions and slowdowns without having to handle additional bad traffic from compromised IoT devices.
But with the right technology in place, modern ISPs can protect their network and their users’ experience against DDoS attacks without having to cut off Internet access for entire households. In an age in which remote workers and businesses are depending on reliable connections to keep the economy afloat, implementing the right solution is no longer a nice-to-have; it’s a necessity.
A recent report published by Distil Networks shows that more than 20% of the world’s traffic comes from bad bots. This includes website scrapers, hostile web crawlers and, ultimately, smart baby cameras trying to launch a coordinated attack against random businesses on the other side of the globe.
DoS protection is a problem even in the best of times, and it can become an issue when the network is flooded by activity. Usually, it’s not difficult to distinguish between bad and legitimate traffic, but 1 billion people staying at home could create confusion as to what constitutes a botnet traffic, particularly when it comes from an army of zombie devices spread across the world.
The ability to distinguish between good and bad traffic is now more essential than ever for an Internet Service Provider. The 20% of global traffic considered to be bad traffic, which can normally be accommodated by the Internet Service Provider, is now 20% more than service providers can afford to carry.
In addition to the extra traffic count, the bad traffic which leaves a network has additional effects on how your service is perceived by your users. Once malicious traffic is identified, the victim’s only option is to refuse incoming connections from a specific IP or – in the case of repeat offenders – IP blocks. Given how most Internet Service Providers allocate a different IP address on every reconnect, this may result in the wrong subscribers being denied access to the Internet and, subsequently, an increase in support calls.
The right solution – DoS Protection for ISPs
Tackling the problem directly at the ISP level is the best possible solution, as customers won’t be affected if traffic issues never leave the residential LAN.
The Internet traffic already creates problems in itself, just by sheer volume. Having to deal with a potential DoS attacks on top of that dramatically impacts operational costs for the service provider or on the end of a business, given that the new pandemic reality has forced many companies to move their business exclusively online.
We understand that the challenges currently faced by ISPs in a world flooded by traffic, stretching the capabilities of the network infrastructure, requires a solution that can mitigate the disruptive impact. This is why we’re opening up our DoS Protection technology to ISPs through the Bitdefender IoT Security Platform.
What is the Bitdefender IoT Security Platform?
The Bitdefender IoT Security Platform is an all-in-one solution for the security, privacy and device management of connected consumers. Perfected over more than 5 years, the platform includes DoS Protection technology that can stop abnormal behavior at device-level. This hassle-free approach enables ISPs to block specific IoT devices from launching DoS attacks instead of having to cut Internet access to the entire household.
The technology is currently deployed in products and vendors such as NETGEAR, WatchGuard, and many others. We support our ISP partners with end-to-end integration with their equipment, customer support, and subscription management capabilities. The platform’s modular nature allows custom implementation on different levels, starting from the top (ISPs) all the way down to the user’s endpoint.
Furthermore, the platform is also available for lower performance devices, where heavy local processing would impact end-user QoS due to hardware constraints. It comes with support for all existing architectures in networking equipment, allowing ISPs to avoid service interruptions and the need to recall equipment.
Implementing such DoS protection solutions provides clear benefits to ISPs, including better customer satisfaction & retention, increased share of wallet, and the ability to protect the network and equipment with lower support costs. The Bitdefender IoT Security Platform is the only such solution that can deliver all of this and more, as the backbone of self-improving AI and the enveloping networking ecosystem constantly evolves to tackle new threats and challenges.