SOURCE: Arbor Networks

September 17, 2007 09:16 ET

Arbor Networks' Third-Annual Worldwide Infrastructure Security Report Highlights Botnets and Increased Size of DDoS Attacks as Growing Threat to ISPs

VoIP Vulnerabilities and Rise of Managed Services Also Highlighted in Report

LEXINGTON, MA--(Marketwire - September 17, 2007) - Arbor Networks, a leading provider of network security and operational performance for global business networks, released its third-annual Worldwide Infrastructure Security Report today in cooperation with the network security and operations communities. For the first time, botnets surpassed distributed denial of service attacks (DDoS) as the top threat identified by service providers.

Arbor Networks has long-standing customer relationships with more than 70% of the global service provider community, which enabled the company to gather input from 70 self-classified tier-1, tier-2 and hybrid IP network operators in North America, Europe and Asia for this year's report. Based on a 12-month period from July 2006 through June 2007, the results of the survey are designed to provide practical data to network operators so that they can make informed decisions about the use of network security technology to protect their mission-critical infrastructure.

Key findings from the report include:

Bots Overtake DDoS as Chief Security Concern

Unlike Arbor's previous editions of the survey, bots and botnets are now considered the most significant operational threat by ISPs, with distributed denial of service (DDoS) attacks coming in a close second. This year, a much larger percentage of the respondent pool believed bots and botnets to be a larger threat than DDoS attacks, perhaps providing some indication that botnet activity -- beyond just that of DDoS -- is more frequently impacting network security operations.

DDoS Attacks Going Pro

While mid-level DDoS attacks have plagued the Internet since 2000, survey respondents report a widening gap between common mid-level "amateur" attacks and multi-gigabit "professional" efforts involving tens of thousands of zombie hosts. Most surveyed ISPs reported significant improvements in the sophistication and coordination of DDoS attacks.

Attacks Outpace ISP Network Growth

During the last two years, most top-tier service providers completed significant investments in backbone infrastructure -- upgrading links from OC12/48 (2 gigabits per second; Gbps) to OC192 (10 Gbps). However, surveyed ISPs reported sustained attack rates exceeding 24 Gbps -- more than double the size of these recently upgraded links. Given that most individual core Internet backbone links today are no larger than 10 Gbps, most of the larger attacks today still inflict collateral damage on infrastructure upstream from the targets themselves.

VoIP is Vulnerable

Only 20 percent of ISPs surveyed currently have specific tools or mechanisms to monitor and detect threats against VoIP. This finding points to a vulnerability that service providers must address in the coming months.

Rise of Managed Security Services

As more mission-critical services are being converged onto IP-based networks, the demands on service providers to provide "clean pipe" services is escalating. This year's survey found a significant increase in the number of service providers offering managed DDoS detection and mitigation services. More than one third of surveyed providers reported offering DDoS managed security services; another one third indicated they plan to roll out such services in the next 24 months to better protect the networks of enterprise customers.

Conclusions

"Given that over half of the surveyed ISPs believe that they can effectively mitigate most Internet attacks against their backbone infrastructure and customers, many ISPs now believe they are ahead of the curve," said Danny McPherson, Arbor Networks chief research officer. "But all of this ISP optimism about infrastructure security should be tempered by the survey data on emerging critical infrastructure. Over half of surveyed providers said they had no means to either detect or mitigate attacks against DNS, and close to 90 percent have no means to protect critical VoIP infrastructure. One thing we know about cyber criminals is that they adapt and look for weaknesses. When it comes to network security, complacency should never be part of the equation."

For more information, please see the following:

--  Podcast Interview with Verizon Business on the key findings of the
    report http://www.arbornetworks.com/podcasts
    
--  Arbor Networks Blog Post
    http://asert.arbornetworks.com/2007/09/zombies-worms-and-flooded-oc192s-the-2007-infrastructure-security-report/
    
    
--  Narrated Powerpoint Presentation
    http://www.arbor.net/images/Webcasts/WWISP/
    
--  Arbor Network's third-annual Worldwide ISP Infrastructure Security
    Report:
    http://www.arbornetworks.com/report
    

About Arbor Networks

Arbor Networks delivers network security and operational performance for global business networks. Arbor's Network Behavioral Analysis (NBA) solutions are based on the Arbor Peakflow platform, providing real-time views of network activity which enable organizations to instantly protect against worms, DDoS attacks, insider misuse, and traffic and routing instability, as well as to segment and harden networks from future threats. Today, Arbor Networks' customer base is comprised of a broad range of service provider and enterprise customers within a variety of industries spanning the globe, demonstrating the depth and breadth of the company's security expertise. All rely on the Arbor Peakflow platform to prevent costly downtime, enable network cleanup and increase customer trust.

To learn more about Arbor Networks, please visit: http://www.arbornetworks.com. To learn more about the Arbor Security Engineering & Response Team (ASERT) -- the company's security research arm -- please visit the ASERT blog: http://asert.arbornetworks.com.

Note to Editors: Arbor Networks, Peakflow and the Arbor Networks logo are trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners.