Security Strategies

Windstream Joins DDoS Mitigation Effort

Windstream today launched its latest advanced service for the business market, bringing a DDoS Mitigation Service to market in response to growing customer demand.

The frequency and duration of distributed denial of service (DDoS) attacks has reached a point where businesses that once relied on traditional approaches to network security are now asking for specific measures to keep their networks up and running, says Trent Pham, head of security for Windstream Communications Inc. (Nasdaq: WIN).

And while Windstream isn't early to the party of offering DDoS mitigation, it is working to address its business customers' specific needs by offering a service that will capture DDoS traffic aimed at sites that it serves and those served by other network operators. That traffic is then directed to one of three scrubbing centers before being directed to the customer, either over Windstream's network or via a secure tunnel through another operator's network.

"Customers have tried to buffer DDoS attacks by using burstable networks and their own premises technology," Pham says in an interview. "But once the attack is larger than the last mile, it nullifies any type of solution that an enterprise might have put in place."

DDoS attacks today reach an average of 15 Gbit/s in the Windstream network, and average between 5 and 50 Gbit/s elsewhere, he says. There are massive attacks such as the recent Cloudslayer that "take advantage of protocols that can create a volumetric attack" and any of these would completely overwhelm an enterprise-based solution, Pham notes.

Windstream's DDoS Mitigation is based on its national fiber backbone, three distributed scrubbing centers and multiple other points of presence. DDoS traffic is redirected to a scrubbing center and mitigated then clean traffic is passed on to the business, with only a small degree of latency that most companies find easily tolerable, Pham says.

Windstream offers both monitoring and mitigation in a pricing plan that is reasonable and predictable, for both on-net locations and off-net sites. Most of Windstream's larger customers are multi-location, and invariably some of their locations are on other networks, he says. Proactive monitoring enables Windstream to detect an attack in progress and rapidly begin mitigation, although in many instances there is verification with the customer to make sure the traffic spike is not caused by business applications.

The service visibility offered includes traffic reports that show the composition of traffic, its volume and where it's headed; alert data for potential attacks; and details of any mitigation efforts so that businesses can address persistent issues, Pham says.

The primary goal is keeping the network up and running, which is crucial for companies in most industry verticals, including financial services, data center services, education, government and healthcare. Any business with a web presence is vulnerable to attack, Pham says.

— Carol Wilson, Editor-at-Large, Light Reading

Michelle 10/24/2017 | 8:12:36 PM
Joining the ranks This is good. I don't know a lot about DDoS mitigation, but this solution seems like a good option.
Yulot 10/25/2017 | 9:33:48 AM
DDoS are not all volumetric A common error across the industry is to only associate DDoS to volumetric attacks (i.e. a wave of layer 3 traffic meant to congest the internet pipe or exhaust data center equipments). Historically the first large denial of service attacks some 10+ years ago were volumetric in essence, however today volumetric attacks only represent 25% of the DDoS campaigns across the industry and most attacks causing denial of services use multiple vectors in a strategic way (volumetric too, but synchronized DNS queries from botnets, low bandwidth attacks like slowloris, brute force, etc..., they also use the growing encrypted traffic as trojan horse, etc).

Some providers are better prepared than others. But too many only look for traffic increase above a "normal" threshold and base their mitigation on getting rid of whatever traffic is above that arbitrary value. It does not necessarily mean they are mitigating attacks accurately (sometimes denying good traffic themselves). In addition, if they are providing security/DDoS services to 3rd party enterprises or government organizations which rely on their online presence to sell or operate, this will result in mitigating good traffic and revenue altogether (in particular during high traffic season like Black Friday or other flash crowd events).

The attacks on Spanish government bodies and some companies by Anonymous in Spain last week (in retaliation for the Catalan independence attempt) went through providers DDoS cloud like a hot knife through butter. They did not even realize their customers had several hours outages. So very important to understand what for vectors are protected by their service (going deeper than DDoS)? how do they detect? how long takes detection vs mitigation? Is it done by humans or behavioral technology based? etc...

Sign In