Level 3 Communications is not widely known for its managed security services but the network operator is today announcing a new DDoS mitigation service that takes aim at the growing size of distributed denial of service attacks. Taking advantage of Level 3's substantial presence as an Internet backbone provider, the new service is designed to detect attacks in process, scrub affected traffic and return it securely to the affected enterprise. (See Level 3 Launches DDoS Mitigation Service.)
Level 3 Communications Inc. (NYSE: LVLT) offers a portfolio of managed security services that includes IP-VPN security gateways and intrusion detection/prevention capabilities but the company has been "a little quiet" about promoting its capabilities, admits Chris Richter, SVP of managed security services at Level 3 Communications Inc. (NYSE: LVLT). The carrier is being a bit more vocal about this latest offering because of its ability to ingest attacks as large as 4.6 terabits per second.
"What we are announcing is what we believe will be one of the largest DDoS mitigation services on the planet," Richter says.
Level 3 manages much of the Internet's backbone -- Richter says 70% of the net's traffic traverses the Level 3 network at some point -- and combined with its content delivery network and domain name system network, that gives the operator significant visibility into traffic patterns and awareness of "bad actors." By tracking data flowing between known problem sites and its customer sites, Level 3 can identify DDoS or other attacks in time to prevent them.
"We have done this to protect our own network and we are now in the process of commercializing a service for our customers around this," Richter says.
One thing Level 3 can do to prevent a DDoS attack is to interrupt the flow of traffic between the command and control source and the army of botnets it uses to create the DDoS attack. By constantly pulling and storing net flow data on Hadoop servers to be analyzed, Level 3 can identify attack sources for future tracking.
When an attack begins, Level 3 is in a better position to launch access control lists, which are firewall rules that can rate limit or block particular ports or block traffic between specific IP addresses, Richter says.
"We see 70% to 75% of Internet traffic on our core infrastructure and we can stop an attack from using our network, which forces the attack to find another path," he adds.
Level 3 can then use Border Gateway Protocol to direct the attack traffic to one of its seven scrubbing centers -- five are in North America and two are in Europe. An eighth will open in May in Sao Paolo, Brazil. Coming next year is a scrubbing center in Asia-Pacific.
Customers who subscribe to the DDoS mitigation offer aren't billed for the number or the volume of attacks because that's something they can't control, Rickert notes, but enterprises do pay for the connection from the scrubbing center back into their facilities, at whatever volume they choose.
— Carol Wilson, Editor-at-Large, Light Reading