Level 3 Communications today announced the opening of three new traffic scrubbing centers in Asia-Pacific to deal with a steady rise in botnet attacks originating from that region. The new centers in Hong-Kong, Singapore and Tokyo will mean that potential attack traffic will no longer be backhauled to Level 3's West Coast scrubbing center to determine if it's safe to deliver.
Level 3 Communications Inc. (NYSE: LVLT)'s Threat Research Laboratory in Bloomfield, Colo., constantly monitors Internet traffic, analyzing 48 billion net flow sessions per day, and based on that analysis, there was an increase in botnet attacks originating in Asia warranting the investment.
"We determined through analysis that it was time to move the front line of defense out there," says Chris Richter, senior vice president of managed security services at Level 3. "This will benefit not only customers in Asia-Pac but also customers globally."
Even with its growth in botnet traffic, Asia-Pac, with 167 million in malicious traffic, trails distantly behind global leaders Russia (687 million) and the United States (615 million) in that regard, according to Level 3.
The benefit to those in Asia-Pacific of adding the three scrubbing centers is a reduction in latency of up to 300 milliseconds. Previously, traffic that was potentially suspicious, either because it came from an unknown source or displayed some other triggering characteristic, was transported across the Pacific Ocean to Level 3's Los Angeles scrubbing center for examination, introducing potential latency for traffic deemed to be okay.
"Having latency was better than getting a DDoS attack," Richter notes, "but having the scrubbing centers closer lets us deliver better service."
For global customers, attacks originating in Asia-Pacific are shut down more quickly, without consuming networks resources.
Level 3 now operates 11 scrubbing centers, including facilities in São Paulo, Frankfurt, London, Chicago, Dallas, Los Angeles, New York and Washington, D.C. Richter won't disclose how much it costs to add a scrubbing center, which includes the scrubbing technology itself but also proprietary data analysis tools and what he terms "beefy" routing to support the large traffic streams -- up to 40 Gbit/s -- its DDoS mitigation customers want.
He does admit that at one point Level 3 assumed it was done building scrubbing centers -- something he now says is no longer the case. "We will keep adding these," Richter says.
All of this is part of Level 3's efforts to differentiate its managed security services in an increasingly competitive market, and to convince enterprises that a network-based service makes more sense than trying to defend their own perimeter.
"We use our entire backbone as a mitigation tool," Richter says. "That allows our sensor infrastructure to analyze net flow data to determine the sources of attack, then we use our routing infrastructure to send out ACLs [access control lists} to our core routers at machine speed and get very granular with the type of filtering we can do on those ACLs on our router."
Traffic can be filtered by source and destination IP address, protocol, packet length and geography, and Richter says that kind of control at the core router level "can thwart 80% to 90% of Layer 3 and Layer 4 attack traffic."
— Carol Wilson, Editor-at-Large, Light Reading