Level 3 Communications' acquisition of DDoS mitigation company Black Lotus not only will let the company speed up its upgrade plans for its own DDoS mitigation service, but will also help it develop the ability to predict and thwart network attacks and data breaches quicker, says Chris Richter, senior vice president of managed security services at Level 3. (See Level 3 Buys DDoS Mitigation Firm Black Lotus.)
Level 3 Communications Inc. (NYSE: LVLT) launched its service for mitigating distributed denial of service (DDoS) attacks in February, Richter notes. Now Black Lotus brings not only advanced functionality but also engineering and development talent that will allow Level 3 to accelerate the course it established for that service, he says. (See Level 3 Brings Volume to DDoS Mitigation.)
"They have embedded technical and operational talent that will help us advance our product roadmap significantly and bring to market much more rapidly" the things Level 3 knows are important to its customers, Richter says.
For example, Black Lotus brings the capability for proxy DDoS mitigation, something Level 3 doesn't have today. Instead of just using BGP redirection of larger chunks of traffic to its seven global scrubbing centers, the proxy-based diversion lets Level 3 be much more granular in the traffic it targets for scrubbing, right down to a single IP address. Proxy-based DDoS mitigation also can be turned up more rapidly in emergency situations, he notes.
As importantly, Black Lotus brings both talent and capabilities that will let Level 3 move where Richter sees the market going -- beyond detection and mitigation of attacks to developing the ability to predict them. The escalation and growing sophistication of network threats is prompting customers to expect their security service providers to offer more in the way of protection, and developing the ability to predict and not just react to threats is one necessary approach, he says.
"Prediction is the future," Richter comments. "We need to develop the capability to predict attacks."
That will include using analytics to detect anomalies in network traffic, but also developing human behavior analytics to help track the movements of threat perpetrators, he notes, so that they can be detected more quickly and proactively disabled.
Level 3 offers its security services to enterprises that buy its network services but also as a standalone product, and that will continue, Richter says. "Our plan is to remain network-agnostic and develop our capabilities on the cyber-security front as much as possible."
As part of raising its profile, Level 3 recently issued a research report on botnets that emphasizes the danger of command and control systems, which can multiply quickly and not only launch DDoS attacks but also high-volume phishing, the method of acquiring names, passwords and other sensitive data by posing as a trustworthy entity.
"There haven't been a lot of reports that studies the movements of control and command systems, and we wanted to do this to enlighten everybody as to how these operate because they are mechanisms for stealing data," Richter notes.
Phishing is commonly used to install malware on computers and perpetrate use of botnets used in DDoS attacks. Those attacks are also being used in conjunction with data breaches, as diversions or efforts to mask the theft.
Security services are only likely to become more important to enterprises, who are less convinced of their own ability to protect themselves using perimeter-based intrusion detection and prevention methods. Level 3 is clearly upping its game to compete in that arena.
— Carol Wilson, Editor-at-Large, Light Reading