Nokia Deepfield analysis examined overall changes in internet traffic pattern, with a specific focus on DDoS security.
Nokia Deepfield’s global DDoS traffic analysis, which examined service provider network traffic encompassing thousands of routers on the internet between January 2020 and May 2021, revealed over 100% increase in daily DDoS peak traffic in this time period; newly identified DDoS threat potential over 10 Tbps – four to five times higher than the largest current attacks reported – due to rapidly growing number of open and insecure internet services and IoT devices.
Dr. Craig Labovitz, CTO, Nokia Deepfield, who presented the findings at a virtual event said, “It is equally important for every participant in the network security ecosystem – end users, vendors, service providers, cloud builders, regulators and governments – to understand the dangers DDoS poses to the availability of internet content, applications and critical connectivity services.”
“With the new Nokia Deepfield Defender solution, we take a unique approach in leveraging the combined power of high-performance IP networks and big data analytics to protect the network on all fronts from all volumetric DDoS attacks, at petabit scale, without lifting a hand. It will allow network operators to make a big leap towards improving overall security and availability of their networks and services for all their customers,” he added.
In an environment where attackers constantly leverage opportunistic resources to source their attacks, Nokia Deepfield found in the past 15 months accessibility of DDoS for hire services has increased the threat potential of the existing botnet, IoT and cloud-based attack models. The results trace the origins of most of the high-bandwidth, high-intensity (volumetric) attacks to a limited number of internet domains, finding that most global DDoS attacks (by frequency and traffic volume) originate in less than 50 hosting companies and regional providers.
As COVID lockdown measures were implemented in 2020, Nokia Deepfield noticed a 40-50% increase in DDoS traffic. The continued increases in intensity, frequency and sophistication of DDoS attacks have resulted in a 100% increase in the “high watermark levels” of DDoS daily peaks – from 1.5 Tbps (January 2020) to over 3 Tbps (May 2021).
The newly enhanced Nokia Deepfield Defender is capable of providing fast and accurate DDoS detection and mitigation of volumetric DDoS attacks at the network edge. Deepfield Defender can scale to petabyte-levels with features such as multi-layer protection and auto-mitigation to deliver an intelligent and automated approach to stop security risks associated with a new generation of DDoS threats and attacks.
Nokia Deepfield Defender drawing DDoS security expertise from its global network deployments and insights from Deepfield Security Genome to detect hosts, botnets and IoT devices involved in active attacks, and programs router-based mitigation with tens/hundreds of thousands of highly precise filters resulting in network-wide, cost-effective DDoS protection.
Nokia Deepfield Defender is a component of the Deepfield portfolio of IP network intelligence, analytics and security applications and uses network-based big data. The advanced analytics are combined with the embedded, multi-layer network security capabilities of Nokia 7750 Service Router and 7950 XRS routers to eliminate highly distributed, high-volume DDoS attacks from impacting service provider networks and customers.
Nokia Deepfield’s DDoS traffic analysis is based on a large global sample of service providers, ranging from companies which provide global transit and residential broadband services, to regional providers, Content Delivery Networks (CDNs), webscale and hosting companies. The analysis examined overall changes in internet traffic pattern, with a specific focus on DDoS security.