ENTERPRISE TECHNOLOGY users endure poor protection against distributed denial-of-service (DDoS) attacks, and 85 percent would like to see swift changes, according to a new report from Corero Network Security.
Corero, which offers some kind of DDoS protection-as-a-service and often issues warnings about such threats, polled over 100 ISPs and 175 enterprise customers and found that some ISPs are absolute jokers when it comes to putting up DDoS barriers.
A significant 46 percent still use the outdated, expensive and slow technique of putting traffic through a scrubbing centre, which typically takes at least an hour to go from detection to mitigation.
Other options, such as the ‘black hole' in which all traffic is sucked away from the target destination, "essentially does a hacker's job for them", according to Corero.
"Using yesterday's tools to mitigate today's attacks may save ISPs costs in the short term, but it also puts their customers at greater risk of suffering a DDoS attack," said Dave Larson, chief operating officer at Corero.
"DDoS attacks cost large enterprises an average of $444,000 in lost revenues and IT spending. To any organisation relying on the internet to conduct business, the [financial] fallout from a DDoS attack can be exponential.
"This also represents an important capacity issue for ISPs. Rather than using up spare bandwidth by re-routing malicious traffic to a scrubbing centre, ISPs need to learn to ‘sweat their assets' by making their existing pipes work more effectively."
Larson is concerned that ISPs are not spending enough money on DDoS prevention as they are worried about increasing costs to customers.
"Telecoms providers are missing a trick here by selling on cost not quality. They have a golden opportunity to create valuable new revenue streams by providing a cleaner, more reliable pipe for their customers by adopting an always-on, in-line DDoS mitigation system," said Larson. µ
To hear more about security challenges, the threats they pose and how to combat them, sign up for The INQUIRER sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
You're not the voice, try and understand it
Not 'Appy bunnies
News reaches us, per Plex