Today we released the 5th Edition of the Worldwide Infrastructure Security Report (WISR), albeit a couple months later than we initially had intended (it had to take a backseat to some operational stuff). On the upside, it’s here now(!), and we doubled the respondent pool over last year, to include 132 respondents globally, with both wider geographic and organizational representation reflected.
The largest reported volumetric DDoS attack this cycle exceeded 49 Gbps sustained towards a single target, reported by a ‘large’ ISP in Europe. Beyond sheer attack size, respondents indicated that they are continuing to see attacks become more sophisticated, with attackers expressly aiming to exhaust resources other than bandwidth, such as firewalls, load-balancers, back-end database infrastructure and associated transaction capacity, cached data serving algorithms, etc. This increasing sophistication is a disconcerting trend that has been captured in previous editions of the survey as well, and one that continues to worry network operators. With observable consolidation of content sources and migration to multi-tenant cloud or hosted infrastructure and services (e.g., DNS), the risk of attacks that impact multiple entities and more commonly induce collateral damage is heightened.
Another resounding theme network operators expressed was that of considerable concern over the combinatorial effects of pending DNS SEC deployment, IPv4 address space exhaustion, corresponding IPv6 deployment acceleration, and 32-bit ASNs for the Internet’s inter-domain routing system, all within the next 12-24 months. Not since Classless Inter-domain Routing (CIDR) and BGPv4 in the early 90’s has the Internet experienced such a dramatic introduction of new protocols and capabilities within such a short timeframe. Of course, the difference today is that the Internet is the ‘de facto’ platform enabling global ecommerce, and the stability, security, and resiliency of that platform is of the utmost importance.
While we’re mostly about sharing empirical data here (ok, not always, but that aside :-), we continue to invest considerable time and effort into publishing the WISR in order to capture trends, concerns, not-always-intuitive operational constraints, and the general mood of the folks on the frontline of network security operations, namely for the benefit of such respondents, but for the industry in general as well. This report represents little more than our compilation of the collective feedback from the many network operators that took the time to complete the survey, and for that we thank them.
For a full copy of the report, go here .
On behalf of my co-authors (Roland Dobbins, Craig Labovitz, Jose Nazario & Mike Hollyman), we openly solicit and welcome your feedback on the report data and findings, or any related periphery topics.