The fifth edition of this report was released on January 19, 2010.
Volume V Highlights:
• Attacks Shift to the Cloud: Nearly 35% of respondents believe that more sophisticated service and application attacks represent the largest operational threat over the next 12 months.
• Attack Size Still on the Rise, But at a Slower Pace: ISPs reported near doubling in peak distributed denial of service (DDoS) attack rates year-over-year.
• Internet Architecture and Operations Facing Perfect Storm: A convergence in issues is facing the Internet Architecture and Operations community.
• The Internet is not IPv6 Ready: The pending exhaustion of IPv4addresses and related concerns is a great source of uncertainty.
• Other Obstacles to Effective Threat Mitigation: A lack of skilled resources, clearly-defined operational policies/responsibilites, and management support are obstacles to effective threat mitigation.
To receive a free PDF copy of this report, please complete the form.
The largest reported volumetric DDoS attack this cycle exceeded 49 Gbps sustained towards a single target, reported by a ‘large’ ISP in Europe. Beyond sheer attack size, respondents indicated that they are continuing to see attacks become more sophisticated, with attackers expressly aiming to exhaust resources other than bandwidth, such as firewalls, load-balancers, back-end database infrastructure and associated transaction capacity, cached data serving algorithms, etc. This increasing sophistication is a disconcerting trend that has been captured in previous editions of the survey as well, and one that continues to worry network operators. With observable consolidation of content sources and migration to multi-tenant cloud or hosted infrastructure and services (e.g., DNS), the risk of attacks that impact multiple entities and more commonly induce collateral damage is heightened.
Another resounding theme network operators expressed was that of considerable concern over the combinatorial effects of pending DNS SEC deployment, IPv4 address space exhaustion, corresponding IPv6 deployment acceleration, and 32-bit ASNs for the Internet’s inter-domain routing system, all within the next 12-24 months. Not since Classless Inter-domain Routing (CIDR) and BGPv4 in the early 90’s has the Internet experienced such a dramatic introduction of new protocols and capabilities within such a short timeframe. Of course, the difference today is that the Internet is the ‘de facto’ platform enabling global ecommerce, and the stability, security, and resiliency of that platform is of the utmost importance.
While we’re mostly about sharing empirical data here (ok, not always, but that aside :-), we continue to invest considerable time and effort into publishing the WISR in order to capture trends, concerns, not-always-intuitive operational constraints, and the general mood of the folks on the frontline of network security operations, namely for the benefit of such respondents, but for the industry in general as well. This report represents little more than our compilation of the collective feedback from the many network operators that took the time to complete the survey, and for that we thank them.