Windstream has introduced its new DDoS mitigation service, enabling business customers to identify and address attacks in real-time.
While Windstream has other services to combat distributed denial of service attacks, this new offering raises the company’s profile in the managed security space and complements the company’s enterprise-grade data and voice services.
Regardless of the size and number of attacks, the service includes both monitoring and mitigation for a predictable price. Customers benefit from proactive monitoring to quickly verify an attack and rapidly begin mitigation.
DDoS attacks are disruptive and can easily make an organization’s Internet circuit unavailable, impact their business and potentially put them in noncompliance with industry regulation. On average, the size and frequency of DDoS attacks are about 15 Gbps.
Trent Pham, head of products and security for Windstream, told FierceTelecom that the size of attacks tends to vary, but is growing.
“The size and frequency of attacks have increased,” Pham said. “We noticed that the sizes of attacks are between 5-15 Gbps, but that will vary between service providers.”
The key action for Windstream with its DDoS service is enabling customers to reduce downtime and minimize disruption to their daily operations. When an attack is occurring, Windstream will reach out to the customer and begin the verification and mitigation process.
Windstream’s DDoS Mitigation Service uses a network of scrubbing centers located at their PoPs that ingest and inspect attack traffic upstream from the customer’s network.
Keeping attacks at a distance helps insulate a corporation’s network while ensuring that customer traffic is uninterrupted. Customers also benefit from access to a secure service portal for visibility into real-time alerts, traffic data and mitigation activity.
“We’re thinking we can keep any downtime well below 30 minutes,” Pham said. “We’re also going to be able to provide customers who are on the Windstream network.”
Pham added that Windstream will offer automitigation to proactively monitor potential network attacks.
“With automitigation, we can predefine the types of attacks that are going to occur on the customer’s network,” Pham said. “Once we see that we’ll redirect the customer’s traffic without intervention to verify and that will happen in near real time.”
The new service is supported by its network backbone across distributed data centers that are designed to effectively scrub bad traffic.
These centers support the mitigation of amplification and application layer attacks with the support of a dedicated 24x7 Security Operations Center (SOC). At these centers, Windstream has implemented Arbor Networks’ TNS and Arbor Peak Flow platforms in many its PoPs including Atlanta and San Jose.
“These PoPs will load balance the attack traffic and it will go to the closest PoP where we have our traffic scrubbing centers to mitigate the attacks,” Pham said. “On top of that we have dedicated staff in our security centers, who are supporting this line of business only.”
Off-net, on-net support
Being a hybrid service provider that serves businesses as an ILEC and a CLEC in other territories where it does not have network facilities, Windstream’s DDoS service can support a mix of its own on-net and others' off-net traffic.
The service can monitor and mitigate traffic on the Windstream network and other ISPs from which the business customer gets its internet service.
“We’re happy to provide mitigation for customers when they’re on our network,” Pham said. “We’re going to also be able to mitigate off our network. If a customer has Windstream internet service that’s great, but if they don’t we’re also going to be able to monitor and protect that circuit as well.”
If Windstream is monitoring traffic flowing over another ISPs network, the service provider will use the Generic Routing Encapsulation (GRE) protocol. GRE can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an IP network.
“When a customer using an off-net connection, Windstream takes additional steps to register their network to announce it when there’s an attack to redirect into our network,” Pham said. “There’s an additional step at the beginning to preconfigure a GRE tunnel at our facility and the customer’s edge router and firewall.”
Being able to support off-net and on-net traffic is important because it takes the guesswork out of the business customers hands that one operator is not only operating the circuit, but also are ensuring it is secure.
“When our customers have multiple locations, they tend to have some locations on our network and what we’d like to do is give them a one-stop shop in terms of providing a DDoS mitigation service,” Pham said.