Verisign Expands Cloud-based DDoS Protection
Citing a rise in the number and scope of distributed denial of service (DDoS) attacks across the Internet, Verisign is expanding its cloud-based DDoS protection service to cover small and midsize businesses that are increasingly frequent targets.
Until now, Verisign has been offering a high-end DDoS protection service to major financial services firms. Now, Verisign is taking that same set of home-grown DDoS detection and mitigation tools to a broader market.
BACKGROUND: The DDoS Hall of Shame
Verisign's DDoS Mitigation Service is available immediately to companies at a starting point as low as $35,000 per year, plus additional charges should an attack occur that is larger than 1Gbps. In addition to this proactive DDoS service, Verisign is offering a reactive service that allows a small company to call Verisign after an attack has occurred to stop it in the cloud before it reaches a particular website.
"We've had this at the very high end, but now we've changed the way we implement it," explains Ben Petro, senior vice president of network intelligence and availability at Verisign. "We've automated most of the process so its very, very low touch, which helps us" reduce the price, he adds.
Verisign has been quietly selling its DDoS Mitigation Service for several months, and has attracted dozens of customers.
"More than a third of our customers are name-brand larger companies that do hosting or provide Internet [services] ... another third are financial services and professional services firms and the other third are outside e-commerce in traditional fields like healthcare,'' Petro says.
Petro says it will be cheaper for companies to use a cloud-based DDoS mitigation service than it would be to purchase their own hardware from companies such as Cisco or Arbor Networks and hire the staff to operate this equipment. He says a typical onsite DDoS system will cost more than $100,000 for the equipment and requires up to 11 personnel to operate around-the-clock.
In a recent survey of 225 IT executives in the United States, Verisign found that an increasing number were concerned about DDoS protection: 78% were extremely or very concerned about DDOS attacks, and 71% that didn't have a DDoS system planned to implement one in the next year.
What's driving the interest in anti-DDoS solutions? A rise in the number of attacks and the size of the attacks. Nearly two-thirds -- 63% -- of the respondents to Verisign's survey said they had received a DDOS attack in the last 12 months. Even worse, 11% said they had been hit six or more times.
"A 50 megabit/sec attack used to be a big deal. Now we're seeing 84 gigabits of sustained traffic. No enterprise on the planet can withstand the bandwidth capability for that attack," Petro says. "If you have a 10 megabit pipe, and you receive a 10.1 megabit attack, you're done. That's why DDoS has to be mitigated in the cloud."
The survey found that DDoS attacks accounted for 33% of website downtime. Perhaps not surprisingly, more than two-thirds of respondents said their downtime impacted customers and half reported lost revenue as a result.
In related news, Verisign conducted separate research related to corporate DNS systems and found that companies that host their own DNS have an average DNS availability of 90.3% -- nearly 10% downtime -- while sites with managed DNS services have availability rates topping 98%.
"The vast majority of corporate America is not prepared for the burden of what they are asking DNS to do," Petro says, adding a plug for Verisign's managed DNS service, which has 6,400 customers.
Read more about wide area network in Network World's Wide Area Network section.