Spreading Worms Waste ISP Resources --- Rawlson O'Neil King --- Online Security

Online Security, a global provider of computer forensics and information technology risk mitigation since 1997

Original Source: http://www.thewhir.com/king/worm-waste.cfm

Spreading Worms Waste ISP Resources
Author: Rawlson O'Neil King

According to a recently published industry white paper, "each new Internet worm attack brings with it a flurry of media coverage and dire predictions about the threat to information technology and the economy as a whole. But while the impact of worms and denial-of-services attacks on enterprise networks has been extensively researched, no organization has properly examined their impact on broadband service providers."

Sandvine Incorporated (sandvine.com), a Canadian IT security firm, has attempted to rectify this situation by conducting a study and releasing a white paper entitled "Worms Gobbling Broadband Profits," which quantifies the financial impact of Internet worms and denial-of-service (DoS) attacks on Internet service providers.

"The quickening pace of worm attacks makes understanding their impact on service providers increasingly urgent," said Tom Donnelly, co-founder and VP, marketing and sales of Sandvine Incorporated. "Worms exact a massive toll by forcing service providers to mobilize premium resources in order to quell attacks and protect the subscriber experience. Uncovering the true costs and inefficiencies that worms impose on the broadband sector is crucial if we're going to identify appropriate solutions."

Working from metrics derived from its customers and selected industry sources, the firm estimates that worm attacks are costing North American service providers as much as $245 million each year. Sandvine's research also shows that between two and 12 percent of all Internet traffic is malicious.

The report also finds that even in well-run service provider networks with dedicated security departments, malicious traffic constitutes, on average, five percent of data throughput.

Alone, five percent may not seem like a troubling metric. But the malformed nature of malicious traffic multiplies its negative impact on broadband infrastructure. The collective probing and propagating behavior of worms causes routers and flow-based devices to exhaust resources. Processing even this level of malicious traffic degrades the broadband experience.

The firm goes on to report that this year, worm attacks will cost a typical 100,000-subscriber service provider almost $60,000 in avoidable transit fees. A million-subscriber provider will pay an additional $350,000. These impacts are intensified by the relative inability of service providers to mitigate malicious traffic on the network while worm and denial-of-service attacks are underway. The result, according to the study, is that service providers must deal with increased labor costs associated with event-level and ongoing level attacks. Also, service providers are impacted by the erosion of brand equity and by customer churn precipitated by consumer dissatisfaction. As a result, service providers need to find ways to mitigate the threat and financial impact which Internet worms and denial-of-service attacks pose.

New tools are emerging that assists providers to reduce DoS risks. Sandvine's main product is a "policy traffic switch" or PTS, which acts to reduce the impact of worm and DoS attacks. The Sandvine PTS 8210 automatically obtains new worm signatures from the firm as they are identified and isolated by the firm's research team. The signatures immediately eliminate worms as they are identified and blocked.

Riverhead Networks (riverhead.com) also delivers a powerful family of solutions for detecting and defeating complex and sophisticated DoS attacks. Riverhead products also not only detect the presence of a DoS attack but also actually identify and block the malicious flows in real time - without affecting the flow of legitimate, mission-critical transactions.

The firm offers two different products: the Riverhead Detector, which detects DoS, worm and other attacks and reports on their characteristics; and the Riverhead Guard, which performs the per-flow level attack analysis, identification and mitigation services that block attack traffic.

Service providers must consider the implementation of these tools, and others like them, in order to mitigate the costs and damage to network performance and corporate reputation that Internet worm attacks and denial-of-service attacks pose.