Tier-1 Fixed Broadband Operator, APAC

cs-wave-line

Tier-1 CSP Assures Service Availability and QoE by Neutralizing Outbound IoT DDoS attacks

About the Tier-1 Operator

As one of the leading info-communications companies in the APAC region, this tier 1 broadband operator offers a full range of information, communications and entertainment services for both consumer and corporate markets. The operator’s mobile network provides 4G, 3G and 2G services, while their HFC network delivers high-speed residential broadband services.

Challenge

ecently, the fixed network of this APAC tier 1 operator was hit by a massive zero-day DDoS attack on its Domain Name Services (DNS) infrastructure. The attack overwhelmed the DNS systems and disrupted service to millions of customers. Surprisingly, the Denial of Service attack originated from compromised IoT devices including routers and webcams used by customers connected to the mobile network. The attackers used port scanning techniques to identify vulnerable devices and used brute force login to gain access and take control, turning compromised devices into botnets that could launch powerful DDoS attacks. While the operator already had solutions from Arbor Networks and Radware deployed at the perimeter to defend against incoming DDoS attacks, they were completely blind to anomalous activity and attacks coming from within the network. Following the downtime and damage caused by this massive outbound attack, the APAC tier-1 operator sought an immediate solution to strengthen existing defenses and to enable fast detection and mitigation of outbound attacks originating inside their network.

Solution

In response to the massive attack, Allot’s professional services team were called in to help. Allot Service Gateway platforms are already deployed in the operator’s core network, providing a granular data source and real-time record streaming to external systems. These multiservice platforms also host Allot DDoS Protection and Bot Containment services. No additional installation is required. All the operator had to do as activate the relevant software license in their platforms.

Once the service was activated, Allot’s Host Behavior Anomaly Detection (HBAD) technology started to monitor and learn the normal traffic patterns in the operator’s network. A normal traffic profile is achieved in approximately 2 hours and is continuously refined so that traffic anomalies can be instantly spotted. Almost immediately, the operator was able to see anomalous endpoint activity, attempts to port scan connected devices by already-infected IoT devices, and suspicious traffic that acted like outbound spam.

They continued to evaluate Allot Bot Containment service for a period of one month. During that time, they were able to detect all suspicious activity, identify and block anomalous behavior, and isolate misbehaving or infected IoT devices from the network as needed. Pleased with Allot’s solution in strengthening its network defense, the APAC tier-1 operator decided to “switch on” both DDoS Protection and Bot Containment services in all of their Allot Service Gateway platforms, managed via a virtualized control console that gives them real-time alerts, event reports and accurate threat intelligence.

Allot Bot Containment protects networks against outbound DDoS attack from infected or malfunctioning IoT devices

Benefits

By activating Allot DDoS Protection and Bot Containment services in already-deployed Allot Service Gateway multiservice platforms, this APAC tier-1 operator is able to:

  • Protect service availability from outbound IoT DDoS attacks, in addition to inbound DDoS Protection already deployed
  • Save time and expense by activating IoT DDoS protection immediately in dozens of locations without having to install new equipment or reconfigure network elements
  • Gain full visibility of inbound and outbound threats, and valuable threat intelligence that previously was not available.

Conclusion

What began as a major crisis turned out to be a huge success as this APAC tier-1 operator leveraged the Allot multiservice platforms already deployed in their network to detect and stop anomalous traffic from connected IoT devices, and to establish a highly effective defense against IoT DDoS threats coming from inside the network.

Allot DDoS Protection and Bot Containment services enabled immediate and effective IoT DDoS defense without installing new equipment or altering existing security systems.

Challenge

Find an immediate and effective solution to IoT DDoS attacks originating from connected devices in the Operator network. Current anti-DDoS solutions were blind to outbound traffic.

Solution

Activate Allot Bot Containment solution in Allot Service Gateway platforms already deployed in the network. Bot Containment and DDoS Protection are among the many services delivered by Allot multiservice platforms.

Benefits

  • Resolve urgent security threat rapidly and cost-effectively
  • Prevent IoT threats from disrupting network service
  • Gain visibility and insight on IoT device traffic and anomalous behavior