Fully Virtualized Bandwidth Management and DDoS Mitigation Provide Service Assurance and QoE
Bristol Virginia Utilities (BVU) is a utilities and internet service provider. Its service provider business offers telephone, cable TV, and advanced fiber-optic broadband services to over 13,000 subscribers in a 125 square-mile area located in Bristol, Virginia and south-west Virginia. BVU is recognized as the first municipal utility in the USA to deploy an all-fiber network offering the triple play of video, voice and data services.
BVU experienced an increase in the frequency and volume of DDoS attacks and it had reached a level where many attacks were impacting the customer experience. BVU needed to eliminate the negative effect of DDoS attacks to maintain its subscriber satisfaction. Using the network intelligence generated by the existing Allot Service Gateways on its network, BVU also identified multiple occasions when gamers launched attacks against other gamers. This discovery created an additional need to minimize the damage that these targeted DDoS attacks caused to unsuspecting subscribers.
The challenge was to offer BVU value-added security features that would protect its network from DDoS attacks without impacting network services and application performance. BVU needed a security solution that quickly identified inbound attacks, automatically mitigated those attacks, and provided protection with precision so that customers QoE remained unaffected. The solution also needed to be easy to integrate with their existing offering.
Allot DDoS Secure was activated on BVU’s network to provide DDoS detection and mitigation. DDoS Secure is a self-learning system that builds dynamic signatures in real-time. This approach protects against zero-day attacks and eliminates the need to manage an external database.
The following key features for DDoS Protection are provided in this solution:
- 100% inline packet and flow inspection
- Real-time detection and mitigation in under 2 minutes
- No performance degradation during attacks
- Dynamic attack signatures
- Detect zero-day attacks
- No need to maintain a signature database
- Targets attack flows
- Mitigation performed In-band, without scrubbing center
- Application and session awareness limits collateral damage
- Centralized GUI for real-time and historic attack reporting/threat analysis
- Real-time email alerts
- SIEM integration and Syslog support
BVU implemented Allot DDoS Secure for DDoS protection, running on Allot’s AC-6000 NetEnforcer to monitor and manage its data traffic and maximize subscribers’ QoE. The solution protects against DoS and DDoS floods using SYN, RST, ACK, unusual flag combinations, UDP floods, DNS floods, ICMP floods, fragmented packets, very large packets, runts, and unusual protocols. They have since reported that a significant number of attacks were successfully mitigated by the real-time detection of DDoS Secure and it continues to keep their network secure.
Real-time protection and mitigation
- 24/7 defense against the largest volumetric attacks, with mitigation bandwidth of Terabits per second
- Stop DDoS attacks at carrier backbone or network edge, far from users
- Mitigate inline without diverting massive data volumes to cloud scrubbing centers
Visibility and root cause intelligence
- Real-time visibility into attackers and their targets on the network
- Detailed reporting and threat analytics
- Treats root cause of infected endpoints so they can be stopped without affecting others
- Eliminates spammer abuse complaints and appearance on blacklists
Flexibility and cost savings
- Drives efficiencies with on-premise, cloud and/or hybrid deployment
- Lowers operational overhead through automated mitigation of internal spammers
- Accelerates ROI through full integration in Allot Service Gateway