Author Archives: Mark Van Sweringen

What Is The Future Of Internet Security?

What Is The Future Of Internet Security?

What if you woke up tomorrow and couldn’t access Facebook. Next you try Google and nothing happens. Next it’s CNN.com and Wikipedia. 

Nothing resolves and nothing works. Now, imagine this is not a short lived outage but days, weeks, even months.

This is a potential reality. What would businesses do? Think about banking, transportation, and healthcare. Every single industry relies on the internet to do business and keep our lives running.

As bandwidth availability continues to increase, there is a real threat of a distributed attack on the nation’s core infrastructure that could paralyze our world. We are tracking daily these attacks from Asia and Eastern Europe that are testing our vulnerabilities.

A few weeks ago, we saw a 25% packet loss across the backbone of the internet when the New York Stock Exchange was impacted. That same day United Airlines suffered outages due to that same flood. Many other businesses and government entities were impacted that day as well. Those attacks weren’t aimed at those businesses, but the carriers who service them.

Just like the Velociraptors in the original Jurassic Park movie, our enemies are testing our defenses. They are poking and prodding daily, finding our weaknesses. In the last week, core Level 3 routes were impacted by one of the worst sustained floods in recent months. Google DNS servers were also halted for more than 5 minutes, which is unprecedented.

In addition to increasing bandwidth, compute is becoming more accessible. Today you can purchase a Raspberry Pi device that has a 100MB interface for $39.  Many similar ARM SOCs (systems on a chip) are shipping with 1GBe interfaces. Most are less than $40. Someone with access to a 10Gbe circuit and an array of these compute nodes would have the distributed power equivalent of a State Sponsored action just 5 years ago.

We have to be thinking in future terms. At Axiom, we are developing devices that could have stopped these attacks at the upstream provider. What is needed, what Axiom is refining, is a compute solution that is designed to fight back. #FightBackWithAxiom. The answer is not to deny packets, not to black-hole packets, but to use a software defined algorithm that actively fights back and mitigates the attack. Not just at a single layer of the OSI model but at all of them.

In the past, flood attacks often used a single protocol as an attack vector. Since these kind of attacks are becoming easier to mitigate, attackers are evolving, adapting and creating new ways to attack specifically at the application layer, hitting you where it hurts. The best intruder will always use an open front door.

Axiom’s algorithm combined with our compute nodes is designed to mitigate an attack at any layer.

We are working with devices up to and including 100Gbe bonded interfaces, utilizing 400Gbe mitigation and TB switching fabric at the carrier level to stop these attacks before they ever get to the end customer.

Distributed denial of service (DDoS) is the new normal. We must fight back. #FightBackWithAxiom