Ashley Stephenson, CTO at Corero Networks, explains why UCaaS wholesalers and ISPs need to think more carefully about the threat of DDoS attacks.
The IT and comms channels are converging as the old boundaries between VAR, SI and MSPs start to blur. With home working becoming a major trend, the channel community must adapt to supporting a diverse client base with more as-a-service offerings across collaboration, application delivery and telecoms. This position makes sense, but the channel is now more vulnerable to service disruption – especially from Distributed Denial of Service (DDoS) attacks that have risen significantly during the pandemic.
It has become incredibly easy for a traditional IT channel partner to resell Unified Communications as a Service. The number of channel focused UC providers has blossomed and an entire portfolio including end-clients, SIP Trunking and call management, mobile and data connectivity is available under white label agreements. Partners can offer their customers a ‘better than Zoom or Teams” experience and ultimately make more margin while strengthening customer retention.
When everything works well, it’s a great business model and considering there are 4.3 million businesses in the UK – there is still plenty of scope to grow. In 2023, Openreach will stop selling PSTN and ISDN products across its exchanges – and UK businesses are now moving over to Single Order Generic Ethernet Access (SoGEA) product for voice and data – a process that will impact around 1.3 million premises across the UK.
For the IT and comms channel – this is a potential goldrush as businesses with long term affiliation to legacy providers may be tempted to look elsewhere for a better deal. Alongside cost, cyber security and business continuity will be a key part of that selection process.
However, many all the underlying UCaaS vendors and their respective networks are vague about the level of protection they have in respect to DDoS attacks. There are a few that have very publicly highlighted their ability to protect against a sustained DDoS attack against their infrastructure and their on-net customers. Many CSPs and ISPs have baked DDoS protection into their services and are actively promoting this fact. However, the list of UC providers that make no mention of it in any public facing material or through search of their websites is surprising. A quick check of the 10 leading UCaaS providers in the UK shows that only three make any mention of protecting on-net customers against DDoS attacks.
Looking the other way
This is not entirely unexpected. At present, with PSTN and ISDN still prevalent and effectively shielded from potential DDoS, the interest of UCaaS providers has been around making the largely unsecure SIP protocol more hacker proof. Yet as we reach a situation where all fixed and wireless calls and data moves exclusively to IP – and largely flowing through key peering points, the potential for a DDoS attack that hits a top tier UCaaS provider that then knocks out services for potentially hundreds of thousands of businesses becomes more likely.
Another reason why parts of the UCaaS industry are not that interested in even broaching the subject of DDoS protection is that individual customers can build protection at their own edge. This can range from smart firewalls that will protect against simple, small-scale attacks – up to dedicated appliances and “as-a-service” offerings that act to scrub bad traffic before it reaches a target. A UCaaS provider offering DDoS protection within the network may need to charge extra – and in the cut throat competitive landscape of communications – it is just easier to put a head in the sand.
Instead, I would argue that UCaaS, both at a wholesale provider and channel partner resale level, should start to think about DDoS protection as a potential upsell or add-on feature to give customers the choice. To make this easy, partners can do this through resale of “as-a-service” offering or if they want better margins, through investment in on-premise hardware deployed within their network. Either way, adding DDoS protection can become a revenue gain rather than drain.
If the idea that a DDoS attack could completely shut down an ISP or CSP seems fanciful, consider the assault against AWS in February 2020. The DDoS attack targeted a specific customer using a newish technique that lasted three days and peaked at 2.3 terabits per second. In many ways, Amazon was the best protected target, and the damage was minor. However, the sheer scale of such an attack targeting a smaller UK comms provider would have effectively shut it down. And led to direct financial impact and reputational damage that is hard to recover from.
DDoS attacks have spiked during the pandemic – with OpenVPN based attacks rising by 400 per cent according to the latest Corero Threat Intelligence report. With more home working expected over the next few years, protection against these types of assaults is likely to become a key differentiator for businesses and channel partners looking for enhanced business continuity and resiliency from any UC service.