advertisement

Organizations of all shapes and sizes will certainly have more choices when it comes to DDoS defenses in the near future.

Can we monetize it?

[Images: Adobe Stock / JVLMediaUHD]

Fast Company Executive Board

The Fast Company Executive Board is a private, fee-based network of influential leaders, experts, executives, and entrepreneurs who share their insights with our audience.

BY Darren Anstee4 minute read

Can we monetize it? This is the key question internet service providers (ISPs) are asking right now when it comes to investment. I’ve talked before about ISPs tightening their security budgets when it comes to both new capabilities and maintenance. This has been quite pronounced in some regions, but as with everything there are exceptions—namely those investments that can be monetized to create new managed service revenue streams for an ISP.

The managed security services market is forecast to reach $52.9B by 2028, with the global distributed denial-of-service (DDoS) protection and mitigation security part of that (where I am focused) growing to $7.3B by 2027. This represents a CAGR of 13.2% from 2022-2027. A couple of things are driving this growth, including:

  • Increasing Threat Complexity: The increasing complexity of the threats businesses face, and the need for human expertise to configure, manage, and operate the required defensive technologies. This is coupled with an ongoing shortage of skilled security professionals, adding difficulty (and cost) to recruitment and retention efforts.
  • Increasing Cybersecurity Regulations: These are covering a broader spread of enterprise business verticals and a broader range of business sizes—necessitating the defenses mentioned above.

As a result of this, many organizations are now looking for managed services to augment their internal security capability, which is driving the market growth. Many different types of organizations offer managed security services; these range from specialists in specific areas of security (e.g., forensic investigation), to systems integrators, and of course, ISPs.

It’s the ISPs I’m going to focus on, as these are who I work with most often.

Compass Newsletter logo
Subscribe to the Compass newsletter.Fast Company's trending stories delivered to you daily

ISPs all around the world usually serve a mix of both consumer and business customers, and in most cases, they have seen a significant erosion in the value-per-bit of the connectivity services they provide. At the same time as this erosion in their base revenue, in order to remain competitive, they have had to deliver higher bandwidths and better-quality services to their customers, necessitating investment in transport infrastructure, distributed peering, content caching, and more. The net result is that every ISP is looking for new ways of increasing their revenue from their customers, and managed security services designed to defend enterprises from DDoS attacks are a focus at present.

ISPs are in a great position to offer a DDoS defensive capability to their customers, as they are already providing connectivity and already have a business relationship. Also, they see all of the traffic going into and out of their customers and can thus monitor any DDoS activity, and any changes in their customer’s attack surface. ISPs have a lot of expertise when it comes to identifying network-born threats—after all, their network is their business—and thus, they have both technology and human expertise in this area.

Now, ISPs offering DDoS protection to their customers isn’t anything new, but in the last 12 months, many of the ISPs that I work with have expressed a strong interest in broadening their service offerings to create additional revenue streams.

In many cases, ISPs already offer multiple tiers of DDoS protection services, at varying costs and with varying levels of per-customer tailoring, but they have tended to target these services at their larger enterprise customers. What I am seeing now is that ISPs are looking to offer automated, templated services to smaller enterprise customers. They are looking to bundle DDoS protection with software-defined wide-area network (SD-WAN) services, to protect end-point availability—given that SD-WAN endpoints are exposed to the internet, and DDoS, unlike MPLS virtual private network (VPN) endpoints. They are looking to include new value-add options, such as traffic visibility, indicator of compromise (IoC) matching, and packet forensics. And, in some cases, they are even looking at extending services down to specific consumers—for example, gamers.

These new services are designed to meet a new set of needs from a broader set of customers. An ever-increasing range of enterprises is aware of the threat DDoS poses to business continuity, given that every organization is now reliant on internet connectivity for pretty much everything, especially as hybrid working has become the norm. DDoS attacks are targeting a broader range of organizations across the world, driven by geo-political instability and a significant resurgence in hacktivism. In both cases, DDoS is being used as a mechanism to inflict damage on organizations or economies, with today’s attacks being more sophisticated than those in the past. The attacks don’t just focus on filling up network pipes, they focus more on taking down our stateful infrastructure, firewalls, and applications.

Successful defences against today’s DDoS attacks require both the right technology and the right operational processes. ISPs already have the technology deployed to defend their infrastructures from DDoS, and they use threat intelligence to adapt these defences to the current threat landscape, so that they can more proactively detect and mitigate attacks. Their solutions can often automate defensive actions against many types of attack, multiplying the capability of their human expertise in this area—allowing them to deliver and scale managed services very efficiently. And, of course, they know how to collaborate with their customers, and how to integrate and present the data their customers need for visibility into what’s going on.

So, in many cases, the base capability is there today, but it must be combined with sales enablement within the ISP, in new commercial models for fresh service add-ons, and in new operational processes. These parts take time, but they are happening in many ISPs across the world right now. Organizations of all shapes and sizes will certainly have more choices when it comes to DDoS defenses in the near future.

Finally—and back to the point of this article—if you are selling to ISPs, when it comes to getting them to invest in new or expanded capability, now more than ever, it is all about showing them how they make money.



ABOUT THE AUTHOR

Darren Anstee is CTO for Security at NETSCOUT, which helps assure digital business services against disruptions. Read Darren's Executive Profile here. More


Explore Topics