ISJ Exclusive: Navigating the new threat landscape


Share this content


Earlier this year, Neustar Security Services announced its network expansion with a PoP in Dubai, its 15th global node – Michael Smith, CTO gives ISJ the full story.

With our expansion in the Middle East, Neustar Security Services is filling a burgeoning demand for a local security presence that can ensure data sovereignty and low latency performance for customers in the region.

As a thriving commercial and financial hub, Dubai is home to many businesses which have contributed to the region’s increasing demand for data integrity and security. This new data centre will provide clients throughout the Middle East local end-to-end protection against the most common attacks that threaten web-based services and infrastructure including the volumetric and application-level DDoS-style attacks.

NSS’ strategy for the region – data integrity, security and reliability

This new Dubai node is the latest in a series of milestones from NSS. It follows the launch of our new offering UltraDNS2, as well as our recent partner expansion, including the signing of CyberArm, the company’s first partner in the Middle East.

As a company, we have invested heavily in a wide range of activities over the last year to consolidate our security offering. This latest endeavour significantly increases the capacity and resilience of our network, which now boasts more than 15 Terabits per second (Tbps) of total distributed-denial-of-service (DDoS) attack mitigation scrubbing capacity globally.

There have always been requests from partners and customers to deploy a PoP in a wide array of locations. Typically, most requests concern deploying a PoP – with its capacity and DDoS mitigation capabilities – either inside of or immediately adjacent to their hosting data centre in order to reduce the amount of latency going to their application and to address any known data sovereignty requirements.

This node underscores our commitment to continuously invest in NSS’ Ultra Secure infrastructure, ensuring that we maintain the largest and best-connected distributed DDoS and application security network in the world.

The new threat landscape requires a different tactic

There are several motivations behind this latest endeavour; of course, part of this relates back to our overall growth strategy. Whilst it is impossible to deploy everywhere, there is a process that helps most providers determine how and where we deploy a new PoP. Firstly, PoPs need be close to where our users or customers are situated in order to reduce last-mile latency. In doing so, we can access multiple network providers simultaneously and where attackers are so that we can isolate attack traffic inside of a particular region.

DDoS attacks’ have increased in volume and severity. Typically, their size depends upon the average bandwidth speed for endpoints on the Internet. As that speed increases, the size of DDoS attacks also increases. Our goal is to be able to have enough bandwidth to support multiple large DDoS attacks simultaneously; if we take the largest DDoS attack seen to date and multiply it by a factor of four to anticipate future attack volumes, that dictates what size our global capacity needs to be.

One of the more prevalent trends in DDoS attacks is carpet-bombing style attacks, in which a DDoS attack targets multiple IP addresses of an organisation within a very short time. These attacks move rapidly through targets in order to evade analysis and to avoid mitigation by cycling through attacks faster than the target can enable mitigation.

According to Neustar Security Services’ research, these accounted for 44% of total attacks last year. The largest measured 1.3 terabits per second (Tbps) and the longest-lasting attack clocked in at nine days, 22 hours and 42 minutes although the majority of attacks were over in minutes. Given the evolving threat landscape, security providers have had to evolve too.

For us as a provider, we need to add this always-on traffic into our calculation for global capacity. Of course, one of the advantages of being close to a PoP is that the latency from the PoP to a chosen data centre is minimised.

Over the past few years there has been an acceleration of existing trends – from the rise in DDoS and supply chain attacks – as well as a shift in customers’ expectations. Security teams need to maintain active awareness of their risk exposure and emerging threats and this has led to an increased reliance on external partners to protect their infrastructure, data and people. Naturally, this placed a tremendous strain on providers who feel responsible to delivering 24/7 security services and quicker response times.

Planning for the future

For more than five years, the company has channelled resources into re-architecting its platforms and significantly expanding its network capacity as well as its performance for domain name system (DNS) and DDoS services. We have introduced new solutions and features across our Ultra Secure suite of services, including integrating offerings for cloud WAF and bot management to address rising application security needs.

Neustar Security Services’ plan is to make the Dubai PoP fully operational to support customers that have users and data centres in the region. With regards to how this fits in with our wider strategy, we will continue to add to our global footprint, through new PoPs and boosting total bandwidth and, like most, we will announce improvements as we make them.

1-ISJ- ISJ Exclusive: Navigating the new threat landscape
Michael Smith, CTO, Neustar Security Services

This article was originally published in the November edition of International Security Journal. To read your FREE digital edition, click here.

Receive the latest breaking news straight to your inbox