Time for ISPs to step up to the security plate

Internet Service Providers (ISPs) have been called out by Corero Network Security, a US company that specialises in providing first line of defence services. It suggests that the inability of ISPs to offer secure Internet services is contributing to continued exploits of OpenSSL and Network Time Protocol (NTP) for cyber attacks.

The company has found that while organisations continue to spend millions of dollars on remediation and defences against these threats, their efforts lack any significant assistance from their ISPs. Security minded ISPs should share the responsibility for protecting against Distributed Denial of Service (DDoS) attacks and cyber threats by mitigating obvious attack traffic before it reaches their corporate customers’ networks.

One of the greatest security risks companies face is connecting their essential business infrastructures and applications to raw, unsecured Internet feeds. Even with traditional technologies and solutions in place, companies are still at risk from malicious traffic delivered by their ISPs. Technology exists to remove many known threats while they are still in transit, unfortunately, most ISPs have business models based on the volume of bandwidth they deliver rather than its quality or security.

As a result, enterprises are left with no choice but to fend for themselves. In fact, most ISPs are still delivering Heartbleed-related requests and NTP amplification attacks to corporate networks, undermining their customer’s ongoing efforts to remediate and defend against these very same threats.The recent Heartbleed (OpenSSL) cyber threat and Network Time Protocol (NTP) DDoS attacks are just two examples where pervasive Internet technologies were hijacked for nefarious goals.

“These attacks are most certainly just the tip of the iceberg when it comes to the ever-present threat of damaging Internet exploits. Ubiquitous-access and Net-neutrality do not constitute a justification for not discriminating between good and bad traffic,” said Ashley Stephenson, CEO, Corero Network Security.

Since the discovery of the Heartbleed vulnerability, many corporations have been on high alert, frantically testing and patching every potentially vulnerable OpenSSL system within their diverse online enterprises. In the process, they have spent millions of dollars on remediation and still do not know the true cost of responding to this exploit or if their systems are now secured.

Meanwhile ISPs could have inoculated their customers against Heartbleed by inspecting for and blocking Heartbleed request and response traffic in the very Internet feeds they are paid to deliver.

“It is time for a cyber revolution. Instead of taking an ‘every man for himself’ approach to battling cyber attacks, Internet Service Providers need to step forward and deliver protected Internet services that remove the known malicious traffic before it impacts their enterprise customers,” said Stephenson. “Many organisations understand the value that their ISPs could provide – beyond simply delivering bandwidth – and are willing to pay a fair price for the benefit of having known bad traffic removed from their business critical Internet feeds.”

Corero, perhaps not surprisingly, has an answer in the form of its recently introduced SmartWall Threat Defense System (TDS) that enables service providers of all types to deliver always on threat protection and visibility as a security service to their customers.

This is a critical next step for service providers to regain control of their networks from the cyber criminals who seek to exploit them. Enterprise customers will benefit from having malicious traffic intercepted before it hits their important online infrastructure, leaving them free to focus on delivering innovative and profitable new services to their customers.