October 22, 2003 -- (WEB HOST INDUSTRY REVIEW) -- The increasing volume and sophistication of hack attacks in recent years has forced Web hosting companies to improve their defense systems or risk leaving themselves susceptible to having their networks compromised. To date, many hosting providers have relied on security systems developed in-house; however, hosts are increasingly looking to outsourcing providers, who bring specialized knowledge and experience to the table, for inexpensive and more effective solutions.
Texas-based dedicated hosting firm EV1Servers, formerly known as Rackshack, was one of those companies that relied exclusively on in-house solutions. But in March, the company was the victim of a massive Denial of Service attack that EV1Servers CTO Randy Williams described as "cyberterrorism." The attack succeeded in taking down several boxes within EV1Servers' network of over 13,000 dedicated servers. "It took us out," said Williams, who categorized the attack as being in the range of a couple hundred megabits. The attack directly impacted customers hosted on the affected servers, causing significant downtime, and directly impacting revenues and productivity. "It was devastating for our company," Williams explained.
The severity of the attack made it clear that EV1Servers would need to upgrade its security systems and an outsourced solution was the only alternative. "Certain types of attacks we could handle with systems we have developed," said Williams. But in the case of those the company couldn't handle, Williams said the firm realized it needed specialized hardware. In short, "there was no way we could have developed a solution... its way outside our line of business."
Enter Top Layer Networks, a Massachusetts-based provider of intrusion detection systems. "I couldn't find any other vendor that came anywhere close... that pretty much sums it up," said Williams, who looked at several vendors before deciding to go with Top Layer's Attack Mitigator IPS 2400, an intrusion prevention system (IPS) that detects, monitors, and blocks malicious attacks from entering the network infrastructure. The Attack Mitigator, a software/hardware appliance, is designed to block http worms, denial of service (DoS) attacks, SYN Floods, IP Spoofing, and other traffic and IP anomalies. EV1Servers deployed Attack Mitigator behind its routers and in front of the key operational servers that have been targets of the regular attacks about twice a month, according to Williams.
EV1Servers went with the Attack Mitigator because it was the only solution Williams believed was capable of performing at the levels it required. "The metric I was looking for was number of packets per second to mitigate," said Williams, and none of the vendors contacted were able to perform up to the 500,000 packets per second EV1Servers demanded.
Speed to deployment was also critical. Top Layer had Attack Mitigator up and running on EV1Servers' network within ten days from the initial time of contact. "There wasn't a great deal of customization," said Williams. "They brought it out, we plugged it in, we turned it on, did some testing... next thing I knew it was up and working." Abhay Joshi, director of business development for Top Layer, explained that experience, developed through 125 deployments, "much more than any other company in this space," was the main reason it was able to deploy the solution within such a short time frame.
Deploying an effective IPS like the Attack Mitigator can help hosts avoid the far-reaching implications of a network breach. An attack can have various negative effects. For customers, many of who are running transaction-based e-commerce sites, it can gravely affect business, and for hosts, downtime can damage its customer service reputation and put into question the credibility of the guarantees outlined in its service level agreement. When a customer is attacked, it can also become a threat to infect other customers housed within the same data center, notes Joshi. In this situation, hosts without an effective security solution in place are left with no other tangible alternative other than to unplug the customer that has been attacked, creating dreaded downtime. As Joshi explained, "Unplugging...has a tremendous impact on the end customer's business as well as for the hosting provider who is promoting business continuity and 24/7 operations."
As EV1Servers' experience shows, an IPS allows hosts and their customers to concentrate on their business, reducing the constant worry about how to protect against attacks. As Williams said, "I get a chuckle thinking about the guy that is attacking us and wondering how we do it."
