Who would have ever thought that Akamai’s biggest customers shifting their content delivery efforts in-house and leaving Akamai with a ton of excess network capacity was a good thing? Well, it’s more than good – it’s great, because all that excess capacity can be used for a higher profit margin business – DDoS Mitigation. Recently, Krebs (Akamai customer) was targeted in a massive DDoS attack that was clocked at 620Gbps. That attack size surpasses the attack on CloudFlare coming in at 400Gbps and Incapsula at 470Gbps.
Some of the Largest DDoS Attacks
- Akamai: 620Gbps
- Incapsula: 470Gbps
- CloudFlare: 400Gbps
A few things come to mind in terms of industry impact. First, the 1Tbps DDoS attack is right around the corner. When that happens, everything will change because only a handful of companies will be able to thwart that size of an attack. And the defenders will be Akamai and a handful of others. The logic behind this is simple. When a large DDoS attack occurs against a telco like CenturyLink, who has a ton of capacity, they just null route the offending IP’s, blocking out good traffic and bad traffic. Telco’s can’t risk attacks impacting existing customers due to SLA’s and other government regulations.
Regarding CDNs, there’s a few that delivery 2Tbps – 5Tbps of traffic at any given time (average / sustained). Let’s say a CDN is delivering 4Tbps on sustained basis, and they have an overall capacity of 13.3Tbps (30% of average traffic) to accommodate spikes, and that CDN gets hit with a 1Tbps attack, existing customers will be impacted since one attack is 20% – 25% of average traffic.
And let’s remember that attack sizes are growing quickly, thus 2Tbps won’t be far away, especially with IoT devices becoming another instrument in the adversaries arsenal . Thus, Akamai is in a great position to further distance itself from the pack and create a dominant position in thwarting large scale DDoS attacks.