September 22, 2016 is the ugliest day in history for the DDoS Mitigation industry. It was a fiasco for Akamai and a black eye for every DDoS Mitigation company in the market. Now that things are getting back to normal, many lessons were learned, and we now have some takeaways from this episode. The first takeaway: the entire CDN industry, including those companies raving about how big their networks are, are in way over their heads. If one 620Gbps attack can create panic, and disrupt Akamai’s day to day operations, how will other companies, who are much smaller, deal with these large attacks, which will continue to grow exponentially.
Now, let’s go on to some data points. Josh Shaul, Akamai’s Vice President of Web Security described the attack on Brian Krebs as “the worst denial-of-service attack we’ve ever seen” and “if this kind of thing is sustained, we’re definitely talking millions,” as its going to cost Akamai millions of dollars to continue protecting Krebs. In the same article, Akamai spokesman Jeff Young stated the reason they pulled the plug on Krebs: “we made a business decision to no longer keep this customer on our platform and prioritize our resources on our paying customers.” In other words, this attack was impacting Akamai’s daily modus operandi.
Brian Krebs approached many DDoS Mitigation providers, but they were all too expensive costing between $150,000 to $200,000 to receive protection similar to what Akamai was providing.
Data Points
- DDoS attacks could have cost Akamai millions of dollars if they continued protecting Brian Krebs
- 620Gbps attack created panic and surprise at Akamai
- 620Gbps was at the point of disrupting Akamai’s day to day operations
- Price to receive protection from service providers is between is $150,000 – $200,000
Other Known and Unknown Data Points
- Creating a 620Gbps DDoS attack likely cost significantly less than what it cost to protect. Maybe $5,000, $15,000 or $50,000 or close to it. Therefore, the cost/benefit is in favor of the attackers
- Akamai delivers anywhere from 30Tbps – 50Tbps on any given month. During the World Cup, data transfer reached 4.59Tbs
- Akamai is the largest CDN and DDoS Mitigation company in the world
- Akamai delivers more Internet traffic than any other CDN
- Akamai has significantly more network capacity for mitigating attacks than all CDNs, including CloudFlare
- Akamai has 200,000 servers, which dwarfs all other CDNs
Now, let’s summarize the data points above. If Akamai is the 800 lbs. gorilla of the CDN and DDoS Mitigation industry, with more capacity, servers and infrastructure than anyone else, and a 620Gbps attack impacted them beyond everyone’s expectations, including their own staff, how in the world are other much smaller players going to deal with large attacks? Now what happens if multiple large scale attacks in similar size hit a big customer of Akamai or another provider? Will it be able to mitigate the attack without disrupting other customers?
The most important takeaway, if a 620Gbps attack can create panic and fear and impact Akamai’s operations, the giant of the industry, everyone starting from CloudFlare down are ill equip to deal with massive attacks. Either, CDNs and DDoS Mitigation companies must form an alliance to leverage each others networks to thwart large scale attacks, or Google must step in and help the service providers.
We believe Google needs to step in, and become a DDoS Mitigation wholesaler that can rent its infrastructure capacity to CDNs and other providers, who can use the Google Network to supplement their networks in mitigating large scale attacks.
