NETSCOUT releases its Worldwide Infrastructure Security Report

NETSCOUT, today released its 14th annual Worldwide Infrastructure Security Report (WISR), offering direct insights into the security and operational challenges facing service provider and enterprise network operators around the world, and the strategies adopted to address and mitigate them.

In addition to the survey results, the WISR is supplemented with global threat intelligence from NETSCOUT’s Active Threat Level Analysis System (ATLAS) infrastructure. ATLAS has visibility into approximately one-third of all internet traffic, delivering a truly comprehensive view into internet traffic, trends, and threats.


Cyber Reflections. DDoS has long been a tool for online protests, thanks to the combination of increasingly sophisticated for-hire DDoS attack services and free attack tools that enable anyone with basic online skills to launch an attack.

  • In 2018, 60 percent of service providers witnessed attacks traversing their networks that were targeting governments, up from 37 percent last year. As political instability increases around the world, expect DDoS to continue to be used as a form of protest. 

If it’s important to you, it’s important to them. Adversaries often target new services because they are viewed as less mature, more vulnerable targets.

  • For service providers, cloud-based services were increasingly targeted by DDoS attacks, up from 25 percent in 2016 to 47 percent in 2018.
  • In the enterprise, digital transformation strategies are now under attack. In 2018, there was a threefold increase in the number of attacks against SaaS services, from 13 percent in 2017 to 41 percent in 2018. Attacks targeting third-party data centers and cloud services rose from 11 percent to 34 percent.
  • Finally, the increasing use of encrypted traffic was reflected in the growing rate of attacks targeting it. In 2018, 94 percent observed such attacks, nearly twice the percentage as the previous year. 

Acute Operational Challenges. Service providers continue to leverage third-party (outsourced) and third-party augmented (hybrid) SOC capabilities. This highlights once again the global challenges organizations face to build and maintain an internal security team of skilled practitioners, and their reliance on outsourcing to address the issue.

In the enterprise, we found a near-universal desire, 92 percent, wanting to simplify operational security processes, with the top priority being component and workflow integration.  This makes perfect sense when you realize that globally teams are using an average of 22 security related tools and products within their cyber security portfolio. This is with teams ranging in size from 18-25 people.

DDoS Attacks Continue to Evolve. In 2018, DDoS attack size exploded to a record breaking 1.7Tbps in size, and the targets and techniques continue to evolve.

  • 91 percent of enterprises who experienced a DDoS attack indicated that one or more of them completely saturated their internet bandwidth.
  • Attackers shifted their focus to stateful infrastructure attacks targeting Firewalls and IPS devices. These attacks almost doubled from 16 percent to 31 percent.
  • Of those who experienced stateful attacks, 43 percent reported that their Firewall and/or IPS contributed to an outage during the attack.
  • 36 percent of enterprises experiencing complex multi-vector attacks targeting bandwidth, stateful infrastructure and applications.

ATLAS Global Threat Data. ATLAS delivers a truly comprehensive view into internet traffic, trends and threats. With visibility into one-third of all internet traffic, NETSCOUT is ideally positioned to deliver actionable intelligence about botnets, DDoS attacks and malware that threaten internet infrastructure and network availability.

 DDoS Attack Frequency Down: The number of DDoS attacks was down 4 percent, to 6.13 million. Despite that sliver of good news, that number still equals 16,794 DDoS attacks per day, 699 per hour and 11 per minute.

  • Asia Pacific Becomes Most Targeted Region Asia Pacific emerged as the most targeted region for DDoS attacks in 2018 with 2.3 million attacks. In 2017, the most targeted region was EMEA with an identical 2.3 million attacks.
  • Latin America Rising. The largest attack in Latin America was 600Gbps, up 55 percent from 2017. This dramatic increase in DDoS attack size was consistent throughout the year. Looking at the largest DDoS attacks each month and taking their average size, they were 45 percent larger in 2018 than in 2017. Along with Asia Pacific, Latin America was the only other region to see a rise in DDoS attack frequency, up 14 percent to an average of 41,938 attacks per month.