Q&A with Michael Wheeler of NTT Communications

23 October 2018 | James Pearce

Cover

NTT Communications VP of Global IP Network Michael Wheeler speaks to Capacity about IoT, Security, and his upcoming panel at Capacity Europe

Network security continues to be a very serious issue for the industry in general. How does NTT Communications help its customer fight against cyberattacks?

We have a comprehensive set of tools and products that we offer Global IP Network customers for security. We have tools available for blackholing and selective blackholing for traffic. Any customer can utilize that toolset for free. Going beyond that we have a suite of products that are available under our DDoS Protection Service (DPS) umbrella. This starts with Control, which allows them to do ACLs, and our Core product which is mitigating attacks and scrubbing bad traffic out. And a Detect product which allows us to notify customers when an attack is occurring so they don’t have to identify it on their own. We have some additional products which will be added to that coming soon. We can’t announce them yet but they’ll offer some new capabilities as well.

DDoS attacks are changing. What key developments have you noticed and how does this impact the way you protect customers?

There’s a number of key trends that have been recorded. One common item of observation is that multi-vector attacks, with multiple components, are becoming more common. So are packet per second attacks. What we’re seeing is a higher level of sophistication of attack – not just brute force attacks that may have been more common in the past. The precision attacks are shorter in duration but are more common. There are still a lot of attacks and it depends on their nature as to how we tackle them. But you have to come up with new ways to address those developments and that’s where some of our solutions come into play.

You are participating in a panel on the impact of data generated by IoT on networks. Do you think that this impact can be quantified at this point and how global networks like yours are going to meet that demand?

Quantify it is difficult at this stage and IoT as a volume of traffic, compared with global internet traffic, relatively small. But there is no question that over time as more and more applications and ways to utilize IoT-powered tools grow, traffic will grow with it. That’s where things like the MAREA botnet come into play, and that’s where you run into cyber security threats. There’s going to be more and more devices, be it a refrigerator or a Nest, and that gives more capabilities to those looking to marshal those devices in a negative way.

In fact, two of the topics that we just discussed, IoT and network security, are connected. How do you think this ecosystem of IoT-enabled devices will impact network security?

In some ways it can be beneficial and in some ways it can be negative. One problem we’ve seen with botnets is that some IoT hardware, which is dumb hardware in that it only does one function, can become a powerful DDoS tool when there are thousands of them deployed. It’d make sense from a regulatory perspective to put some ownership around hardware manufacturers and those selling those services to guarantee a better security function in the devices. So maybe requiring a password change every six months. No-one from a regulatory perspective is even coming close to talking about those things at the moment.

NTT Communications offers one of the most comprehensive set of BGP communities in the industry. Why is transparency in routing policy and BGP communities in particular important for your customers? What’s the benefit for them?

The BGP community and routing policy is important to customers because we have customers who connect to us from many parts of the world, and that allows them to have consistent routing no matter where they are. It also allows granularity over how they are routing their traffic. Different customers have different performance driven metrics and digital rights management. This gives them a more granular way of moving their traffic around and customers appreciate that. We’ve heard from many of them that our capabilities are giving them something that a lot of other partners, many of whom are global, don’t. If you’re a regional or country specific provider, those capabilities may not be as important but on a global scale, they can make a big difference.

What are you looking to get out of Capacity Europe 2018?

Like all Capacity events we go to, we look at two or three things. We look to meet with existing customers and prospective customers. It’s a very effective place to meet with a number of customers in a short space of time. We also meet with a lot of vendors and we’re procuring services from a number of people here. It allows us to have a lot of conversations in a very short space of time.

It also gives us exposure to a lot of panels and high level discussions, such as in the Global Leadership Forum (GLF), where within the industry we can talk about what everyone is working on with a wider range of people. And that is important to us. The level of people that are here and the seniority of them is key. They have similar problems and challenges, meaning we can compare notes in some cases.