A massive 1.3 Tbps attack can take down an organization within minutes if defenses are launched too late. This was one of the central ideas discussed during the roundtable held at AOTEC, where industry experts analyzed the cybersecurity challenges already affecting operators, companies, and digital service providers.
Zigor Gaubeca, CIO, explained that one key to containing such an attack within just five minutes is having a first layer of protection capable of absorbing and filtering malicious traffic before it reaches the client’s network. In volumetric attacks, the goal is not always to exploit a specific vulnerability but to saturate links, equipment, and services until they become inaccessible. Therefore, defense must start upstream, with infrastructure designed to clean traffic before the impact propagates.
The First Barrier: Stopping the Attack Before It Arrives
Volumetric DDoS attacks remain one of the most challenging threats for operators and connected businesses. Their simple logic: flood a target with massive traffic to exhaust its network or processing capacity. When volumes reach the order of terabits per second, local protection alone is often insufficient.
The AOTEC roundtable focused precisely on that point. To stop a 1.3 Tbps attack, responses cannot rely solely on internal firewalls, manual rules, or delayed interventions. Instead, a distributed mitigation architecture is needed—one that can detect abnormal patterns, reroute traffic to scrubbing systems, and only allow legitimate connections through.
This approach is especially critical for telecom operators, Internet providers, and companies with critical exposed services. If malicious traffic enters directly into the network, the damage is already done: congested links, degraded services, and impacted clients. The most effective defense is to prevent malicious traffic from reaching sensitive infrastructure.
Gaubeca’s insights conveyed a clear message to the sector: cybersecurity can no longer be viewed as an add-on to connectivity. It must be integrated into network design, daily operations, and business continuity strategies.
Training, Credentials, and Lateral Movement
The discussion extended beyond DDoS attacks. Francesco Collini from FlashStart highlighted the importance of customer training and awareness. In cybersecurity, many breaches do not start with sophisticated techniques but with human errors, stolen credentials, malicious links, or weak configurations.
Training doesn’t eliminate all risks, but it reduces exposure. A client who understands what signs to watch for, how to protect access points, and when to alert for suspicious behavior becomes an active participant in defense. For operators and service providers, this is increasingly vital: network protection also involves helping users avoid becoming the weakest link.
Jesús Feliz Fernández from INCIBE emphasized another critical aspect: preventing lateral movement. Once an attacker gains initial access, their next goal is often to move within the network to access credentials, servers, backups, management systems, or sensitive data. Understanding how this movement occurs is essential before deploying new solutions.
Kepa Unzilla Galán from Sarenet reinforced that idea by highlighting credential management, lateral movement prevention, and the need for well-structured recovery plans. Business continuity doesn’t depend solely on blocking all attacks—an impossible feat—but on limiting their scope and recovering services in a controlled manner when incidents occur.
Identity management, the principle of least privilege, segmentation, monitoring, and tested backups remain fundamental elements. Technology evolves, but some weaknesses persist: reused passwords, excessive access, lack of internal visibility, and recovery plans never tested.
AI for Detecting Anomalous Traffic, But Judiciously
Artificial intelligence also featured in the debate. Its role in real-time anomaly and malicious traffic detection is becoming increasingly important, especially as the volume of signals exceeds manual analysis capabilities of security teams.
In massive attacks, AI can help distinguish between legitimate and malicious traffic patterns, identify unusual behaviors, prioritize alerts, and accelerate response times. It can also be useful against less predictable threats like zero-day attacks or campaigns that change form during execution.
However, AI does not replace defense architecture or human expertise. A model may detect an anomaly, but organizations need clear processes to decide what action to take. Overblocking can affect legitimate users; delayed blocking can allow the attack to escalate. The key is combining automation, business rules, technical supervision, and response capabilities.
The roundtable conveyed a common message: cybersecurity can no longer be approached as a collection of isolated products. A layered strategy is required—first line against volumetric attacks, strong access controls, lateral movement prevention, ongoing training, real-time monitoring, and tested recovery plans.
For operators, this perspective is especially important. Their networks are not just channels to the Internet—they are the backbone supporting companies, governments, businesses, critical services, and citizens. An attack degrading this infrastructure impacts not only a specific server but erodes trust in the service itself.
AOTEC thus served as a forum for an increasingly urgent conversation. Attacks are intensifying, the attack surface is expanding, and companies rely more than ever on connected services. Stopping a 1.3 Tbps attack within five minutes requires technical capacity but also prior preparation. Defense begins well before malicious traffic arrives.
Frequently Asked Questions
What is a volumetric DDoS attack?
It’s an attack that tries to saturate a network or service by sending large amounts of malicious traffic to prevent legitimate users from accessing.
Why is it important to stop the attack before it reaches the network?
Because if malicious traffic enters the client’s infrastructure, it can congest links, degrade services, and hinder response efforts. Pre-attack mitigation reduces impact.
What role does AI play in network cybersecurity?
It helps detect anomalies, identify malicious traffic, and prioritize alerts in real-time, but must be combined with human oversight and proper architecture.
What other measures are necessary besides DDoS protection?
User training, credential management, network segmentation, lateral movement prevention, continuous monitoring, and tested recovery plans.
via: LinkedIN