Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013
|
|
|
- Charlene Freeman
- 8 years ago
- Views:
Transcription
1 Introducing Radware Attack Mitigation System Presenter: Werner Thalmeier September 2013
2 Agenda Introducing Radware (quick) Current Attacks Landscape Quick Outlook on Radware Attack Mitigation System (AMS) 2
3 Radware Market Proof Company Growth Over 10,000 Customers Recognized Market Leader & vision Global Technology Partners ADC Magic Quadrant 2012 IPS Magic Quadrant 2012 * No Gartner DDoS or All-in-One Evaluation 3
4 Information Security Triangle Radware Focus Availability! 4
5 ARE YOU READY? In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. -Wikipedia- 5
6 Motivation behind DDoS Take a company out of business Create awarness and/or give bad reputation Use it as cover to steel Money or IP 6
7 The Impact Confidentiality Integrity Availability Target / Operation Habbo Hal Turner Project Chanology Epilepsy Foundation AllHipHop Defacement No Cussing Club 2009 Iranian Election Protests Operation Didgeridie Operation Titstorm Oregon Tea Party Raid Operation Payback Avenge Assange Ope Bra
8 Attackers Motivation Trend 60,0% 50,0% 40,0% ,0% 20,0% 10,0% 0,0% Motivation is unknown Political/Hacktivism Angry users Competition Ransoms DoS motivation did not change in 2012 compared to last year. 8
9 Who s On The Target List? Low Medium ISP High Financial Government ecommerce egaming Mobile Prior to
10 How Likely Is It that Your Organization Will Be Attacked? Over half of the organizations believe their organization is likely to be attacked by cyber warfare. 65% months Unlikely 45% of organizations had an average of 3 DDoS attacks in the past 12 Possible 37% 54 Minutes average downtime during Very likely Likely one 10% DDoS 8% attack Industry Security Survey How likely is it that your organization will be attacked by cyber warfare? 10
11 Cost of Downtime 25% 20% 15% 10% 5% 0% 1% 8% $1 to $10 $10 to $100 12% 21% $22,000 15% 15% 11% $3,000,000 7% $101 to $1,000 Cost per minute of downtime Average cost per minute of downtime Average annual Cost of DDoS Attacks $1,001 to $5,000 $5,001 to $10,000 $10,001 to $25,000 $25,001 to $50,000 $50,001 to $100,000 5% 5% More than $100,000 Cannot determine 11
12 How Well Are You Prepared? 81% of organizations feel inadequately about protect themselves against cyber-warfare Well protected 17% Very easily fight them 2% No chance, significant impact 31% There will be some impact 50% Industry Security Survey - How well do you think you will survive a cyber warfare? 12
13 Ponemon Research 2012: Cyber security threats priority for IT Managers Cyber security threats according to risk mitigation priority 10 = Highest Priority to 1 = Lowest Priority Denial of service (DoS) Server side injection Distributed denial of service (DDoS) Viruses, worms and trojans Malware Botnets Malicious insiders Cross site scripting Web scrapping Phishing and social engineering 3,0 2,8 3,2 5,4 6,4 9,0 8,6 8,2 7,9 7,7 0,0 2,0 4,0 6,0 8,0 10,0 13
14 Hacktivism Move To Campaign-APT Oriented Complex: More than seven different attack vectors at once Blending: both network and application attacks Targeteering: Select the most appropriate target, attack tools Resourcing: Advertise, invite, coerce anyone capable Testing: Perform short proof-firing prior to the attack Timeline: Establish the most painful time period for his victim 14
15 The Challenge - Hacktivism Becomes Persistent Sophistication Duration: 20 Days More than 7 Attack vectors Inner cycle involvement Attack target: Vatican Duration: 3 Days 4 Attack vectors Attack target: Visa, MasterCard Duration: 3 Days 5 Attack vectors Inner cycle involvement Attack target: HKEX Duration: 6 Days 5 Attack vectors Inner cycle involvement Attack target: Israeli sites Time 15
16 2012 Radware Security Report: DDoS Attacks Duration Trend Attacks last longer: The number of DDoS attacks lasting over a week had doubled in % 23% 21% 12% % 12% days Half a week week 16
17 DDoS Infrastructure Changes 17
18 Toolkits and Attack Vectors Network Application Flood Low & Slow Vulnerability Based UDP Floods Dynamic HTTP RUDY Intrusion Attempts SYN Floods HTTPS Floods Slowloris SQL Injection Fragmented Floods Pyloris #refref FIN + ACK xerex
19 2012 Radware Security Report: DDoS Attack Vectors Attack remained diversified between different attack types. This reflects attackers using multi-vector attacks. SMTP 9% VoIP 4% SSL based attacks are on the rise TCP - SYN Flood 35% Increased Bandwidth saturation Specific Application Resources are targeted Web 24% Complexity Volume Usage of servers more firepower C/R bypass capabilities DNS 10% TCP Other 3% UDP 7% ICMP 5% IPv6 3% Volume attacks on DNS infrastructure 19
20 The Bottlenecks in DoS Attacks Which services or network elements are (or have been) the bottleneck of DoS? 27% 26% 25% Your Firewall & 24% IPS CANNOT protect from DDoS attacks 22% The three entities that are consistently the bottlenecks in DoS/DDoS attacks are: The server under attack 11% The firewall 8% 8% The internet pipe 4% 5% 30% 8% 30% 25% 20% 15% 10% 5% Internet pipe (saturation) Firewall IPS/IDS Load Balancer (ADC) The server under attack SQL Server 0% 20
21 Radware Attack Mitigation System (AMS) DoS Protection Prevent all type of network DDoS attacks Reputation Engine Financial fraud protection Anti Trojan & Phishing IPS Prevent application vulnerability exploits WAF Mitigating Web application attacks PCI compliance NBA Prevent application resource misuse Prevent zero-minute malware spread 21
22 DefensePro Range Large Enterprise datacenters. Security service providers. Mobile operators, carriers. Large online. Lower enterprise market. Smaller organizations. CPE signaling device 4-12 Gig E 12 Mpps traffic Gig E Mpps attack mitigation 200 Mbps - 2 Gig E 2 MPPS attack mitigation Mitigates 60G/25M PPS of attack traffic while preserving best quality of experience 1M Challenge Response verifications per vanti-dos vips vwaf second 40Gbps Throughput to meet Today s businesses requirements 100Mbs / 200Mbs / 500Mbs / 1 Gig E Cluster Manager ESX VA 8M Concurrent sessions Wire-speed L 7 deep packet inspection Traffic ports: 4 x 40 GbE QSFP+ ; 20 x 10GbE SFP+ 22
23 Sample of AMS Customers Financial Services Retail Services Government, Healthcare & Education Carrier & Technology Services 23
24 ARE YOU READY? ARE YOU READY? 24
25 Thank You
26 Backup
27 Radware Attack Mitigation System AMS mission is to provide the industry s best solution for DDoS attacks Layered set of patented technologies designed to detect and mitigate today s availability based threats Deployed on-premise, in the cloud and hybrid Detect where we can, mitigate where we should Traffic Anomalies Floods Network- ased DDoS Attacks Application-Based DDoS Attacks Directed Application DoS Attacks Packet Anomalies, Black & White Lists Network Behavioral Analysis Application Behavioral Analysis Application Filters 27
28 AMS Building Blocks Detect Patented behavioral detection Network floods Application attacks: SSL, HTTP GET / POST, Low & Slow Intrusions Web application threats: SQL injections, XSS Mitigate Immediate, Automatic, no need to divert traffic Generates real-time signature Distinguish between attackers and legitimate users Best quality of experience even under attack Powerful using dedicated hardware up to 25M PPS Report Real time correlated report Historical reports Forensics Trend analysis compliance 28
29 Radware ERT 24x7 Service to customers under attack Neutralize attacks and malware outbreaks Release ERT Threat Alerts Research Lab diagnoses all known attack tools Provides weekly and emergency signature updates 29
30 Radware Intellectual Property Rich Security Patents Portfolio Secures Radware s Attack Mitigation Solution 30
31 Layers of Defense - DefensePro DME DDoS Mitigation Engine (25M PPS / 60 Gbps) Multi Purpose Multi Cores CPU s (38 Gbps) L7 Regex Acceleration ASIC & Reputation Engine Behavioral-based protections Architecture That Was Tailored for Attack Mitigation 31
32 Dynamic Detection Surfaces N S A Zero Touch Baselines (Update Cycle Once/ hour) Normal Attack-Free Zone Suspected Anomalies Attack Zone) Zone MF per parameter per direction per Policy (g1,g2,g3) calculated due to sampled parameter Real-Time Signature created within 20sec (Utilizing Fuzzy Logic Engine) 32
33 Attack Degree axis Decision Making Accuracy - Attack Attack Case Z-axis Attack Degree = 10 (Attack) Attack area Suspicious area X-axis Abnormal protocol distribution [%] Normal adapted area Y-axis Abnormal rate of packets, 33
34 Decision Making Accuracy Flash Croud Flash crowd scenario Degree of Attack (DoA) Attack area Suspicious area Low DoA Normal adapted area Rate-invariant input parameter Rate parameter input Slide 34 34
35 Protect The Internet Pipe with DefensePipe DefensePipe is a Cloud based service that protects organizations against Internet pipe saturation DefensePipe is a Cloud extension of DefensePro and it complements the on-premise DefensePro capabilities DefensePipe is activated only when the attack threatens to saturate the Internet pipe On-premise AMS and AMS in the cloud share essential information on the attacks On-premise AMS and DefensePipe creates the industry first integrated hybrid solution 35
36 DefensePipe Operation Flow ISP Volumetric On-premise DDoS AMS attack mitigates that blocks the attack Internet pipe ERT and the customer decide to divert the traffic Clean traffic Defense Messaging Protected Online Services DefensePro AppWall Protected Organization Sharing essential information for attack mitigation DefensePros 36
37 Summary Radware AMS is a hybrid solution that offers the widest security coverage On-premise AMS mitigates SSL based attacks, application layer attacks, low & slow and network attacks up to the Internet pipe capacity DefensePipe mitigates attacks that are beyond the Internet pipe capacity Shortest mitigation response time On-premise AMS starts immediately to mitigate the attack No need to wait for traffic diversion to start mitigation Strongest, most effective and immediate mitigation Dedicated hardware guarantees best quality of experience to legitimate users Traffic is diverted only as a last resort Single contact point during an attack Radware ERT fights the attack during the entire campaign No need to work with multiple vendors or services Integrated reporting system Reporting from on-premise mitigation and in the Cloud mitigation Achieve more efficient forensics 37
38 Attack Mitigation Network Protected Organization Protected Online Services Detect everywhere Protect where it makes sense 38