Growing Challenges. Securing the Internet Cloud: Challenges and Opportunities. Traffic Growing Rapidly on Fixed and Mobile Networks!
|
|
- Brendan Kelly
- 8 years ago
- Views:
Transcription
1 Securing the Internet Cloud: Challenges and Opportunities Farnam Jahanian Computer Science and Engineering University of Michigan December 5, 2009 Growing Challenges Traffic Growing Rapidly on Fixed and Mobile Networks! IP traffic will double every 2 years through 2011 Proliferation of smart devices and applications. Video Internet will drive much of this growth. High quality of experience is essential for video, cloud computing and SaaS. Security Threats Clog Bandwidth and Increase Costs 5% of internet traffic is malicious. Attacks have grown rapidly over the last decade. Respecting no geographical boundaries and propagating to the entire populations in a matter of minutes. A widening gap between common low-level amateur attacks and multi-gigabit professional attacks. Page 4 1
2 A Global Challenge This chart depicts where Internet attacks originate 24h snapshot. Internet threats are a global phenomenon. Source: Arbor Networks Page 5 Internet Threat Evolution Page 7 2
3 Availability Attacks Worms These attacks disrupt infrastructure DoS Estonia 'Cyberwar' Page 8 How Botnets Are Lo-bot-omizing Your PC Viruses Virulence: The Impact of Slammer (2003) During Slammer, 75K hosts infected in 30 min. Page 10 3
4 A Dramatic Transformation and Escalation ID Theft Phishing These attacks rely on taking control SPAM Page 13 Spyware Threat Evolution: Bots Have Arrived Malicious Internet activities now motivated by economic incentives and political considerations: DoS Extortion Identity Theft and Fraud Phishing SPAM Spyware Espionage and Information Theft Attackers have learned: A compromised system is more useful alive than dead! A compromised system provides anonymity. A network of compromised hosts provides a powerful delivery platform. Page 15 4
5 Attack Botnet Lifecycle Framework Propagation: To recruit new members, bots rely on an array of built-in propagation vectors. Communication: After a new infection, a bot establishes a C&C connection with a controller. Attacks: Malicious bots attack Internet users and infrastructure. Zombie Attacker C&C Overlay HTTP FTP P2P IM Zombie C&C Overlay C&C Overlay Attack Victim Zombie Propagation Command and Control Attack Page 19 Framework for Security Services in the Network Cloud Page 25 5
6 Framework for In-Cloud Security Idea: move more security services into the network cloud Point solution Distributed solution Shift monitoring and data collection to the sensing lightweight elements (perhaps even hosts), shift detection and policy generation into the network, and be opportunistic about policy enforcement Separation of control-plane (e.g. DSN and BGP) and dataplane monitoring Anomaly detection algorithms based on traffic sampling and clustering of network flows Page 26 Over the last 10 years Distributed Denial-of-Service Detection, Backtracing and Mitigation Dark Cloud: Distributed darknet monitoring AV-Cloud: Anti-virus in the network cloud Page 27 6
7 Distributed Denial of Service Attacks Page 30 Distributed Denial-of-Service Attacks (circa1999) Attacks to disrupt network infrastructure and web site availability AT&T Target MCI Upstream Network DS3/Gig Ethernet Saturation X 512K Circuit Comca st Impact: Internet Service Provider - Damage to network infrastructure and critical IP Services. Attack Target - Loss of connectivity, increased costs, tarnished brand. Subscriber - Unknowing participant in attack consumes resources (today: victim of phishing, identify and data theft) 7
8 DDoS Detection and Remediation Cut traffic off here Not here Requires global visibility and outreach Page 32 Key Concepts Leverage coarse-grained network flow statistics from routers and fine-grained measurements near a target Push anomaly detection into the upstream ISP network / push blocking of attack traffic toward the source and away from the target Correlate events seen at different locations to aid in the detection and backtracing of coordinated attacks Page 33 8
9 Key Idea: In-Cloud Detection, Backtracing and Mitigation Sensor Infrastructure-level Cyber attacks Mission-Critical Network Unavailable Sensor Sensor BGP Off-Ramping and Re-injection Sensor Peering Point POP Customer y Sensor Core Router Peering Point Core Router Mitigation Devices POP Clean Traffic Goes To Enterprise Network 9
10 2008 Global Deployment Deployed by 300+ ISPs, cable operators and mission critical networks 70% of Internet s transit traffic being monitored by our solution in 2008 Page 37 CloudAV: Anti-virus in the Cloud Page 51 10
11 Case Study: Anti-virus in the Cloud Network Component Host Component Page 52 Limitations of Antivirus Software Antivirus is the predominate method of detecting and stopping malicious software AV fails to detect modern threats Worst: 54.9% Best: 86.6% AV host software is complex Maintenance overhead Frequent signature updates Risk of security vulnerabilities Avast Antivirus ClamAV F-Prot F-Secure Kaspersky McAfee Symantec Trend Micro Detected 84.7% 59.7% 79.9% 86.6% 85.3% 54.9% 81.9% 82.0% Arbor Malware Library (AML) dataset of 7220 samples (Nov. 06 Nov.'07) Page 53 11
12 Coverage Degradation AML dataset of 7220 samples (Nov. 06 Nov.'07) Antivirus detection coverage degrades significantly as threats approach 0-day ( 2007 (detection result for 5000 malware samples - May (antivirus signatures were updates the day after the collection ended) Architecture and Deployment Model (shift data collection and enforcement to host, and detection and policy enforcement to network service) Lightweight host agent runs on desktops, laptops, and other devices Network service hosts the backend file analysis engines and fields requests from the host agent. Archival and forensics service stores information on file analysis results and provides a query and alerting interface Page 57 12
13 Simplified Host Agent Cross Platform Mobile Devices Mail Server Frontends Page 60 Improved Coverage Single engine from 82% to 52% Ten engines from 98% to 88% For zero-day 88% vs. 52% Decrease in incremental coverage Detection rates are calculated by taking the avg. rate across ( 2007 N. (detection all combinations result for 5000 of N malware engines samples for a given - May AML dataset of 7220 samples (Nov. 06 Nov.'07) 13
14 Vulnerability Window AML data set + archive of McAfee DAT signature files with 1-week granularity ~30% samples already detected ~30% samples never detected ~70% eventually detected Average time between observation and detection is 48 days. Large window of vulnerability: retrospective detection is essential to discover previously infected hosts (i.e. re-scanning and generating detailed forensics information) Recent Extension to Mobile Environments Mobile devices (Apple iphone, T-Mobile G1, Nokia N800) run commodity operating systems Open platforms such as iphone SDK and Google Android Proliferation of native third party applications Jon Oberheide, Kaushik Veeraraghavan and Evan Cooke have shown (Mobivirt 2008): in-cloud model enhances mobile security and reduces on-device software complexity (Nokia s N800 and N95) In-cloud network service with mobile-specific behavioral analysis and multiple virtualized detection engines possible to spend bandwidth resources to significantly reduce ondevice CPU, memory, and power consumption. New Project funded by Google and NSF Page 77 14
15 Discussion & Limitations (Usenix Security 2008 by Oberheide, Cooke and Jahanian) Disconnected operation Local caching, policy decision False positives Confidence, engine thresholds, management Detection engine licensing Price/perf, free engines, lock-in Sources of malicious code DLL results, file types configurable Context and environment Can execute candidate files in VM Privacy implications Tunable collection and display Page 78 Warp UP Page 91 15
16 Crimeware as a Service (CaaS) Page 94 Crimeware as a Service (CaaS) Crimeware as a Service (CaaS) Cloud computing advantages not limited to legitimate applications Service / subscription model More control / more profit for attackers Parallels between cloud apps / crimeware: Cloud Type Legitimate Services Crimeware Services IaaS Amazon EC2, Mosso Renting out infected botnets PaaS Google App Engine, MS Azure Botnet-backed spam services SaaS SalesForce, SAP ByDesign Malware packing, CAPTCHAs Page 95 16
17 Real-world CaaS Recent CaaS activity in the wild Rudimentary crimeware (e.g. AV Scanner and online packing) services already starting to appear Screenshots thanks to Jorge Mieres / Evil Fingers! Page 96 Acknowledgements Students and Collaborators at University of Michigan, Arbor Networks and Merit Network And of course our research sponsors and collaborators: Page 99 17
18 Thank You 18
Virtualized In-Cloud Security Services for Mobile Devices
Virtualized In-Cloud Security Services for Mobile Devices Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, Farnam Jahanian University of Michigan June 17, 2008 MobiVirt '08 Roadmap Motivation
More informationWorkshop on Infrastructure Security and Operational Challenges of Service Provider Networks
Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the
More informationVirtualized In-Cloud Security Services for Mobile Devices
Virtualized In-Cloud Security Services for Mobile Devices Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, Farnam Jahanian Electrical Engineering and Computer Science Department University
More informationCloudAV: N-Version Antivirus in the Network
CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, Farnam Jahanian Electrical Engineering and Computer Science Department University of Michigan, Ann Arbor, MI 48109 {jonojono,
More informationDDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationIJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.
Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the
More informationDDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR
Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationAttacks from the Inside
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
More informationData Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.
Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical
More informationDDoS Attacks Can Take Down Your Online Services
DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com Who Am I? Dr. Bill
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationTechnology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection
Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationOn and off premises technologies Which is best for you?
On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email
More informationMaking Your Enterprise SSL Security Less of a Gamble
Making Your Enterprise SSL Security Less of a Gamble Rob Glickman Sr. Director, Product Marketing Amar Doshi Sr. Manager, Product Management Symantec Vision 2012 The VeriSign Seal is Now the Norton Secured
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationTrend Micro Hosted Email Security Stop Spam. Save Time.
Trend Micro Hosted Email Security Stop Spam. Save Time. How Hosted Email Security Inbound Filtering Adds Value to Your Existing Environment A Trend Micro White Paper l March 2010 1 Table of Contents Introduction...3
More informationisheriff CLOUD SECURITY
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationwww.obrela.com Swordfish
Swordfish Web Application Firewall Web Application Security as a Service Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating
More informationRemote Fingerprinting and Exploitation of Mail Server Antivirus Engines
Remote Fingerprinting and Exploitation of Mail Server Antivirus Engines Jon Oberheide, Farnam Jahanian Electrical Engineering and Computer Science Department University of Michigan, Ann Arbor, MI 48109
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationGlobal Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team
Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationWhat keep the CIO up at Night Managing Security Nightmares
What keep the CIO up at Night Managing Security Nightmares Tajul Muhammad Taha and Law SC Copyright 2011 Trend Micro Inc. What is CIOs real NIGHTMARES? Security Threats Advance Persistence Threats (APT)
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013
Attacks on Large US Bank During Operation Ababil March 2013 Table of Contents Executive Summary... 3 Background: Operation Ababil... 3 Servers Enlisted to Launch the Attack... 3 Attack Vectors... 4 Variations
More informationThreat Intelligence. How to Implement Software-Defined Protection. Nir Naaman, CISSP Senior Security Architect
How to Implement Software-Defined Protection Nir Naaman, CISSP Senior Security Architect Threat Intelligence 1 The Spanish flu, 1918 killing at least 50-100 million people worldwide. 2 The H1N1 Pandemic,
More informationDistributed Denial of Service protection
Distributed Denial of Service protection The cost in terms of lost business caused by a successful DDoS attacks can be significant. Our solution recognises when a DDoS attack is happening and identifies
More informationProtection Against Advanced Persistent Threats
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationAnalyze & Classify Intrusions to Detect Selective Measures to Optimize Intrusions in Virtual Network
Analyze & Classify Intrusions to Detect Selective Measures to Optimize Intrusions in Virtual Network 1 T.Ganesh, 2 K.Santhi 1 M.Tech Student, Department of Computer Science and Engineering, SV Collge of
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationCountry Case Study on Incident Management Capabilities CERT-TCC, Tunisia
Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationSecurity Solutions for the New Threads
Security Solutions for the New Threads We see things others can t Pablo Grande Sales Director, SOLA pgrande@arbor.net What a CISO Is Looking For Show Progress on Response Time Measurably improve our incident
More informationSymantec Mobile Security
Advanced threat protection for mobile devices Data Sheet: Endpoint Management and Mobility Overview The combination of uncurated app stores, platform openness, and sizeable marketshare, make the Android
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More information31-05-2007. Sérgio Martinho Microsoft Portugal Sergio.Martinho@microsoft.com
As melhores soluções servidoras empresariais e a maior facilidade de gestão 31-05-2007 Sérgio Martinho Microsoft Portugal Sergio.Martinho@microsoft.com Agenda IT Solution Priorities by Vertical Market
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationWhite Paper. Copyright 2012, Juniper Networks, Inc. 1
White Paper SRX Series as Gi/ Firewall for Mobile Network Infrastructure Protection Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3 Overview of LTE (4G)
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationThe Evolution of Computer Security Attacks and Defenses. Angelos D. Keromytis Columbia University angelos@cs.columbia.edu
The Evolution of Computer Security Attacks and Defenses Angelos D. Keromytis Columbia University angelos@cs.columbia.edu This talk A look at the evolution of: nature of attackers and their goals cyber
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationSecuring data centres: How we are positioned as your ISP provider to prevent online attacks.
Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationInternational Journal of Advanced Research in Engineering and Technology (IJARET), ISSN 0976 INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND TECHNOLOGY (IJARET) ISSN 0976-6480 (Print) ISSN 0976-6499 (Online) Volume 4, Issue 6, September October 2013, pp. 238-245 IAEME: www.iaeme.com/ijaret.asp
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationEndpoint Security: Moving Beyond AV
Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationWelcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013
Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox Secure DNS Solution mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate queries.
More informationThe Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know
The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,
More informationWeb 2.0 and Data Protection. Paul Tsang Security Consultant McAfee
Web 2.0 and Data Protection Paul Tsang Security Consultant McAfee Criminal Motivators For Profit Targeted Attacks Cyber Warfare (Credit Cards, PII, Criminal Infrastructure) (Nation-State Secrets, Trade
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationWHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users
Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Capabilities and Technologies 5 Host Application Integrity
More informationProtecting against Mobile Attacks
2014-APR-17 Protecting against Mobile Attacks Frankie Wong Security Analyst, HKCERT 1 Image source: http://www.techweekeurope.co.uk/news/mobile-malware-record-mcafee-125537 2 Agenda Attacks moving to mobile
More informationBOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL
BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious
More informationEnd to End Security do Endpoint ao Datacenter
do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:
More informationDistributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.
Distributed Denial of Service (DDoS) attacks Imminent danger for financial systems Presented by Tata Communications Arbor Networks 1 Agenda Importance of DDoS for BFSI DDoS Industry Trends DDoS Technology
More informationCloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost
y Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by Phone: +1 877-21-TREND www.trendmicro.com/go/smartprotection
More informationLeveraging the Cloud for Software Security Services
Leveraging the Cloud for Software Security Services by Jonathan Clarke Oberheide A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science
More informationCyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community
Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the
More informationCyber Security Solutions:
ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial
More informationReal World and Vulnerability Protection, Performance and Remediation Report
Real World and Vulnerability Protection, Performance and Remediation Report A test commissioned by Symantec Corporation and performed by AV-Test GmbH Date of the report: September 17 th, 2014, last update:
More informationAt dincloud, Cloud Security is Job #1
At dincloud, Cloud Security is Job #1 A set of surveys by the international IT services company, the BT Group revealed a major dilemma facing the IT community concerning cloud and cloud deployments. 79
More informationMcAfee Server Security
Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or
More informationTunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc
Tunisia s experience in building an ISAC Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc 1 Agenda Introduction ISAC objectives and benefits Tunisian approach SAHER system
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationSecure Virtualization in the Federal Government
White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in
More informationKASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection
KASPERSKY DDoS PROTECTION Protecting your business against financial and reputational losses A Distributed Denial of Service (DDoS) attack is one of the most popular weapons in the cybercriminals arsenal.
More informationAT&T Real-Time Network Security Overview
AT&T Real-Time Network Security Overview Dan Solero Director of Security Technology, AT&T Know Your Enemy: Security Threats Extend Beyond Viruses & Worms Distributed Denial of Service Spam for Hire Social
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS/DHCP servers by intelligently recognizing various attack types and dropping attack traffic while responding only to
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationModern Approach to Incident Response: Automated Response Architecture
SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More information