Distributed Denial of Service protection

Transcription

1 Distributed Denial of Service protection

2 The cost in terms of lost business caused by a successful DDoS attacks can be significant. Our solution recognises when a DDoS attack is happening and identifies and blocks the flow of malicious traffic while still letting legitimate data through so your business stays up and running. Why should you be concerned by DDoS attacks? Denial of service attacks have plagued network and data centre operations since the early days of the internet and unfortunately, leading industry experts such as Arbor Networks and Gartner agree that the world s DNS structure will continue to be exploited and attacks will continue to rise in frequency, complexity and size. It s no longer a problem for only major online organisations or gambling sites. A wide range of companies from retail to finance sectors increasingly depend on web-based transactions. Additionally, attackers require less specialised skills, meaning any user with hacktivist motives can launch an attack. The impact of a successful DDoS attack can be far-ranging and severe: potential for revenue running in to the millions to be lost during the attack business can be permanently lost service credit costs are incurred if service level agreements are violated your organisation s reputation is tarnished, sometimes permanently IT expenses rise sharply as you battle to bring the attack to an end. In addition, Financial Services Authorities are becoming more focused and aware of risks their members are exposed to in relation to IT security policies and also cyber threats. It is likely they will continue to encourage their members to adopt robust and commercially appropriate security protection systems which guarantee the availability of their IT and payments systems. It is the potential for reputational risk which lies at the root of this encouragement which demands greater awareness and good practice in the field of data and information security. What is Distributed Denial of Service (DDoS)? A DDoS attack is an attempt by a hacker to make computer resources unavailable, either temporarily or permanently to your intended user. Typically, a hacker will write a program and send it to thousands of agents or zombie hosts creating a botnet that will, upon the command of the hacker, simultaneously attack a target system. Besides consuming computational resources such as bandwidth, disk space or CPU time, a DDoS attack could also disrupt routing, damage other configuration information or reset TCP sessions which will all affect application performance and availability. Hackers could also disrupt physical network components or obstruct communication media between intended users, thereby preventing parties from communicating effectively. When this happens, this could bring down an electronic stock trading or gaming platform thereby wreaking a large amount of damage to the firm both financially, as well as destroying its reputation. DDoS attacks have increased in size and complexity. The average volumetric attacks (up 43% so far in 2013, over 2012) are now capable of saturating the internet connectivity of many businesses. All this means more companies are vulnerable to attack. So clearly, you need to take steps to protect your company from these risks.

3 Our solution Traditional Internet security measures such as firewalls, Intrusion Detection Systems (IDS) and antivirus software cannot stop or mitigate a malicious DDoS attack. Sure International s solution to mitigating the effects of a DDoS attack is based on a sophisticated multi-layer (both Onnet and above network) platform of industry leading Arbor Threat Mitigation Systems (TMS). This solution is designed specifically to provide the level of protection and security that our clients and networks need not only now but well in to the future. To maximise system performance we use a combination of a Sure owned dedicated on-net Arbor TMS systems, connected into a specialist partners above network Arbor TMS cloud system. A vital component of the Arbor TMS system is its ability to learn and to surgically remove DDoS attack traffic from our customers networks without disrupting key network or known (learnt) client services. It also provides comprehensive, real-time visibility into our network and applications so that we can proactively monitor and maintain service performance and our customers user or player experience even during an attack. We selected this solution following significant due diligence and a comprehensive tender process involving multiple industry-leading hardware and cloud based DDoS providers. To date we have around 15 major clients, mainly large igaming Operators, successfully using our solution for over 18 months, having moved from our (now retired) Cisco Riverhead systems which had been in service from 2005 to late How our multi-layer, multi-vendor DDoS protection works A key advantage of our distributed core IP network architecture is the integration of multiple dedicated Enterprise Class Distributed Denial of Service systems (DDoS - 2 x 10Gbps Arbor TMS systems). Deployed at our high bandwidth core network edge nodes in London and in Paris, our multiple Arbor Threat Mitigation Systems (TMS) together with backend PeakFlow Collector Portals (CP) and Service Portals (SP) deliver an incredibly robust and proven solution. The systems provide fully integrated on-net protection against malicious internet based attacks for all clients traversing our core IP networks via its multiple high capacity fibre gateways in London and Paris into Guernsey. In addition to core on-net Arbor TMS protection, should a malicious attack occur that exceeds the 2 x 10Gbps capacity of the Sure TMS platform, we have fibre cross connected our on-net DDoS systems into a specialist DDoS mitigation partners above network Arbor cloud based TMS platform at a scrubbing centre in the UK. This system is capable of mitigating and cleaning both higher (>20Gbps attacks) and also some more specialist targeted attacks before returning cleaned traffic directly to our network. A specialist 3rd Party Security Operation Centre (SOC) operates and manages our above network high capacity Arbor TMS based DDoS Cloud platform, providing supplementary multi-layer protection to our network. This multi-layer multi-vendor approach to DDoS protection offers a unique system designed to provide the best possible blend of on and above net DDoS detection, mitigation protection and resilience. A DDoS attack has a potential revenue loss of up to $1,495,134 PER HOUR for financial institutions. Source: Gartner Group

4 Specialist Platform Management The entire Sure DDoS platform, on-net and above-net, is managed by a team of 24x7x365 DDoS security specialists. Located at a dedicated Security Operations Centre (SOC) in the UK and contracted by Sure to monitor and support Sure s on-net Arbor TMS systems and above net Arbor TMS systems, SOC staff will be available 24x7x365 to support all our DDoS customers and to ensure that any DDoS mitigation, traffic profiling, DDoS platform and portal configurations are performed to the highest possible security standard. From years of experience we know that critical to the success of any DDoS platform is its management, which must be undertaken by specialist staff continually focused on DDoS detection and mitigation to be truly effective. The Sure SOC delivers this level of specialist skill, focus and support to all of our clients. Furthermore our Sure s own Network Operations Centre (NOC) is also available 24x7x365 to provide and coordinate any additional specialist DDoS, IP & Core Network support required, to issue proactive service notifications to clients and to ensure all customers have a dedicated single point of contact during any escalation around the clock. Internet /0 Tier 1 IP Transit Level 3 NTT Above Network DDoS Platform Level 3 NTT 10Gbps 10Gbps London Powergate London Global SW ARBOR Active 10Gbps TMS 3110 DDoS GSR AS8680 GSR Paris Global SW ARBOR Standby 10Gbps TMS 3110 DDoS Carrier resillience (VTL) West (CWW) Carrier resillience (VTL) East (CWW) East (MEA) Hugo North Hugo North Hugo South Hugo East IOM On Net Sure On Net CIEG Fibre IOM ASR IOM ASR DC5 ASR Core Director Mesh DC2 ASR Jersey ACR Jersey ACR IOM On Net Jersey PoP 1 Jersey PoP 2 IOM PoP (Douglas) IOM PoP Casltetown DC DC DC DC Pan - CI DWDM & MPLS MPLS Core Centenary House Campus Guernsey Management Network DDoS System & 24 x 7 x 365 NOC Guernsey Mesh Exchange

5 Platform Protection Summary Key Features Automated and manual protection is available via the platform. High alerts that the platform can detect and mitigate include but are not limited to: DDoS Attacks (TCP, UDP, ICMP, Spoofed SYN Flood, Non-Spoofed SYN Flood, UDP Flood, FIN, SYNACK Flood, (Spoofed and Non Spoofed SYN Flood), PING flood, Smurf Flood or Combined UDP/TCP/ICMP etc). Fragmentation attacks such as IP/UDP, IP/ICMP, IP/TCP HTTP Attacks such as a connection flood, (client attack) HTTP errors 404 etc. http Half connections BGP attacks DNS attacks Signature based anomalies Netflow loss SNMP loss / BGP loss / Physical Link failure & Client specific alerts 2 x 10Gbps mitigation deployed at high bandwidth gateway - Sure Network Edge nodes in London and in Paris Industry leading Arbor On-net and above-net protection and mitigation systems (Arbor Threat Management Systems (TMS), Arbor Collector Portal (CP) & Arbor Service Portal (SP) ) Real time customer portal access Specialist 24x7x365 Security Operations Centre (SOC) 24x7x365 Sure Network Operations Centre (NOC) Sure is also a member of the Arbor Network s DDoS Global Finger Print Alliance sharing and receiving attack mitigation profiles and traffic ranges with other carrier members enables Sure to proactively protect and to block globally monitored attack profiles and specific DDoS BOT IP addresses before they reach or are used to target Sure clients. Statistics on size, frequency and costs of DDOS attacks taken from papers by Arbor Networks

6 Guernsey Centenary House La Vrangue St Peter Port Guernsey GY1 2EY Jersey Richmond House 8 David Place St Helier Jersey JE2 4TD Isle of Man 2nd Floor 14 Athol Street Douglas Isle of Man IM1 1JA