Corero Network Security First Line of Defense Executive Overview

Transcription

1 FIRST LINE OF DEFENSE Corero Network Security First Line of Defense Executive Overview Products and Services that Protect Against DDoS Attacks and Cyber Threats EXECUTIVE SUMMARY Any organization conducting business online faces tremendous risk from Distributed Denial of Service (DDoS) attacks and cyber threats emerging from raw Internet traffic. For complete protection from these threats, businesses require a First Line of Defense that prevents outages, assures uptime for legitimate users, provides insight into evolving threats and extends the life of their critical infrastructure. This document provides an overview of how Corero Network Security is the trusted advisor for protecting the online integrity of your business with its First Line of Defense products and services. The Corero First Line of Defense solutions are deployed at the point(s) of raw Internet connectivity and in front of the critical infrastructure requiring protection. The Corero SmartWall Threat Defense System (TDS) ensures advanced DDoS and cyber threat protection in scalable increments of 10 Gbps, is built on a next generation multicore processing architecture, and provides comprehensive attack visibility and network forensics. With the Corero SmartWall TDS, hosting providers, enterprises, service providers, and MSSPs can not only protect their own data centers but also deliver value-added managed security services to their customers. Learn more about Corero products and services at EXECUTIVE OVERVIEW

2 As an online business, be it an e-commerce provider, social media company, financial institution, hosting provider, gaming company, or government entity, you are at a risk of a DDoS attack that can bring your business to a screeching halt in a matter of minutes. This means lost revenues, damaged reputation, and dissatisfied customers. Online businesses need protection from raw Internet traffic with a First Line of Defense that: Prevents network/service outages by blocking attacks in real time Assures that legitimate customers can access the business online services Provides insight into attacks and evolving threats Extends the effective life of their existing security investments THE FIRST LINE OF DEFENSE The most effective way to protect from DDoS attacks and cyber threats is to monitor and mitigate the point(s) of raw Internet connectivity. For enterprises, this means deploying a First Line of Defense at the edge of their network and in front of the firewalls. For hosting providers, it is at the edge of their data centers. In the service provider cloud, it is at the peering points and the distribution points. In the Cloud Service providers, IT hosting and Cloud providers On Premises Enterprises financial services, e-commerce providers, gaming, education Internet 1-10 Gbps IPS/APT Internet SERVICE PROVIDER SLB/ADC WAF Protected Critical Infrastructure and Services Figure 2 - First Line of Defense deployment scenarios for the most effective protection form the Internet The Corero First Line of Defense products are comprised of a family of purpose-built network security appliances, deployed at the data center edge or in a service provider cloud to inspect raw Internet traffic for DDoS attacks and cyber threats and subsequently protect downstream critical infrastructure, services and customers. The Corero First Line of Defense protection against DDoS attacks and cyber threats adheres to the following principles: Advanced DDoS protection Comprehensive visibility Built on a next generation architecture First Line of Defense Overview 2

3 ADVANCED DDOS PROTECTION Advanced DDoS protection requires granular policy controls to enable systematic treatment of raw Internet traffic and distinguish legitimate traffic from suspicious/malicious traffic. The First Line of Defense, solution provides protection against the following: Volumetric DDoS (TCP, UDP, ICMP, HTTP, DNS) IP reputation (Whitelist, backlist, dynamic) Reflective DDoS (DNS/NTP/SNMP amplification) Low and slow resource exhaustion (Slowloris, slowread) Advanced evasion (Fragmentation, segmentation) Corero First Line of Defense ATTACKS & TECHNIQUES Network Level DDoS Reflective Amplified DDoS Fragmented Packet DDoS Application Layer DDoS Specially Crafted Packet SYN, TCP, UDP, ICMP Floods DNS, NTP, SNMP, QOTD Floods Overlapping, Missing, Too Many Low and Slow, App Scripts Stack, Protocol, Buffer THREAT LANDSCAPE CORERO FIRST LINE OF DEFENSE Traditional Border Infrastructure Critical Network Services Other Security Technologies Online Business Integrity Total System Failures Investment Productivity Public Image Lines of Business Escalating Costs Figure 3 - DDoS attack and cyber threat landscape and associated business impacts The Corero First Line of Defense solution provides protection for the entire spectrum of DDoS attacks and cyber threats, assuring that traditional border infrastructure and critical network services stay up to maintain the online business integrity of Internet facing services they deliver. First Line of Defense Overview 3

4 COMPREHENSIVE VISIBILITY For comprehensive visibility, the First Line of Defense solution produces sophisticated security feeds in the form of network and security events, sample network statistics, and threat intelligence detailing malicious sources and targeted assets. The raw data produced by the Corero First Line of Defense solution can be categorized into network level events, security level events, and sample network statistics using SFlow. When these unique data feeds are analyzed by the Corero analytics and reporting engine, they enable comprehensive real-time and historical visibility into DDoS attacks and other cyber threat activity. Through summarized as well as deep dive analysis of the raw data, operators can create detailed real-time or scheduled reports to track attack trends and measure the defense effectiveness of the Corero First Line of Defense deployments. Critical event alerts, data and statistical information pertaining to attacks and threats are accessible through the reporting engine user interface. Corero First Line of Defense Security Events Threat Intelligence System Health Data Forensics Data Network Statistics VALUABLE RAW DATA Powerful Analytics Engine Virtual SOC Portal 10:00 PM ACTIONABLE SECURITY ANALYTICS & VISUALIZATION Real-time Dashboards Historical Reporting Powered by Behavioral Analysis Forensic Analysis Figure 4 - Turn-Key DDoS visibility and analytics with the Corero First Line of Defense solutions NEXT GENERATION ARCHITECTURE Businesses look to invest in technologies that not only solve the challenges of today, but are also built to scale with the growing needs of the business. This is especially true when investing in DDoS and cyber threat protection; where existing threats evolve and new threats are developed constantly. The First Line of Defense solution is built on architectural concepts that provide best of breed protection today as well as future proofing for tomorrow. The Corero First Line of Defense solution is built on a next generation architecture that assures the following: Modular for flexible deployment in multiple environments Scalable to address future growth Unified provisioning for efficient deployments Ready for the NFV/SDN/Cloud ecosystem deployments First Line of Defense Overview 4

5 DO-NO-HARM PROTECTION Legacy DDoS solutions have significant challenges related to providing false positives, a problem which limits their deployment to out-of-band scrubbing center approaches. The Corero First Line of Defense solution is architected to completely eliminate false positives and is therefore suitable for inline deployments on mission-critical networks. This type of deployment allows instantaneous detection and mitigation of DDoS attacks, whereas the response times of scrubbing center approaches are measured in hours. The way Corero provides instant DDoS mitigation without false positives is through do-no-harm protection, an approach that ensures that only the traffic that is deemed bad with certainty is blocked. If there is any uncertainty on whether the traffic is good or bad, it will not get dropped. This ensures that legitimate traffic always gets through even when the raw traffic surges in case of a DDoS attack, as shown below. Do-No-Harm Architecture Good traffic Good traffic Never Dropped Known Bad Suspicious Known Good Inspect/Drop per Active Rules Inspect/Drop/Transmit per Customer Policy Protect and Transmit Figure 5 Do-no-harm protection ensures good traffic will always get though The figure above demonstrates how raw Internet traffic is processed by Corero in a do-no-harm fashion. Under most circumstances the First Line of Defense solution has the ability to distinguish between good and bad traffic within all of the raw Internet traffic. However, in certain cases when the system observes a spike in the raw Internet traffic (e.g. due to a DDoS attack), some traffic goes through the system as unknown to assure that the good traffic is not dropped. NFV/SDN AND CLOUD READY As data centers become more virtualized and their traffic gets orchestrated via software defined networking (SDN) concepts, DDoS defense solutions will need to fit into the data centers evolving ecosystem. The Corero First Line of Defense solutions were architected with centralized policy constructs and REST APIs for SDN in mind and can be readily federated with emerging SDN fabric ecosystems for the creation of a more dynamic security layer encompassing robust DDoS mitigation capabilities. This is a significant improvement over legacy DDoS scrubbing center approaches that employ route-injection via BGP Flow- Spec to redirect flows associated to an attack to a remote or local scrubbing center. SDN traffic engineering and flow redirection concepts can be utilized to automate this function without having to touch an already fragile routing environment. Furthermore, SDN-enabled DDoS scrubbing can have the benefit of accepting bi-directionally mirrored traffic to allow the systems to maintain always on, real-time visibility into what s running on the network. In typical legacy DDoS scrubbing centers, the DDoS mitigation appliances sit idle providing no benefit until traffic is redirected to the scrubbing center, via a route injection. First Line of Defense Overview 5

6 NFV/SDN AND CLOUD READY (cont.) Additionally, the Corero First Line of Defense solution use a parallel processing framework that runs today on the purpose-built multi-core processing SmartWall TDS platform. This architecture is perfectly suitable to run as software within a virtualized hypervisor environment and Corero is currently developing virtual DDoS solutions for our customers who wish to deploy in private cloud or VPC environments or carriers that are looking to deploy DDoS mitigation as a virtual network function within an NFV (Network Function Virtualization) ecosystem. This capability will allow data centers to deploy First Line of Defense protection in a much more elastic manner while utilizing economical commercial off-the shelf (COTS) hardware in the future. THE CORERO FIRST LINE OF DEFENSE PRODUCTS For the large enterprises and hosting/service providers, the Corero SmartWall Threat Defense System (TDS) product ( provides protection in increments of up to 10 Gbps and scales up infinitely to support larger deployments (40 Gbps, 80 Gbps, 160 Gbps and larger). The Corero SmartWall Threat Defense System is comprised of three appliance types that perform distinct functions and can be configured in a wide range of topologies for flexible deployment. Network Threat Defense appliance Network Bypass appliance Network Forensics appliance The Corero Management Server SecureWatch Analytics Portal All appliances are ¼ rack width and 4 appliances can be accommodated within a single 1RU - in a 19 rack. There is no backplane and each appliance operates independently of other appliances. They are managed centrally as a single entity by the CMS. Each appliance can process up to Mpps of network traffic. A single 19 rack fully loaded with SmartWall TDS appliances could inspect over 1 Tbps of traffic. Scalable Multi-Gigabit Deployment in Modular Increments of 10 Gbps Tens of Customers Hundreds of Customers Scaled up with increased bandwidth requirements or growth in the customer base Thousands of Customers Figure 7 - The Corero SmartWall scales infinitely in increments of 1 or 10 Gbps to scale up and meet growth requirements First Line of Defense Overview 6

7 FIRST LINE OF DEFENSE SOLUTIONS FOR HOSTING PROVIDERS Hosting providers need to ensure 24x7 Internet connectivity to their diverse set of hosted clients. But hosting providers with a diverse clientele are especially susceptible to DDoS attacks and cyber threats because an attack on a single client can compromise connectivity of multiple clients. Additionally, compromised hosted servers can be used by attackers as powerful attack sources, making the hosting provider part of a botnet. Hosting providers also need to secure their own infrastructure because the resulting damage from a DDoS attack on a hosting provider can be costly downtime, dissatisfied users, and an impaired brand. Unfortunately, traditional security solutions like firewalls are ineffective against advanced cyber-threats and can in fact become the target of such attacks themselves. What hosting providers need is a First Line of Defense solution which is always on to ensure business continuity of their hosted clients Internet facing services and applications. Corero provides this solution with SmartWall Threat Defense, a game-changing technology consisting of state-of-the-art threat defense and comprehensive network forensics. Solutions for Hosting Providers Provider s Data Center Infrastructure Attackers First Line of Defense Data Center VMs, Web Servers, DB Servers Internet X IPS Router 1 Router 2 SLB Hosted Customers Protected with Paid Threat Defense Services Good Users WAF Customer T Customer Q Customer N Figure 14 - The Corero First Line of Defense protects critical data center infrastructure of the hosting providers and allows them to offer threat defense as a service to their hosted customers SmartWall Threat Defense System is a scalable services-oriented security platform deployed at the hosting provider s Internet edge and is designed to be modular and scalable to meet the high performance and evolving protection requirements of modern hosting data centers. SmartWall Threat Defense can also provide hosting providers with a revenue generation opportunity by enabling them to offer First Line of Defense as a service to their hosted clients. The Corero SmartWall TDS delivers to Hosting Providers and Datacenter operators the ability to offer comprehensive DDoS and cyber threat protection to their hosted customers as an extension of their current service offerings, improving their overall value proposition and providing an opportunity to offer differentiated value added security services. First Line of Defense Overview 7

8 FIRST LINE OF DEFENSE SOLUTIONS FOR S Today s enterprises are heavily dependent on their online presence, whether it is for generating revenues, ensuring high employee productivity, or providing superb customer experience. Ubiquitous connectivity also makes enterprises susceptible to DDoS attacks and cyber threats from around the world, resulting in costly downtime, lost productivity, brand damage and denial of service to an enterprise s legitimate users. Unfortunately, traditional security solutions like firewalls are ineffective against advanced cyber-threats and can in fact become the target of such attacks themselves. What enterprises need is a First Line of Defense solution which is always on to ensure business continuity of their Internet facing services and applications. Solution for the Enterprise Attackers First Line of Defense Firewall NGFW Protected Enterprise Infrastructure Internet X IPS/APT Router SLB Good Users WAF Figure 15 - The Corero First Line of Defense protects enterprise infrastructure and eliminates downtime The Corero First Line of Defense products are deployed between the Internet and the enterprise firewall and are designed to be modular and scalable to meet the high performance and evolving protection requirements of modern enterprise s mission critical infrastructure. First Line of Defense Overview 8

9 FIRST LINE OF DEFENSE SOLUTIONS FOR SERVICE PROVIDERS Service providers are the backbone of the Internet, providing multi-gigabit connectivity to every enterprise, data center, and cloud provider on the Internet. All of these online entities are targets of DDoS attacks and cyber threats from around the world. Hence, service providers are subject to carrying enormous amount of unwanted traffic in their networks, which affects performance and service levels delivered to their customers. Moreover, many service provider customers are not prepared to combat these advanced threats by themselves and are often looking for protection with a minimum upfront investment. This presents a significant revenue generating opportunity for service providers who can offer managed security solutions to their customers. These services can range from managed threat defense, network behavior analysis and reporting, and forensics analysis for regulatory compliance. What service providers need is a First Line of Defense platform which can not only protect their own networks but also act as a revenue generating service platform. The same platform can also be used to perform historical analysis of traffic flowing through their networks for sharing mitigation intelligence among serviced customers and for future capacity planning of the provider network. Solutions for Service Providers SERVICE PROVIDER SERVICE PROVIDER SERVICE PROVIDER SERVICE PROVIDER HOSTING PROVIDERS & DATA CENTERS HOSTED SITES CO/LO PRIVATE CLOUDS Figure 16 - Service providers can deploy SmartWall TDS in a modular and scalable fashion SmartWall TDS is a services-oriented security platform that service providers can deploy at the edge of their cloud to not only protect their own mission critical infrastructure but also leverage it to deliver revenue generating managed security services, including always on, threat protection and visibility for their enterprise customers. First Line of Defense Overview 9

10 FIRST LINE OF DEFENSE SOLUTIONS FOR MANAGED SECURITY SERVICE PROVIDERS MSSPs provide outsourced security services to small to medium sized businesses (SMBs). Just like large enterprises, SMBs are vulnerable to DDoS attacks and cyber threats from around the world, resulting in costly downtime, lost productivity, brand damage and denial of service to their legitimate users. Unfortunately, SMBs are not prepared to combat these advanced threats by themselves and are often looking for protection with a minimum upfront investment. This presents a significant revenue generating opportunity for MSSPs who can offer managed security solutions to their customers. These services can range from managed threat defense, network behavior analysis and reporting, and forensics analysis for regulatory compliance. What MSSPs need is a First Line of Defense platform which can be easily installed and remotely managed. Corero provides this platform with its SmartWall Threat Defense System, a services-oriented security platform that SMBs can deploy at their Internet edge for protecting their mission critical infrastructure and delegate its management to MSSPs. Solutions for Service Providers Attackers Good Users Internet MSSP SOC X Protected Customer Infrastructure Customer 1 Protected Customer Infrastructure Customer 2 MSSP SOC remotely provides always on Managed Threat Defense service to SMBs Protected Customer Infrastructure Customer N Figure 17 - The Corero First Line of Defense solutions allow MSSPs to expand their services portfolio with managed threat defense services for small to medium sized businesses Further, using the Corero SecureWatch Analytics as a blue print, MSSPs can take a proactive stance with the customers they are protecting. Using SecureWatch Analytics as their virtual Security Operations Center (SOC), the MSSPs can deliver valueadded managed security services to SMBs who don t have the security expertise or the upfront capital investment to get the protection on their own. ABOUT CORERO NETWORK SECURITY Corero Network Security, an organization s First Line of Defense against DDoS attacks and cyber threats, is a pioneer in global network security. Corero products and services provide online enterprises, service providers, hosting providers, and Managed Security Service Providers with an additional layer of security capable of inspecting Internet traffic and enforcing real-time access and monitoring policies designed to match the needs of the protected business. Corero technology enhances any defense-in-depth security architecture with a scalable, flexible and responsive defense against DDoS attacks and cyber threats before they reach the targeted IT infrastructure allowing online services to perform as intended. For more information, visit Corporate Headquarters EMEA Headquarters 1 Cabot Road Regus House, Highbridge, Oxford Road Hudson, MA USA Uxbridge, England Phone: UB8 1HR, UK Web: Phone: Copyright 2014 Corero Network Security, Inc. All rights reserved First Line of Defense Overview 10