Cheap and efficient anti-ddos solution
Who am I? Alexei Cioban Experience in IT 13 years CEO & Founder IT-LAB 7 years IT trainings 5 years 2
About company Year of foundation - 2007 12 employees www.it-lab.md Partner of Cisco, Microsoft, Mikrotik System integration Solutions for enterprise and ISP networks Anti-DDoS solutions (Andrisoft, Switchray, Radware) Network construction (Cable and Wi-Fi) Software development (WEB, mobile apps, CRM) Network equipment (Cisco, Mikrotik, OEM) VoIP equipment and software (Cisco, Gaoke, Switchray, Digium, Asterisk, PBX, Call centers) Servers (Cisco) 3
Agenda Introduction to the DDoS attacks Anti-DDoS market players Situation in Moldova Our anti-ddos solution scheme and components Requirements, features and benefits 4
Introduction to DDoS DDoS Distributed denial-of-service Every day ~ 600 DDoS attacks Average daily bandwidth 200-300 Gbps Financial losses: 100-300k USD per attack - ~100 billions USD/year Cost of attack is low 50-500 USD/day DDoS types: SYN-flood TCP/UDP/ICMP-flood Reflection/Amplification (BGP, NTP, DNS) Etc. 5
6 Online DDoS map
Anti-DDoS solutions market players Company name Market share Solution or product name Arbor networks ~60% Peakflow, Pravail, Cloud Approx. cost 400k USD and more Radware ~20% DefensePro 100k USD and more Juniper ~4% DDoS Secure 100k USD and more Others ~16% 7
Moldavian anti-ddos reality Only 3.5 Millions people living in MD Market is too small ISPs, data-centers and other companies can t buy expensive anti- DDoS solutions Easiest way fully block attacked IP (packet filter, BGP black-hole) Bad influence on enterprise and government IT-resources Slow evolution of electronic services There are no professional anti-ddos solution providers in MD (already exists exception) 8
Accessible anti-ddos solution Software components: - Andrisoft WANGUARD/WANSIGHT - Linux (CentOS, Debian) - PF_RING kernel module Anti-DDoS SaaS clouds: - Trabia network - Voxility - etc Hardware components: - Servers (Cisco, HP, IBM, etc.) - Intel 82599-based 10Gbps network cards - network taps Smart guys 9
WANGUARD DDoS detection and mitigation solution 10
WANGUARD - features DDoS detection & mitigation (reaction in 5 secs), but it s not IDS/IPS Powerful reaction tools (BGP announcements, e-mails, scripts, etc) Detailed forensics (traffic samples, flows, reports) Advanced web console, flexible configuration Easy & fast scalability Real-time, historical and scheduled reporting Complex analytics (reports based on IP, AS, country, application, port, protocol, etc) Full network visibility and monitoring (netflow v5,7,9, sflow, jflow, ipfix, sniffing, etc) 11
WANGUARD - features Detects all bandwidth-related traffic anomalies: Distributed Denial of Service (DDoS) attacks, unknown volumetric DoS attacks NTP amplification attacks, generic UDP floods, ICMP floods, SMURF attacks SYN floods, TCP/UDP port 0, LOIC, peer-to-peer attacks, etc. Scans and worms sending traffic to illegal or unallocated addresses, missing traffic to critical services 12
WANGUARD - features Per-endpoint flexible threat reaction options: Activate WANGUARD Filter for DDoS attack mitigation Send remotely-triggered black hole announcements, BGP off-/onramp traffic diversion announcements Alert the NOC staff by email using user-defined email templates Send custom Syslog messages to remote log servers or SIEM systems Capture a sample of traffic for forensic investigation Extend the built-in capabilities with customized scripts that can access an easy-to-use API Provides traffic accounting reports and per-ip / subnet / IP Group graphs for each of the following traffic types: total, tcp, tcp+syn, udp, icmp, other, bad, flows, flows+syn, http, https, ssl, mail, dns, sip, ntp, rdp, snmp, ssh, ipsec, facebook, youtube, netflix, hulu, and more to come Generates tops and graphs for talkers, external IPs, IP groups, autonomous systems, countries, TCP or UDP ports, IP protocols, and more 13
WANGUARD web console 14
WANGUARD web console 15
WANGUARD web console 16
WANGUARD hardware requirements Sensor requirements Filter requirements 17
Intel 82599 chipset MSI-X - load balancing of packet flows between CPU cores Support of SM/MM fiber optic transceivers Hardware filtering based on IP/MAC Wire-speed routing 18
Cloud-based SaaS anti-ddos Bandwidth saturation problem in case of massive attacks GRE-tunnel / L2-tunnel to cloud provider Bandwidth up to 500Gbps WANGUARD can automatically redirect inbound traffic via anti-ddos cloud 19
Benefits of solution Cost up to 10-150 times cheaper than competing products Rich functionality Easy to change/add hardware independently from vendor Easy to integrate with existing network Scalability and performance in conjunction with accessible hardware Suitable and accessible for ISPs, enterprises (banks, etc) and government Legea 241/15.11.2007/ Art.20/al. 3/lit. C.??? accounting and storing of all processed IP flows (6-12 months and more) 20
What next? We can offer trial and demo We can analyze your case and calculate costs 21
Contacts Alexei Cioban ac@it-lab.md http://www.it-lab.md +373 69999975 22