Distributed Denial of Service (DDoS) attacks Imminent danger for financial systems Presented by Tata Communications Arbor Networks 1
Agenda Importance of DDoS for BFSI DDoS Industry Trends DDoS Technology Overview Recent DDoS Attacks in India TCL DDoS Service World s largest ISP deployment Q&A 2
DDoS Why Should Financial Companies Care A DDoS attack can (and will) Cause substantial revenue loss due to system downtime Reduce customer confidence Leave systems vulnerable for hacking exploits Prevention Is Easier Than The Cure! RBI s Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds mandates the deployment of systems for DDoS mitigation RBI/ 2010-11/ 494 DBS.CO.ITC.BC.No. 6/31.02.008/ 2010-11 April 29, 2011 3
Industry Trends Operational & Security Threats DDoS attacks cost an average enterprise $6.3M* for a 24-hour outage * McAfee, January 2010 4
DDoS Attack Trend Increased Volume Largest volumetric DDoS has grown from 9 to 100 Gbps in 5 years Increased Complexity Over quarter of attacks are now application-based DDoS mostly targeting HTTP, DNS, SMTP Increased Frequency More than 50% of data center operators are seeing more than 10 attacks per month 5
The Evolution of DDoS Attacks Other IRC SIP/VOIP HTTPS SMTP DNS HTTP Services Targeted by Application Layer DDoS Attacks 7% 11% 19% 24% 25% 67% 87% Have You Experienced Multi-vector Application / Volumetric DDoS Attacks 32% 41% 27% Don't Know No Yes 0% 20% 40% 60% 80% 100% 50% 40% 30% 20% 10% 0% Number of DDoS Attacks per Month 9% 47% 15% 7% 10% 11% 0 1-10 10-20 20-50 50-100 100-500 1% > 500 2000 1500 1000 500 0 Average Monthly Mbps of Attacks 1843 6
The Evolution of DDoS Attacks Other IRC SIP/VOIP 50% 40% 30% 20% 10% HTTPS Services Targeted by Application Layer DDoS Attacks 7% 11% 19% 24% Have You Experienced Multi-vector Application / Volumetric DDoS Attacks SMTP 25% No DNS protection technologies. The 67% threats that increased continued 41% to be multivector Yes HTTP approaches for reconnaissance, 87% attack, and command and control. The most serious 0% 20% attacks 40% have 60% been 80% targeted 100% ones using evasive malware techniques, with 0% During 2011, an increase in threats and attacks has challenged infrastructure some customized for the target enterprise. These attacks are primarily financially motivated. 2011 also saw an increase in large-scale nuisance attacks. Source: Number Gartner, of DDoS Hype Attacks Cycle for per Infrastructure Protection Average 2011 Monthly Mbps of Attacks 2000 Month 9% 47% 15% 7% 10% 11% 0 1-10 10-20 20-50 50-100 100-500 1% > 500 1500 1000 500 0 32% 27% 1843 Don't Know 7
DDoS Misconceptions Successful DDoS Attacks My firewall/ips provides DDoS protection I have enough bandwidth to absorb DDoS attacks No one would want to attack my business. FACT FACT FACT Most large data center operators have seen their firewalls/ips fail due to DDoS Multigigabit attacks are common and can overwhelm the largest networks Most data centers suffer downtime every year due to DDoS. Did Your Firewall/IPS Fail Due to DDoS Within Last 12 13% 38% 49% No Yes Largest Attack in 150 Gbps 100 50 0 0.14 1.2 2.5 10 17 24 Source: Arbor Worldwide Infrastructure Security Report 40 49 100 60 Rent a botnet for as little as $50 per day 8
The Broad Impact of DDoS Attacks Modern DDoS Attacks are Complex & Diverse IPS Load Balancer DATA CENTER Attack Traffic Good Traffic (1) saturation upstream, (2) state exhaustion, or (3) service outages critical services are no longer available! 9
Today s Defenses Are Not Designed for DDoS Existing perimeter security devices focus on integrity and confidentiality but not on availability Firewalls including WAFs help enforce confidentiality or that information and functions can be accessed only by properly authorized parties Information Security Triangle IPS Intrusion Prevention Systems (IPS) help enforce integrity or that information can be added, altered, or removed only by authorized persons All firewalls and IPS are stateful devices which are targeted by state-based DoS attacks from botnets! DATA CENTER IPS Load Balancer 10 10
IPS choke during DDoS attack - IPS does not offer protection from DDoS. - IPS one of the prime targets of DDoS attack - weakest link in chain. - IPS blocks traffic but does not mitigate DDoS attacks. 11
DDoS Attacks in India - News 2012 12
DDoS Attacks on BFSI segment in India - Many banks, mutual funds, credit rating agencies, etc. have faced multiple DDoS attacks in last 1 year - Most DDoS attacks have been on website which have direct impact on revenue or reputation of the organization - Cert-in and RBI have issued guidelines for banks to take DDoS protection - Many leading private sector banks in India have already taken DDoS services from Tata Communications 13
Our Customers Leading Mutual Fund Company in India - Customer s website got DDoS attack at 6:00 pm on a Friday. The attack size was multiples times bigger than Internet port size - Website went down immediately. End users could not access the website - Within a couple of hours Tata Communications implemented DDoS protection in the cloud - Customer website was up and running again Protecting Formula 1 Service turned up in ~24 hours! Tata-protected F1 Bahrain assets, withstood DDoS attacks throughout the race weekend. "Their rapid response and technology solution were most impressive. In an incredibly short time Tata Communications had the service up and running and within 24hrs we were protected - Eddie Baker, CIO, Formula 1 14
Enterprise Services under DDoS Attacks DNS, HTTP attacked : Ports cannot be blocked. DDoS Preferred Choice of attack for hackers ANY WHERE ANY TIME ANY TYPE ANY NUMBER OF TIMES 15
Global Network Largest ISP DDoS Service TGN-Northern Europe TGN-Pacific TGN-Atlantic TGN-Western Europe TGN-EurAsia* TGN-Pacific TIC TGN-Intra Asia Largest ISP DDoS Deployment 16
DDoS : Advantages of Cloud Mitigation DDoS Attacks DDoS Attacks DDoS Mitigation in the Cloud 17
Comprehensive DDoS protection CPE + Cloud Internet SCRUBBING CENTER Peakflow SP/TMS Cloud Signalin g DATA CENTER Cloud-based DDoS Protection ISP Firewall IPS Load Balancer Internet CPE-based DDoS Protection Target Applications & Services 18
DDoS Detection & Mitigation Process Customer Premise Customer Server DDoS Attack Normal Traffic Internet End Users NetFlow Remove attack in the Internet Cloud DDoS Scrubbing Farm Advanced Protection No CAPEX or software in customer premise 19
Our DDoS Detection & Mitigation Service Features World s largest deployment of detection and mitigation capabilities Network-based service addresses distributed threats at the network edge Scrutinizes traffic in real-time to identify anomalies Only malicious traffic is blocked legitimate traffic continues to flow so network and applications remain available Benefits Improves traditional fault resolution procedures with real-time monitoring and alerting Lower Cost of Ownership (TCO) and greater efficacy than premise-based solutions Protect Internet application availability without costly over-provisioning of IP 20
Tata and the Arbor Networks Advantage Tier-1 ISP with Cloud DDoS Service Globally Distributed DDoS Scrubbing Capabilities Extensive Experience in DDoS Attack Management Securing online business availability with SLA Assurance Global 24x7 Security Operations Centers with Arbor Security Intelligence Botnet Attack Fingerprints Updated Threat Descriptions Country -> IP Updates ASERT Attack Risk Settings Inbound HTTP Botnet Attacks ASERT Severity Levels IP Location Data Cloud and CPE DDoS Comprehensive & Seamless DDoS protection 21
Thank You Sumit Narula Cell +91-9711003705 Email sumit.narula@tatacommunications.com Samuel Sathyajith Cell +91-9845430169 Email ssathyajith@arbor.net