Kaspersky DDoS Prevention



Similar documents
Quality Certificate for Kaspersky DDoS Prevention Software

KASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection

Complete Protection against Evolving DDoS Threats

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

Stop DDoS Attacks in Minutes

DDoS Overview and Incident Response Guide. July 2014

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Denial of Service Attacks, What They are and How to Combat Them

A Layperson s Guide To DoS Attacks

Solution Brief. Secure and Assured Networking for Financial Services

DDoS Protection Technology White Paper

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Cisco Network Foundation Protection Overview

SecurityDAM On-demand, Cloud-based DDoS Mitigation

TLP WHITE. Denial of service attacks: what you need to know

Service Description DDoS Mitigation Service

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

DDoS Attack and Its Defense

Stop DDoS Attacks in Minutes

STATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015

TDC s perspective on DDoS threats

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

The Reverse Firewall: Defeating DDOS Attacks Emanating from a Local Area Network

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

How To Block A Ddos Attack On A Network With A Firewall

Distributed Denial of Service protection

Cisco Advanced Services for Network Security

CS 356 Lecture 16 Denial of Service. Spring 2013

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

Putting Web Threat Protection and Content Filtering in the Cloud

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

DDoS Attack Mitigation Report. Media & Entertainment Finance, Banking & Insurance. Retail

How Cisco IT Protects Against Distributed Denial of Service Attacks

On-Premises DDoS Mitigation for the Enterprise

Firewall and UTM Solutions Guide

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Firewalls and Intrusion Detection

Secure networks are crucial for IT systems and their

DoS: Attack and Defense

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Countermeasures against Bots

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Allot Security Solution Suite

Business Case for a DDoS Consolidated Solution

FortiDDos Size isn t everything

Networking for Caribbean Development

VALIDATING DDoS THREAT PROTECTION

Internet Content Provider Safeguards Customer Networks and Services

Global DDoS Prevention Market

NetDefend Firewall UTM Services

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

How To Stop A Ddos Attack On A Website From Being Successful

First Line of Defense to Protect Critical Infrastructure

10 Things Every Web Application Firewall Should Provide Share this ebook

Cisco IPS Tuning Overview

Radware s Behavioral Server Cracking Protection

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

The Hillstone and Trend Micro Joint Solution

Advantages of Managed Security Services

CloudFlare advanced DDoS protection

The Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System

Taxonomy of Intrusion Detection System

WHITE PAPER. Network Security: A Simple Guide to Firewalls

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Design and Implementation Guide. Apple iphone Compatibility

Four Steps to Defeat a DDoS Attack

SANS Top 20 Critical Controls for Effective Cyber Defense

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

DDoS-blocker: Detection and Blocking of Distributed Denial of Service Attack

How To Protect Yourself From A Dos/Ddos Attack

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Sygate Secure Enterprise and Alcatel

Transcription:

Kaspersky DDoS Prevention The rapid development of the online services industry and remote customer service systems forces entrepreneurs to consider how they can protect and ensure access to their resources. This involves enormous efforts, including deployment of all kinds of different systems for redundancy and disaster recovery. However, all of these efforts can prove futile when faced with one particular threat that is impossible to fully safeguard against: DDoS attacks. Distributed denial-of-service (DDoS) attacks involve simultaneous, concerted attacks by a large number of computers with the goal of overloading a target computer system to the point of failure. In other words, DDoS attacks intentionally create conditions in which legitimate users of a system can no longer access or have difficulty accessing resources or services normally offered by that system. DDoS attack overview Zombie Resource User All DDoS attacks can be classified into two types: a communication channel of a targeted network is flooded with a large amount of garbage traffic; a server that hosts a targeted resource is flooded with a large amount of garbage requests that overload the computing capacity of the server and in turn prevent the server from processing legitimate requests. The danger of DDoS attacks is that even if they are aimed solely at one particular network resource, they can still affect other resources and systems located on the same network segments as the targeted resource. Though most attacks in the past predominately targeted internet portals, recently other services and applications available on the Internet have become more and more frequently targeted by DDoS attacks. For example, an attack on email servers can disrupt the normal functioning of the entire organization s business processes, while overloaded network channels resulting from an attack on an internet portal can disrupt communications between a company s affiliate offices and branches or paralyze the entire network of terminals.

Kaspersky DDoS Prevention Depending on the type of business a company is engaged in, denial of services caused by DDoS attacks could result in the following: drops in sales; losses from disrupted advertisement; dissatisfaction among customers or partners; disrupted business processes; concealment of other types of attacks being conducted at the same time; direct losses from disrupted electronic trading systems and other systems. For a variety of reasons, DDoS attacks are unfortunately becoming easier to implement. For example, one day of DDoS attacks can cost as little as 100-170 dollars, making DDoS attacks a more and more common weapon used against competitors. According to Kaspersky Lab statistics, all types of businesses are becoming the targets of DDoS attacks. Unfortunately, the following commonly used defense measures are not able to fully counteract DDoS attacks: network firewalls and IDS/IPS systems reside directly in front of the resource they protect, but are useless against an overload of the communication channel; routing to so-called black holes implemented by internet providers can help block traffic from attacks, but it also blocks requests from legitimate users, meaning that the perpetrators of DDoS attacks have Most targeted sites based on internet activity (data from Review of DDoS Attacks, 2011) achieved their goal: to make the resource unavailable to users. optimizing the configurations of resources helps only against small-scale attacks; multi-level redundancy of resources is an extremely expensive and therefore unfeasible method for most organizations. Defense against DDoS attacks has recently been given more attention in industry standards and best practices literature in the field of information security. Document FFIEC Gramm-Leach Bliley Sarbanes Oxley USA Patriot Act Basel II 7% 3% Specific sections that cover DDoS defense Availability security objectives Protect Security and Confidentiality of Customer s Non-Public Personal Information Protect Against Anticipated Threats and Hazards to Information Security Establish Disaster Recovery and Business Continuity Program Secure Information Infrastructure Safeguard Information Assets Implement Risk Based Systems and Monitoring Monitoring of Risks Business Continuity Plans Implementation of Risk Mitigation 3% 1% 1% 25% Kaspersky DDoS Prevention is a powerful distributed traffic filtering system consisting of geographically distributed, high-performance traffic cleaning s connected to the Internet over high-speed communication channels. This solution enables you to withstand practically any DDoS attack. To detect parasitic traffic during an attack, the Kaspersky DDoS Prevention system uses the following criteria for traffic filtering: statistical: based on analyzing deviations of statistical traffic parameters from average values; static: based on blacklists and whitelists, including lists compiled by user applications through APIs; behavioral: based on analyzing adherence or non-adherence to the specifications of application protocols; signature: based on analyzing individual, unique behaviors of specific attack sources, commonly known as bots. Example statistical filtering profile 3000 2500 2000 1500 1000 In addition to its package of software components and the necessary hardware, the system also includes personnel who support and maintain the system, interact with clients, and conduct analysis that enables effective management of the system. The Kaspersky DDoS Prevention system includes the following main components: sensor; traffic cleaning ; control subsystem; portal. Sensor The purpose of the sensor is to collect information on traffic directed at a specific resource of a client and provide that information to the Kaspersky DDoS Prevention system for analysis and prompt detection of any anomalies. Based on the information received from the sensor, the Kaspersky DDoS Prevention system builds statistical traffic profiles, which enables quick detection of any deviations in a resource s traffic parameters and establishment of criteria for statistical traffic filtering methods. Monday Tuesday Wednesday Thursday Friday Saturday Sunday Internet trading Gaming sites Trade venues Mass media Transportation Other business sites 8% 500 0 Banks Government resources Adult sites Other 8% Blogs and forums 11% 20% 13% 2 3

Traffic cleaning s Control subsystem Portal The purpose of the cleaning is to clean up, or filter out traffic forwarded from a parasitic source. The cleaning is comprised of a software component deployed on several servers that serve as the following: filtering router that decides whether to forward specific traffic based on a filtering profile sent from the control subsystem; proxy server that forwards cleaned traffic to the client s resource. One cleaning can serve several network resources of one or several different clients. The control subsystem coordinates the operation of all components of the system and evenly distributes loads among all system components. Kaspersky DDoS Prevention system interface The portal is simply a web portal used by the client of the Kaspersky DDoS Prevention system to manage system operation settings and analyze resource traffic parameters and detected anomalies. Kaspersky DDoS Prevention system architecture Zombie User Internet Control Client resource Sensor subsystem Portal 4 5

Competitive advantages of Kaspersky DDoS Prevention About Kaspersky Lab The Kaspersky DDoS Prevention system is an effective distributed traffic filtering system that is ready to take on virtually any DDoS attack. The geographical distribution of the system s components ensures its reliability, making it impossible for all components to simultaneously fail for whatever reason. The Kaspersky DDoS Prevention system does not depend on one specific provider, thereby increasing its reliability and fault tolerance. The Kaspersky DDoS Prevention system is supported 24-7 by a team of professionals that has already spent 5 years working on issues related to DDoS attack prevention, constantly studying the methods and techniques used by malicious perpetrators to attack Internet resources. Kaspersky DDoS Prevention system components include an entire set of statistical, signature, behavioral, and other methods to filter traffic, which helps protect resources from highly sophisticated attacks that have already penetrated other levels of protection, including low-rate attacks. The Kaspersky DDoS Prevention system includes a feature that detects attacks by using sensors deployed in close proximity to a protected resource, which enables immediate reaction to any deviations in traffic. The Kaspersky DDoS Prevention system operates based on an individual approach to protecting each specific resource or network service. Individual traffic filtering profiles are created for each protected resource in the system. The Kaspersky DDoS Prevention system was developed by one of the top anti-virus companies whose analysts constantly study the latest releases of malicious software. Kaspersky Lab includes a special department that focuses exclusively on studying zombie networks and how to neutralize them, and for that reason we possess the very latest information on the methods used by malicious perpetrators and can effectively counteract them. The Kaspersky DDoS Prevention system can be implemented either in advance to prevent potential attacks or after an attack has already begun. After an attack, Kaspersky Lab experts can prepare the client a complete packet of documents to turn over to law enforcement agencies if the client requests it. The Kaspersky DDoS Prevention system is a flexible solution based not simply on a fixed set of parameters but also on a set of rules that can be manually configured by system analysts, right in the middle of an attack response. Kaspersky DDoS Prevention functionality can also be updated right in the middle of an attack response. Its multi-level hybrid filtering using behavioral and statistical analysis helps repel attacks being launched simultaneously against many other protection systems. While defense measures are being undertaken, Kaspersky DDoS Prevention system administrators provide the client with recommendations on how to continue managing their protected web sites and other resources. Though an attack could be powerful enough to overload the channels of a specific small-scale service provider, Kaspersky DDoS Prevention cleaning s are connected to the Internet through several different providers over high-speed channels, making them extremely difficult to overload. While an Internet provider that implements its own DDoS protection measures on its network can only protect its own clients, the Kaspersky DDoS Prevention system can protect any resource at any location on a network. The Kaspersky DDoS Prevention system is currently deployed by many different companies to protect their network infrastructure, and this enables Kaspersky Lab experts to constantly study new mechanisms and characteristics of botnets. Kaspersky Lab is Europe's largest producer of systems designed to protect against malicious or unwanted software, hacker attacks, and spam. The company is one of the top four global producers of information security software solutions. In 2010, company revenues grew by 38% and exceeded 500 million USD. Kaspersky Lab employs over 2300 highly-skilled experts. The company s products reliably protect the computers and mobile devices of over 300 million users throughout the world, and the company s technologies are implemented in the products of the largest global suppliers of software and hardware solutions. For more information, you can visit the company website at. 6 7

Kaspersky DDoS Prevention 2012 Kaspersky Lab ZAO. All Rights Reserved. All trademarks and service marks mentioned in this document are the property of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information