Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Similar documents
No Blind Spots in Perimeter Security with Security Event Information Management

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd

SHARE THIS WHITEPAPER

Attack Mitigation Solution. Technology Overview - Whitepaper

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd Riga. Baltic IT&T

Radware Solutions for NGDC

Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013

DefensePro Whitepaper Fighting Cybercrime: Rethinking Application Security By Ron Meyran

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Smart Network. Smart Business. APSolute Immunity with DefensePro Brochure

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

SHARE THIS WHITEPAPER. Attack Mitigation Service Fully Managed Hybrid (Premise & Cloud) Cyber-Attack Mitigation Solution - Whitepaper

Radware s Behavioral Server Cracking Protection

FortiWeb 5.0, Web Application Firewall Course #251

Why a Web Application Firewall Makes Good Business Sense How to Stay Secure with AppWall Whitepaper

Protect Your Business and Customers from Online Fraud

Radware s Attack Mitigation Solution On-line Business Protection

Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report.

First Line of Defense

SecurityDAM On-demand, Cloud-based DDoS Mitigation

A Layperson s Guide To DoS Attacks

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Application Security Backgrounder

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers

Introducing IBM s Advanced Threat Protection Platform

Smart Network. Smart Business. Application Delivery Solution Brochure

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

10 Things Every Web Application Firewall Should Provide Share this ebook

How To Protect Yourself From A Dos/Ddos Attack

Complete Protection against Evolving DDoS Threats

TDC s perspective on DDoS threats

ERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

End-to-End Application Security from the Cloud

On-Premises DDoS Mitigation for the Enterprise

Web Application Defence. Architecture Paper

Enterprise-Grade Security from the Cloud

Cloud Security In Your Contingency Plans

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

Smart Network. Smart Business. Application Delivery Solution Brochure

Load Balancing Security Gateways WHITE PAPER

First Line of Defense

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Trend Micro. Advanced Security Built for the Cloud

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

DENIAL-OF-SERVICE ATTACKS

Swordfish

SANS Top 20 Critical Controls for Effective Cyber Defense

Modular Network Security. Tyler Carter, McAfee Network Security

How To Protect Your Network From Attack From A Network Security Threat

Guidelines for Web applications protection with dedicated Web Application Firewall

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Attack Mitigation Solution

VALIDATING DDoS THREAT PROTECTION

Where every interaction matters.

NSFOCUS Web Application Firewall

Security F5 SECURITY SOLUTION GUIDE

Datacenter Transformation

Cutting the Cost of Application Security

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

The Hillstone and Trend Micro Joint Solution

F5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Cisco Security Optimization Service

Securing Your Business with DNS Servers That Protect Themselves

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

IBM Protocol Analysis Module

Securing Your Business with DNS Servers That Protect Themselves

Manage the unexpected

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

24/7 Visibility into Advanced Malware on Networks and Endpoints

IAAS REFERENCE ARCHITECTURES: FOR AWS

Cisco RSA Announcement Update

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

NSFOCUS Web Application Firewall White Paper

DDoS Protection on the Security Gateway

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

Check Point DDoS Protector

How To Stop A Ddos Attack On A Website From Being Successful

Network- vs. Host-based Intrusion Detection

Importance of Web Application Firewall Technology for Protecting Web-based Resources

The Business Case for Security Information Management

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Petr Lasek, SE, RADWARE. Květen 2012

DDoS Overview and Incident Response Guide. July 2014

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

Extreme Networks Security Analytics G2 Vulnerability Manager

Transcription:

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Table of Contents Abstract...3 Understanding Online Business Security Threats...3 Radware Attack Mitigation System...6 AMS Product Portfolio...9 Summary: the Radware Business Advantage...9 Smart Network. Smart Business. 2

Abstract This paper reviews the changing threat landscape and how it impacts online businesses that use Internet access to generate revenue or support their productivity. It maps the required security modules to fight emerging attack campaigns, and then introduces Radware Attack Mitigation System the AMS. Along with the AMS introduction, a more detailed description of the AMS building block is provided. Understanding Online Business Security Threats Introduction Today, online businesses and data centers face multiple types of attacks that hit every layer of the IT infrastructure: The network layer is targeted with volumetric network flood attacks, network scans, and network intrusions, aiming to consume or misuse networking resources. The server layer is targeted by port scans, SYN flood attacks, and low & slow DoS attack tools, which aim to misuse the server resources. The application layer is targeted with a wide variety of attacks from application vulnerability exploitations, application misuse attacks and application DDoS attacks, and web application attacks. Large-volume network flood attacks Network scan Intrusion Port scan SYN flood attack Low & Slow DoS attacks (e.g. Sockstress) Application vulnerability, malware High and slow application DoS attacks WEB DEFACEMENT DATA BREACH SHUT DOWN Web attacks (e.g. XSS, Brute Force) Web attacks (e.g. SQL Injection) Figure 1 Attackers target every layer of the IT infrastructure The result of such attacks can vary from data breach and web defacement, all the way to service shut down. Smart Network. Smart Business. 3

Cyber-hacktivism Spikes 2010 and 2011 were record years for the most active periods of cyber-hacktivism in the history of cyber threats. Moreover, given the current efficacy of hacktivists attacks, such as WikiLeaks revenge attacks (December 2010), South Korea DDoS attacks (March 2011), Operation Megauplaod (January 2012), which include a new concept of attacks we define as a multi-vulnerability attack campaign, we believe this will only serve to encourage even more actors to enter the picture, and spawn a vicious cycle of future malicious activity. Reassessing the Risk of Cyber Attacks No one can say for certain how all of this will play out, however given the increased frequency, directed attacks, and effectiveness of the techniques, we can safely assume the following: Cyber attacks go mainstream for activists and for financially motivated criminal organizations. Attackers motivation has evolved from publicity and vandalism. They are now looking for financial gain or protest without going out of their homes. Reassessing the risk your organization is likely a target. For example, ecommerce sites, which were the prime target for financially motivated attackers, become now also targets for hacktivism. Cyber weapons of mass disruption deploy multi-vulnerability DoS & DDoS attacks. This turns traditional network security measures useless, as they typically can detect and defend only some of the attack vectors. The need for complementing security technologies. Mitigating multi-vulnerability and multi-vector attacks requires more than one security technology in place. It is critical to add behavioral analysis technologies on top traditional signature detection and rate-based protection. Architecting the perimeter for attack mitigation. Deployment of complementing network security technology requires rethinking of perimeter security. Counterattacks are needed! Defense mitigation strategies are also evolving and now include active counterattack strategies. Attackers Deploy Multi-vulnerability Attack Campaigns and Raise the Mitigation Bar Recent attacks show that attackers are using new techniques known as multi-vulnerability attack campaigns. During this, the attackers set the Botnet (or instruct their fans, as in the case of the Anonymous group operations), to launch several attack types in parallel, targeting multiple vulnerability points of the victim s IT infrastructure, such as the network, servers, and the application layers. Multi-vulnerability attack campaigns are highly destructive, even though each attack vector is well known (examples are UDP flood targeting the network bandwidth resources, SYN flood targeting the server resources, HTTP Get flood targeting the web application resources). The victim is at high risk because if one attack vector hits the target, the result is destructive. The attackers assumption is that even if their victims deploy multiple protection tools, there are blind spots in their perimeter network security architecture and therefore are exposed to a few of the attack vectors. Radware believes that there is a clear need to complement existing network security technologies, such as firewalls and network IPS, in order to protect businesses against existing and future attacks. Smart Network. Smart Business. 4

Radware Attack Mitigtion Solution (AMS) Whitepaper Mapping Security Protection Tools Going back to the threat landscape, we can now better understand and map the required protection tools to fully safeguard an online business or data center. To fully protect against all type of attacks that target the IT infrastructure, you need: DoS protection to fend off volumetric network DDoS flood attacks. Network Behavioral Analysis (NBA) to detect and prevent zero-day and non-vulnerability based attacks, where the attackers are replicating real user s behavior to misuse application resources. Intrusion Prevention System (IPS) to detect and protect against known application vulnerability exploits. IP reputation to prevent financial fraud attacks, social attacks such as phishing, and malware contamination. Web Application Firewall (WAF) to protect against web application attacks. DoS Protection Behavioral Analysis IPS IP Reputation WAF Large-volume network flood attacks Network scan Intrusion Port scan SYN flood attack Low & Slow DoS attacks (e.g. Sockstress) Application vulnerability, malware High and slow application DoS attacks Web attacks (e.g. XSS, Brute Force) Web attacks (e.g. SQL Injection) SHUT DOWN Figure 2 Mapping security protection tools according to the threat landscape An integrated approach is required to make sure there are no blind spots in perimeter and application security, and to save on deployment, management, and integration costs. Smart Network. Smart Business. 5

Radware Attack Mitigation System Introduction Protecting the application infrastructure requires deployment of multiple prevention tools. Radware s Attack Mitigation System (AMS) is a real-time network and application attack mitigation solution that protects the application infrastructure against network and application downtime, application vulnerability exploitation, malware spread, information theft, web service attacks, and web defacement. Radware s Attack Mitigation System contains three layers: Protections layer A set of security modules including: Denial-of-service (DoS) protection, Network Behavioral Analysis (NBA), Intrusion Prevention System (IPS), Reputation Engine, and Web Application Firewall (WAF), to fully safeguard networks, servers, and applications against known and emerging network security threats. Security risk management - Built-in Security Event Information Management (SEIM) collects and analyzes events from all modules to provide enterprise-view situational awareness. Emergency Response Team (ERT) - Consisting of knowledgeable and specialized security experts who provide 24x7 instantaneous services for customers facing a denial-of-service (DoS) attack in order to restore network and service operational status. Figure 3 AMS offers the complete set of protection modules and services for online businesses and data center protection When compared to stand-alone solutions deployment, the synergy of multiple protection modules as part of one system enables more effective protection against attackers who seek to compromise the business assets systematically, while providing unified reporting and compliance. Smart Network. Smart Business. 6

AMS Protection Modules AMS is comprised of five protection modules, all optimized for online business and data centre protection, and designed for data center and carrier deployments: DoS Protection Prevent all type of network DDoS attacks including: UDP flood attacks SYN flood attacks TCP flood attacks ICMP flood attacks IGMP flood attacks Out-of-state flood attacks NBA The network behavioral analysis module prevents application resource misuse and zero-minute malware spread. Attacks protected include: HTTP page flood attacks DNS flood attacks SIP Flood attacks Brute force attacks Network and port scanning Malware propagation IPS This module protects against: Application vulnerabilities and exploits OS vulnerabilities and exploits Network infrastructure vulnerabilities Malware such as worms, Bots, Trojans and drop-points, Spyware Anonymizers IPv6 attacks Protocol anomalies Reputation Engine Protects against financial fraud, Trojan & phishing attack campaigns. This feature is based on third party real-time IP reputation feeds. WAF The web application firewall prevents all types of web server attacks, such as: Cross site scripting (XSS) SQL injection Web application vulnerabilities Cross site request forgery (CSRF) Cross site request forgery (CSRF) Cookie poisoning, session hijacking, brute force Cutting-edge Security Technologies Radware AMS uses multiple technologies to provide complete attack protection for online businesses, data centers, and networks: The DoS Protection module is based on several technologies: signature detection, behavioral based realtime signatures, and SYN cookies mechanism that challenge new connections prior to establishing a new session with the servers. The Network Behavioral Analysis (NBA) module employs patented behavioral-based real-time signature technology. It creates baselines of normal network, application, and user behavior. When an anomalous behavior is detected as an attack, the NBA module creates a real-time signature that uses the attack characteristics, and starts blocking the attack immediately. In case of DDoS attacks, it injects the real-time signature into the DME hardware, offloading the main CPUs from the excessive unwanted traffic. Smart Network. Smart Business. 7

The Intrusion Prevention System (IPS) module is based on stateful static signature detection technology, with periodic signature updates and emergency updates, in case of a newly discovered high risk attacks. The Reputation Engine offers real-time anti-trojan and anti-phishing service, targeted to fight against financial fraud, information theft, and malware spread. The Web Application Firewall (WAF) offers patent-protected technology to create and maintain security policies for the widest security coverage with the lowest false positives and the lowest operational effort. The WAF auto policy generation module analyzes the security related attributes of the protected web application and derives the potential threats in the application. The web application is mapped into application zones, each with its own common potential threats. It then generates granular protection rules per zone, and sets a policy-in-blocking mode once it has completed an optimization process that minimizes false-positives while maintaining best security coverage. Security Risk Management Best-of-breed Reporting and Forensics Engine Built-in Security Information Event Management (SIEM) system provides an enterprise-wide view of security and compliance status from a single console. Data from multiple sources is collected and evaluated in a consolidated view of dashboards and reports. These views provide extensive, yet simple, drilldown capabilities that allow users to easily drill into information to speed incident identification, and provide root cause analysis, which improves collaboration between NOC and SOC teams, and accelerates the resolution of security incidents. Complete Alignment with Enterprise Compliance Requirements and Regulations The SIEM provides complete alignment with the enterprise s compliance, regulations, and business processes, providing compliance and audit professionals with a complete picture of compliance across the enterprise. It ensures the appropriate separation of duties, collection of information, configuration, and operation auditing mandated by business processes, regulations, and information security standards (PCI-DSS, SOX, HIPAA, etc). Full Alert Lifecycle Management The SIEM provides IT managers with a rich set of tools to manage all the alerts (availability, performance, security, and more), within their infrastructure. Alerts are managed from the moment they surface (identification stage), through ticket opening, analysis, resolution, and verification until the problem is resolved and summarized. Smart Network. Smart Business. 8

Emergency Response Team (ERT) Radware AMS delivers the best attack coverage in the industry for online businesses and data centers. We deliver the widest out-of-the-box protection set. Yet, as attackers are getting more sophisticated by the day, there is a chance that they will launch a new form or type of attack for which the AMS may not be triggered out-of-the-box. For those cases, which are not frequent, the user is required to perform the analysis of the attack traffic and configure protection rules manually. On the other hand, not all users have the skills or the experience in applying security rules in real-time when under attack. That s why we established Radware s Emergency Response Team (ERT) to provide customers with 24x7, security expert services for hands-on attack mitigation assistance to help successfully defend their network against cyber attacks. AMS Product Portfolio The Radware AMS is based upon the following product portfolio: DefensePro Delivers anti-dos, NBA, IPS,and Rep. Engine protection modules. AppWall Radware Web Application Firewall (WAF). APSolute Vision Radware Management solution that includes the advanced Security Information Event Management (SIEM) for security reporting, forensics, alerting, and compliance management. Summary: the Radware Business Advantage Cyber activists and financially motivated attackers are getting sophisticated. They deploy multi-vulnerability attack campaigns making mitigation nearly impossible. No single tool or solution is effective against the broad range of attacks that target every layer of the IT infrastructure the network layer, the servers layer, and the applications layer. With the Radware Attack Mitigation System, online businesses, data centers, and service providers can assure their online presence and maintain productivity thanks to the following solution benefits: Radware AMS is the only solution that can truly defend against emerging cyber attack campaigns that target all IT infrastructure layers. The Emergency Response Team (ERT) offers rapid assistance to customers under attack, and ensures their business is up at all times. AMS offers the lowest cost OpEx and CapEx solution in the industry. 2012 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners. Smart Network. Smart Business. 9 PRD-AMS-Solution-WP-01-2012/02-US

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information