KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks



Similar documents
KASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

STATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

Stop DDoS Attacks in Minutes

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Automated Mitigation of the Largest and Smartest DDoS Attacks

Stop DDoS Attacks in Minutes

Chapter 11 Cloud Application Development

How to Evaluate DDoS Mitigation Providers:

Service Description DDoS Mitigation Service

MANAGED SECURITY SERVICES : IP AGNOSTIC DDOS AN IP AGNOSTIC APPROACH TO DISTRIBUTED DENIAL OF SERVICE DETECTION AND MITIGATION

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Quality Certificate for Kaspersky DDoS Prevention Software

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

How To Protect Yourself From A Dos/Ddos Attack

Cloud Security In Your Contingency Plans

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

How To Block A Ddos Attack On A Network With A Firewall

Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec. Leonardo Serodio May 2013

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

F5 Silverline DDoS Protection Onboarding: Technical Note

Kaspersky DDoS Prevention

DDoS Attack Mitigation Report. Media & Entertainment Finance, Banking & Insurance. Retail

DDoS Overview and Incident Response Guide. July 2014

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

How To Protect A Dns Authority Server From A Flood Attack

Automated Mitigation of the Largest and Smartest DDoS Attacks

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES

Acquia Cloud Edge Protect Powered by CloudFlare

A Layperson s Guide To DoS Attacks

Complete Protection against Evolving DDoS Threats

CloudFlare advanced DDoS protection

Web Request Routing. Technical Brief. What s the best option for your web security deployment?

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

WAN Traffic Management with PowerLink Pro100

On-Premises DDoS Mitigation for the Enterprise

Web Application Defence. Architecture Paper

Captaining datacenter security: putting you at the helm

The Reverse Firewall: Defeating DDOS Attacks Emanating from a Local Area Network

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper

Huawei Eudemon200E-N Next-Generation Firewall

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Why an Intelligent WAN Solution is Essential for Mission Critical Networks

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

World-class security solutions for your business. Kaspersky. OpenSpaceSecurity

Why Is DDoS Prevention a Challenge?

CMPT 471 Networking II

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

Concierge SIEM Reporting Overview

Technical Series. A Prolexic White Paper. 12 Questions to Ask a DDoS Mitigation Provider

SURE 5 Zone DDoS PROTECTION SERVICE

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Security - A Holistic Approach to SMBs

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

BEST PRACTICES. Security Controls.

FortiDDos Size isn t everything

CuTTIng ComplexITy simplifying security

How Cisco IT Protects Against Distributed Denial of Service Attacks

Fighting Advanced Threats

Stop DDoS Attacks in Minutes

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy

First Line of Defense to Protect Critical Infrastructure

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers

STATE OF DNS AVAILABILITY REPORT

Security. 26 November 2012 Vol.18 No11

Executive Suite Series A Prolexic White Paper

Radware s Attack Mitigation Solution On-line Business Protection

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

How To Protect Your Network From Attack From A Hacker On A University Server

WHITE PAPER Hybrid Approach to DDoS Mitigation

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

E-Guide. Sponsored By:

RESELLER BRANDING BEST PRACTICE GUIDE TO MAIL & WEB.


Application Visibility and Monitoring >

First Line of Defense

Denial of Service Attacks

JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE

DDOS in academic Networks. Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014

Pravail 2.0 Technical Overview. Exclusive Networks

Man, Machine and DDoS Mitigation

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

Security for Small Businesses: What's the Right Solution For You?

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

Transcription:

KASPERSKY DDOS PROTECTION Discover how Kaspersky Lab defends businesses against DDoS attacks

CYBERCRIMINALS ARE TARGETING BUSINESSES If your business has ever suffered a Distributed Denial of Service (DDoS) attack, you ll already know that the financial and reputational costs can be devastating. However, even if your business has been lucky enough to escape the attentions of the cybercriminals and hackers that launch these attacks, the outlook for the future may not be so positive. THE VOLUME AND SEVERITY OF ATTACKS IS INCREASING Unfortunately, in recent years, the cost of launching a DDoS attack has fallen significantly and that means more attacks are being initiated than ever before. At the same time, today s attacks are more complex and they re at a scale that can overwhelm the target business s communications bandwidth in just a few seconds almost instantly debilitating vital, internal business processes and totally disabling the victim business s online presence. FOREWARNED IS FOREARMED With all sizes of business relying on their IT infrastructure and website to underpin almost all of their mission-critical processes, extended downtime that can result from a DDoS attack is not an option. Clearly, with the volume, scale and severity of modern attacks, it s no longer viable for any business to put off any thoughts of DDoS protection and mitigation until the point at which their infrastructure is already under attack. Instead, businesses and public sector organizations need to be aware of the threats and ensure they have adequate DDoS defense measures in place. DDOS ATTACK METHODS Cybercriminals and hackers are using a number of different techniques to implement DDoS attacks that disable or overload the target business s IT infrastructure. VOLUMETRIC ATTACKS These attacks are increasingly common. By generating traffic levels that exceed the target business s available bandwidth, the attack saturates the capacity of the victim s corporate connection and that disables or delays all online activities. APPLICATION LAYER ATTACKS Application layer attacks try to crash the servers that are running vital applications such as the web servers that the victim s online presence depends on. OTHER INFRASTRUCTURE ATTACKS Attacks that aim to disable network equipment and / or server operating systems can totally halt the operation of key business processes. HYBRID ATTACKS Cybercriminals also launch complex attacks that combine several methods including volumetric, application layer and infrastructure attack techniques. Every business needs to have an anti-ddos strategy ready to go live as soon as an attack is detected. Then, in the event of an attack, the business will be able to mitigate the effects without delay in order to: Minimize downtime for business-critical infrastructure & processes Ensure customers can continue to access online services Maintain productivity for employees Minimize reputational damage 3

THE TOTAL DEFENSE AND MITIGATION SOLUTION HOW KASPERSKY DDOS PROTECTION WORKS Protection delivers a total, integrated DDoS attack protection and mitigation solution that takes care of every stage that s necessary to defend your business. From continuous analysis of all of your online traffic, through to alerting you about the possible presence of an attack and then receiving your redirected traffic, cleaning your traffic and returning clean traffic to you, Protection provides everything your business needs to defend against and mitigate the effects of all types of DDoS attacks. KASPERSKY DDOS PROTECTION INCLUDES: Kaspersky Lab sensor software that runs within your IT infrastructure The services of our global network of data traffic cleaning centers Support from our Security Operations and DDoS protection experts Detailed, post-attack analysis and reports Kaspersky Lab s sensor software collects information about all of your communications traffic 4x7x365. The sensor is installed as close as possible to the resource that you wish to protect and it continuously gathers data about your traffic, including: Header data Protocol types Number of bytes sent and received Number of packets sent and received Activities and behavior of every visitor to your website All metadata about your traffic All of this information is sent to Kaspersky Lab s cloud-based servers, where it is analyzed so that we can build up profiles of how typical visitors behave and profiles of your typical traffic and how that traffic can vary according to the time of day and the day of the week, plus how special events can affect your traffic patterns. With this detailed understanding of your normal traffic conditions and normal visitor behaviors, our cloud-based servers can accurately assess your live traffic conditions in real time and rapidly identify anomalies that can indicate that an attack has been launched against your business. In addition, our threat intelligence experts continuously monitor the DDoS threat landscape in order to identify new attacks. This specialist intelligence helps to ensure Kaspersky Lab customers benefit from a rapid response to the launch of an attack. AVOIDING FALSE ALARMS THEN CLEANING YOUR TRAFFIC As soon as a possible attack against your business is identified by our servers or our intelligence experts, Kaspersky Lab s Security Operations will receive an alert. To help avoid false alarms and unnecessary disruptions for your business Kaspersky Lab engineers check to confirm that the traffic anomaly or suspicious behavior has resulted from a DDoS attack. Then, our engineers immediately contact your business to recommend that your traffic is redirected to our network of cleaning centers. During the attack, with all of your traffic now passing through one of our cleaning centers: Your infrastructure is no longer being overwhelmed by the sheer volume of junk traffic Our cleaning process discards all junk traffic Legitimate traffic is delivered back to you from our network of cleaning centers and the entire process is totally transparent to your employees and customers. 4 5

SETTING UP PROTECTION IS QUICK AND EASY When you choose Protection, there s a small number of set up tasks before your 4x7 monitoring and your live attack communications channels are established. Kaspersky Lab and its partners can take care of as much or as little of the set up process as you require. If you require a turnkey solution, Kaspersky Lab and its partners can cover the vast majority of set up procedures including: Installing the sensor software and hardware on your site Setting up traffic redirection to our cleaning centers Setting up clean traffic delivery to your business then, all you ll need to provide is a separate channel to the sensor so that Protection can continue to collect data when your main channel has been disabled by an attack. THE SENSOR ENABLING 4X7 MONITORING Kaspersky Lab s sensor software is supplied complete with a standard Ubuntu Linux operating system. Because the sensor software runs on a standard x86 server or on a virtual machine * there s no special hardware for you to maintain. and outgoing traffic. It analyses each packet s headers and sends information to the Protection cloud servers where we build statistical profiles of normal traffic behavior and normal visitor behavior for your business. GENERIC ROUTING ENCAPSULATION (GRE) VIRTUAL TUNNELS Whichever redirection method is best for your business, GRE virtual are used to enable communication between your border gateway or router and each relevant Protection cleaning center. CHOOSING BETWEEN BGP AND DNS In the event of a DDoS attack being launched against your business, all of your traffic can be rerouted to one of our cleaning centers. The GRE virtual are then used to deliver the cleaned traffic from our cleaning centers, to your business. Whether you set up your traffic redirection via BGP or DNS, will largely depend on the nature of your corporate IT and communications infrastructure: For BGP, you ll need to have: A provider-independent network that includes the resources that you wish to protect An autonomous system and most large businesses are able to meet these criteria. For DNS, you ll need to be able to: Manage your own domain zone for the resources that you re looking to protect Set the Time to Live (TTL) for DNS records to 5 minutes Generally, during an attack, the BGP method achieves faster redirection of traffic so BGP is often the preferred method for most businesses. Because the sensor is connected to the (ed Port Analyzer) port, it s able to get the best possible view of all traffic that s flowing into and out of the resource that it s protecting. As soon as the sensor is connected to your infrastructure, it starts collecting data on your incoming In order to maintain privacy for your communications and help with your compliance commitments the sensor does not capture the content of any of the messages within your communications traffic. The sensor only gathers data about your traffic so the confidentiality of your messages is never compromised by any of Protection s processes. *The virtual machine must meet or exceed the minimum performance requirements specified by Kaspersky Lab. TRAFFIC REDIRECTION During normal conditions while the cloud-based Protection servers are monitoring for any signs of a DDoS attack your traffic is delivered directly to your corporate network. Your traffic is only redirected to our global network of cleaning centers after an attack has been detected and your business has confirmed that it wishes to redirect its traffic. Protection gives you a choice of redirection methods: Border Gateway Protocol (BGP) Domain Name System (DNS) 6 7

HOW BGP REDIRECTION WORKS BGP Mitigation MONITORING In monitoring mode, all of your traffic is delivered directly to your business. However, the GRE virtual are in live operation with your routers and our BGP routers frequently exchanging status information so the Protection cleaning centers are ready to receive your redirected traffic whenever necessary. BGP announce Through KDP BGP Monitoring ISP AFTER AN ATTACK When the attack has ceased, your traffic is once more sent direct to your business. The sensor continues to gather data about your traffic and constantly passes this data to our cloud-based servers, so that we can continuously refine our behavior profiles for your normal traffic conditions. The virtual remain live exchanging status information between your routers and Kaspersky Lab s routers so that Protection is ready to act if another attack is launched against your business and you choose to redirect your traffic again. Kaspersky Lab s experts will also provide you with detailed, post-attack analysis and reporting on exactly: What happened during the attack How long the attack lasted How Protection dealt with the attack DURING AN ATTACK When a traffic anomaly is identified by Kaspersky Lab s sensor and the start of an attack is confirmed by Kaspersky Lab s engineers you can choose to redirect all of your traffic to a Protection cleaning center. Throughout the attack, the Kaspersky Lab sensor will continue to gather information and send it for analysis by the cloud-based Protection servers. 8 9

HOW DNS REDIRECTION WORKS DNS Mitigation MONITORING During initial set up, Kaspersky Lab allocates one of its pool of Protection IP addresses to your business. This address will be used in the event of an attack. In monitoring mode, all of your traffic is delivered directly to your business via its normal IP address / addresses. However, the GRE virtual are in live operation with your routers and our BGP routers frequently exchanging status information so the Protection cleaning centers are ready to receive your redirected traffic whenever necessary. DNS points to KDP IP addresses NAT DNS Monitoring ISP DNS points to client s external IPs AFTER AN ATTACK When the attack has ceased, you can unblock your original IP address and change the DNS A record so that your traffic is once more sent direct to your business. The Kaspersky Lab sensor continues to gather data about your traffic and constantly passes this data to our cloud-based servers, so that we can continuously refine our behavior profiles for your normal traffic conditions. The virtual remain live exchanging status information between your routers and Kaspersky Lab s routers so that Protection is ready to act if another attack is launched against your business and you choose to redirect your traffic again. Kaspersky Lab s experts will also provide you with detailed, post-attack analysis and reporting on exactly: DURING AN ATTACK What happened during the attack How long the attack lasted How Protection dealt with the attack When a traffic anomaly is identified by Kaspersky Lab s sensor and the start of an attack is confirmed by Kaspersky Lab s engineers you simply change your business s IP address in the DNS A record so that your business is now using the Protection IP address that was allocated to you during initial set up. At the same time, because hackers can directly attack your IP address, your ISP must block all traffic to your original IP address with the exception of communications with Kaspersky Lab s DDoS Protection infrastructure. Having changed your IP address, all your traffic is redirected to Kaspersky Lab s cleaning centers. Clean traffic is then delivered back to your business from our cleaning centers via the GRE virtual. 0

THREAT INTELLIGENCE FOR EVEN BETTER DEFENSE There is another important defense component within Protection and it s a component that other vendors cannot match. Kaspersky Lab is the first anti-malware vendor to provide a DDoS protection solution and that means no other anti-ddos supplier can match the expertise and scale of our in-house security intelligence department and infrastructure. As part of their work on cutting-edge IT security, our threat intelligence experts continuously monitor the threat landscape to identify new malware and emerging threats. The same experts and the same sophisticated methods are also used to monitor the DDoS threat landscape. This specialist intelligence helps us to achieve earlier detection of DDoS attacks so your business can benefit from more rapid protection. MULTI-LAYERED PROTECTION With a unique combination of continuous traffic monitoring, statistical analysis and behavior analysis plus our specialist, proactive DDoS attack intelligence we deliver a more rigorous DDoS protection solution. Twitter.com/ Kaspersky Facebook.com/ Kaspersky Youtube.com/ Kaspersky Kaspersky Lab ZAO, Moscow, Russia www.kaspersky.com All about security: www.securelist.com Find a partner near you: www.kaspersky.com/buyoffline 04 Kaspersky Lab ZAO. All rights reserved. Registered trademarks and service marks are the property of their respective owners. DataSheet_DDoS/August4/Global

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information