Mitigating the DDoS Threat with Cisco FirePower 9300

Similar documents
SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

SecurityDAM On-demand, Cloud-based DDoS Mitigation

How To Protect Yourself From A Dos/Ddos Attack

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

A Layperson s Guide To DoS Attacks

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd

DDoS Protection Technology White Paper

Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Radware s Attack Mitigation Solution On-line Business Protection

Reference Architecture: Enterprise Security For The Cloud

Radware s Behavioral Server Cracking Protection

The Hillstone and Trend Micro Joint Solution

Symantec Advanced Threat Protection: Network

VALIDATING DDoS THREAT PROTECTION

Securing Your Business with DNS Servers That Protect Themselves

Endpoint Threat Detection without the Pain

DefensePro Whitepaper Fighting Cybercrime: Rethinking Application Security By Ron Meyran

Four Steps to Defeat a DDoS Attack

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

How To Mitigate A Ddos Attack

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Cisco IPS Tuning Overview

Complete Protection against Evolving DDoS Threats

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Protecting the Infrastructure: Symantec Web Gateway

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

Types of cyber-attacks. And how to prevent them

Four Steps to Defeat a DDoS Attack

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

TLP WHITE. Denial of service attacks: what you need to know

JUNOS DDoS SECURE. Advanced DDoS Mitigation Technology

Content Security: Protect Your Network with Five Must-Haves

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

TDC s perspective on DDoS threats

How To Stop A Ddos Attack On A Website From Being Successful

WHITE PAPER. Understanding How File Size Affects Malware Detection

SHARE THIS WHITEPAPER

On-Premises DDoS Mitigation for the Enterprise

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

NSFOCUS Web Application Firewall White Paper

Beyond the Hype: Advanced Persistent Threats

Ferramentas de Ataques de DDoS e a Evolução de ameaças a disponibilidade contra serviços Internet. Julio Arruda Gerente America Latina Engenharia

Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014

Securing Your Business with DNS Servers That Protect Themselves

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic

Achieve Deeper Network Security

Analyzing HTTP/HTTPS Traffic Logs

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

WHITE PAPER Hybrid Approach to DDoS Mitigation

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

The Business Case for Security Information Management

Load Balancing Security Gateways WHITE PAPER

Cisco RSA Announcement Update

Active Threat Control

A Critical Investigation of Botnet

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

Fighting Advanced Threats

Cloud Based Secure Web Gateway

Anti Spam Best Practices

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

First Line of Defense to Protect Critical Infrastructure

Security Solutions for the New Threads

CHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Networking for Caribbean Development

The Growing Problem of Outbound Spam

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Requirements When Considering a Next- Generation Firewall

How Cisco IT Protects Against Distributed Denial of Service Attacks

10 Things Every Web Application Firewall Should Provide Share this ebook

Check Point DDoS Protector

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

TEST METHODOLOGY. Distributed Denial-of-Service (DDoS) Prevention. v2.0

FortiDDos Size isn t everything

IndusGuard Web Application Firewall Test Drive User Registration

Transcription:

SHARE THIS WHITEPAPER Mitigating the DDoS Threat with Cisco FirePower 9300 Whitepaper

Table of Contents What You Need to Know about DDoS Attacks...3 Attack Tools...3 Botnets as a DDoS Tool...3 The Threat Landscape Has Evolved...4 DDoS Attacks Mitigation Approaches...4 Introducing Cisco FirePower 9300 DDoS Mitigation by Radware...5 What is Radware s DDoS Mitigation Solution?...5 Why Radware DDoS Mitigation?...5 Always On Deployment for Service Providers...5 Summary...6 2

What You Need to Know about DDoS Attacks Mitigating the DDoS Threat with Cisco FirePower 9300 Whitepaper DDoS attacks are no longer a nuisance with no lasting damage. Organizations that ignore the DDoS threat quickly discover the high costs associated with these attacks from service degradation to total outage. According to the Aberdeen Group, the cost of a one second delay in a website load time translates to a 7% reduction in conversion rates and $2.5 million in losses per year. Correspondently the cost of outage reaches $0.5 million per hour. A distributed denial of service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. It targets a wide variety of important network and application resources and presents a major challenge to making sure people can publish and access important information. Attack Tools In the past year attackers have developed multiple types of tools to create service denial. Some tools are deployed from a single host such as Slowloris and R U Dead Yet? (R.U.D.Y.); some are deployed from multiple sources such as a Low Orbit Ion Cannon (LOIC). There are dedicated tools designed for attack while others are testing solutions such as hping that are converted for the sake of creating damage. What do they all have in common? The intent to exploit vulnerabilities and weaknesses in the design of applications and networks, aiming to consume resources on behalf of legitimate users. Botnets as a DDoS Tool Regardless of the attack tool used, the ability to launch an attack from multiple computers whether it is hundreds, thousands or millions significantly amplifies the potential of an attack to cause denial of service. Attackers often have botnets at their disposal. Botnets are collections of compromised computers, often referred to as zombies, that are infected with malware allowing an attacker to control them. Botnet owners, or herders, are able to control the machines in the botnet by means of a covert channel, such as IRC (Internet Relay Chat), issuing commands to perform malicious activities. Such activities may include distributed denial-of-service (DDoS) attacks, distribution of spam mail and information theft. IRC Server Misuse of Service Resources BOT Command Attacker Public Web Servers Figure 1: a botnet diagram depicting a set of compromised hosts that are remote controlled by the attacker to send large volume of HTTP GET requests to misuse the victim web server s resources. 3

The Threat Landscape Has Evolved Attackers and attacks have evolved in multiple dimensions: Attacks are longer, more complex and continuous - Attackers are deploying multi-vector (e.g., different types) attack campaigns that target all layers of the victim s IT infrastructure, including the network, server and application layers. Attackers are more patient and persistent - leveraging low & slow attack techniques that misuse the application resource rather than resources in the network stacks. They also use more evasive techniques to avoid detection and mitigation including SSL- based attacks and attacks launched from behind CDNs or proxy servers. Attacks are harder to detect and mitigate Rate-based detection solutions become useless when facing low & slow attack vectors and application misuse attacks that imitate real user traffic. Mitigation attempts often result in the blocking of legitimate user traffic since most mitigation tools block attacks based on source IP addresses and not attack pattern. DDoS Attacks Mitigation Approaches Recent DDoS attacks taught us that traditional network security solutions such as firewall, IPS and WAF cannot stop DDoS attacks. Organizations that recently became the victim of DDoS attacks had firewalls and IPS devices implemented and yet availability of services was affected, resulting in significant downtime. Although firewall, IPS and WAF solutions have an essential role in providing security to organizations, they are only one piece of the puzzle and are not designed to handle today s emerging DDoS threats. Organizations that want to guarantee the availability of online services from DDoS attacks should consider a dedicated DDoS attack mitigation solution that is specifically designed to deal with today s emerging threats. There are three approaches to DDoS attack mitigation: on premise, cloud and hybrid. On-premise - When a DDoS solution is deployed on premise, organizations benefit from an immediate and automatic attack detection and mitigation solution. Within seconds from the start of an attack, the online services are well protected and the attack is mitigated. However, on premise DDoS solutions cannot handle volumetric network floods that saturate the Internet pipe of the enterprise. Such attacks must be mitigated from the cloud. Cloud - Often referred to as clean pipe, this type of mitigation is guaranteed to block network flood attacks from ever reaching the organization s network or data center, as attacks are mitigated before they reach the connection between the ISP/MSSP and the organization. However, cloud-based DDoS mitigation services cannot block application DDoS attacks nor do they provide the detection layer as they are primarily focused on mitigation. Hybrid - Hybrid DDoS solutions offer best-of-breed attack mitigation by combining on premise and cloud mitigation into a single, integrated solution. A typical hybrid solution is depicted in Figure 2. With a hybrid solution, attack detection and mitigation starts immediately using the on premise mitigation device to prevent availability-based attacks from harming the application layer (Steps 1 and 2). In case of a pipe saturation threat, the hybrid solution activates the cloud mitigation (Step 3) and the traffic is diverted to the cloud, where it is scrubbed before being sent back to the enterprise (Step 4). Ideally, a hybrid solution also shares essential information about the attack between on premise mitigation devices and cloud devices (Step 3) to accelerate and enhance attack mitigation once it reaches the cloud. 4

Cloud Perimeter LAN 4 Cloud Scrubbing 3 Defense Messaging 1 2 Internet Figure 2: Hybrid DDoS mitigation approach Introducing Cisco FirePower 9300 DDoS Mitigation by Radware What is Radware s DDoS Mitigation Solution? Radware s DDoS Mitigation solution for Cisco FirePower 9300 appliance detects all DDoS attacks and mitigates them in seconds all without blocking legitimate user traffic. It protects network infrastructure and data centers against network and application downtime (or slow time), network anomalies and network and application scanning. Radware DDoS Mitigation helps service providers win the ongoing security battle against availability attacks by detecting and mitigating known and zero-day DoS/DDoS attacks in real-time. It protects against other security threats that go undetected by traditional DDoS mitigation tools that rely on rate-based threshold for detection. Radware s DDoS Mitigation provides full protection against the DoS/DDoS threat with the shortest mitigation time and broadest possible attack coverage. Radware provides a hybrid solution that combines on premise and cloud-based mitigation tools in a single integrated solution that is designed to mitigate multiple attack vectors occurring in parallel. Why Radware DDoS Mitigation? The Radware DDoS Mitigation solution includes a comprehensive set of three essential security modules anti-ddos, network behavioral analysis (NBA) and a signature detection engine - to protect the application infrastructure against known and emerging network security attacks. It employs multiple detection and mitigation modules including adaptive behavioral analysis, challenge response technologies and signature detection. Compared to stand-alone solutions, the synergy of multiple security modules on a single platform enables more effective protection against attackers attempting to compromise business assets while providing unified reporting, forensics and compliance. Radware DDoS Mitigation consists of patent protected, adaptive, behavioral-based, real-time signature technology that detects and mitigates emerging network attacks, zero-minute, DoS/DDoS, application misuse attacks, network scanning and malware spread. It eliminates the need for human intervention and does not block legitimate user traffic. Always On Deployment for Service Providers Radware DDoS Mitigation can be deployed as an Always On solution where a FirePower 9300 appliance with a DDoS Mitigation module is deployed at the customer perimeter (on-premises appliance) and at the service provider s peering points or core network. The on-premise FirePower appliance ensures that the customer network is constantly protected by providing accurate real-time detection and mitigation of multi-vector DDoS attacks that wouldn t be possible using only a 5

cloud-based DDoS mitigation solution. Only volumetric attacks, where the customer s Internet pipe is saturated, is when service providers may decide to move mitigation either to the core network FirePower appliances or Radware s cloud-based scrubbing center (DefensePipe), thereby clearing attack traffic before it reaches the customer s Internet pipe. This enables a smooth transition between mitigation options assuring immediate protection with no disruption gaps and without adding the scrubbing center latency. Internet Perimeter Data Center Volumetric Attacks Mitigation in the Cloud No Protection Gap Defense Messaging Solution Highlights Network and Application DDoS Attacks Protection Most Accurate Detection & Mitigation Shortest Time to Mitigate Unified Communications CRM BI FirePower 9300 ADC Web Portals Mail Figure 3: An enterprise use case with on-premises FirePower for DDoS Mitigation and in-the-cloud protection against volumetric attacks Defense Messaging enables sharing of attack information between the on premise solution and scrubbing center appliances. This allows the solution to maintain continual and accurate mitigation even when diverting the traffic to the cloud for scrubbing. Summary DDoS attacks cause organizations to lose revenue and increase operational costs. Attackers are more sophisticated and leveraging multi-vector attack campaigns. Radware s DDoS Protection solution offers a hybrid, multi-layered mitigation solution with industry-leading network and application DDoS attack mitigation. Radware s hybrid solution provides the shortest time to mitigation, providing across-the-board detection and mitigation to stop multi-vector DDoS attacks instantaneously. Solution Benefits: Full Coverage - able to detect and mitigate all types of DoS/ DDoS flood attacks o Network DDoS attacks o Application DDoS attacks o Known attack tools High Accuracy o Minimal false positives with patent-protected behavioral analysis technology o Real-time signatures and selective challenge-response mechanism for high mitigation accuracy Shortest Time o All attacks are detected on premise and in real-time o Protection starts in seconds This document is provided for information purposes only. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law. Radware specifically disclaims any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. The technologies, functionalities, services, or processes described herein are subject to change without notice. 2016 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners. PRD-DDoS_Mitigation_Cisco_FP9300-WP-01-2016/01-US 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information