SecurityDAM On-demand, Cloud-based DDoS Mitigation

Similar documents
SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

How To Block A Ddos Attack On A Network With A Firewall

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Check Point DDoS Protector

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

Automated Mitigation of the Largest and Smartest DDoS Attacks

Radware s Attack Mitigation Solution On-line Business Protection

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

TDC s perspective on DDoS threats

Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec. Leonardo Serodio May 2013

DDoS Overview and Incident Response Guide. July 2014

Automated Mitigation of the Largest and Smartest DDoS Attacks

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers

Arbor s Solution for ISP

SHARE THIS WHITEPAPER

DENIAL-OF-SERVICE ATTACKS

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

MANAGED SECURITY SERVICES : IP AGNOSTIC DDOS AN IP AGNOSTIC APPROACH TO DISTRIBUTED DENIAL OF SERVICE DETECTION AND MITIGATION

SURE 5 Zone DDoS PROTECTION SERVICE

Service Description DDoS Mitigation Service

Application Security Backgrounder

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

FortiDDos Size isn t everything

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

DDoS Protection Technology White Paper

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

VALIDATING DDoS THREAT PROTECTION

WHITE PAPER Hybrid Approach to DDoS Mitigation

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

First Line of Defense

Distributed Denial of Service protection

Web Application Defence. Architecture Paper

Complete Protection against Evolving DDoS Threats

First Line of Defense

Ihr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar!

An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators

Technical Series. A Prolexic White Paper. 12 Questions to Ask a DDoS Mitigation Provider

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy

Advantages of Managed Security Services

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

DDoS Threat Report. Chris Beal Chief Security Architect on Twitter

On-Premises DDoS Mitigation for the Enterprise

Stop DDoS Attacks in Minutes

Cloud Security In Your Contingency Plans

Stop DDoS Attacks in Minutes

What to Look for When Choosing a CDN for DDoS Protection Written by Bizety

How Cisco IT Protects Against Distributed Denial of Service Attacks

VERISIGN DDOS PROTECTION SERVICES IN-THE-CLOUD SOLUTION FOR SCALABLE, RELIABLE, AND FLEXIBLE DDOS MONITORING AND MITIGATION

Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013

Corero Network Security First Line of Defense Executive Overview

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

DDoS Mitigation Techniques

CHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Firewalls and Intrusion Detection

For information on our service: Please call us on , visit our website at du.ae/en/business/product-and-services/business-managed-services or

Distributed Denial of Service (DDoS)

NSFOCUS Web Application Firewall White Paper

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

DDoS Protection on the Security Gateway

Business Case for a DDoS Consolidated Solution

Application DDoS Mitigation

How To Protect Yourself From A Dos/Ddos Attack

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd

F5 Silverline DDoS Protection Onboarding: Technical Note

Security Intelligenece: tracking obfuscated and unrecognized attacks Check Point Software Technologies Ltd.

WhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction

Being Ready to Face DDoS Challenge. Vodafone Power to you. DDoS

CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES

Cheap and efficient anti-ddos solution

Technology Brief Demystifying Cloud Security

How To Protect A Dns Authority Server From A Flood Attack

A10 Thunder TPS Hybrid DDoS Protection Deployment with Verisign OpenHybrid

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Analysis of a DDoS Attack

Ganzheitlicher Schutz von Rechenzentren, Web-Servern und Anwendungen

Acquia Cloud Edge Protect Powered by CloudFlare

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Hunting down a DDOS attack

JUNOS DDoS SECURE. Advanced DDoS Mitigation Technology

Securing data centres: How we are positioned as your ISP provider to prevent online attacks.

I D C T E C H N O L O G Y S P O T L I G H T

Networking for Caribbean Development

The Expanding Role of Service Providers in DDoS Mitigation

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

Hillstone Intelligent Next Generation Firewall

KASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection

Data Sheet. DPtech Anti-DDoS Series. Overview

Safeguard Your Internet Presence with Sophisticated DDoS Mitigation

Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report.

Transcription:

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS mitigation... 4 SecurityDAM solution architecture... 5 Attack Mitigation - Step by Step... 6 SecurityDAM vs. traditional solutions... 7 About SecurityDAM... 8 2013 SecurityDAM Ltd. All Rights Reserved. www.securitydam.com +972 3 765-9894 #210001-0413

Introduction In recent years Distributed Denial of Service (DDoS) attacks have become a mainstream threat to businesses, governmental agencies and critical infrastructure worldwide. DDoS attacks have grown in complexity, volume and sophistication. 65 percent of IT security practitioners surveyed recently reported experiencing an average of three DDoS attacks in the past 12 months. i With an average downtime of 54 minutes per attack and the cost amounting to as much as $100,000 per minute - it would have been expected that organizations put into practice preventative measures to protect their networks and business. However, this is far from being the case. Many organizations still employ no DDoS protection at all. Others rely on ISP solutions or use on-premises equipment, which at best can deflect a single type of attack. However, such solutions fail to provide adequate protection against multi-level attacks, and lack the expertise to handle new types of attacks. To ensure business continuity and provide solid DDoS protection, a different, multi-layer approach is needed. Why premise-based DDoS solutions are lacking Distributed Denial of Service attacks can be broadly categorized into two types: Network (volumetric) attacks flood the victim with high volume of packets or IP flows, consuming network equipment and bandwidth resources. Some examples include SYN flood attacks (high packet-per-second attacks), large UDP packet floods (bandwidth attacks), and ICMP floods. Application attacks, also known as low and slow attacks, directly attack the application, exploiting implementation weaknesses and design flaws. Application transactions are generated by real IP addresses and machines and therefore seem real. Some examples include HTTP Get or Post flood attacks, DNS flood attacks and SSL flood attacks. Does Size Matter? When evaluating DDoS attacks, a common misconception is that the bigger the attack, the more severe it is. However, smaller, less intensive attacks can still cause serious damage. For example, a much smaller HTTP flood on the application level may do more damage than a larger UDP flood on the network. What type and size of attack should an organization expect? Unfortunately there is no clear answer. DDoS attacks are so diverse in both type and size that it is impossible to make any kind of accurate prediction. Typically, on-premises solutions are based on security systems such as firewalls. While such systems may have a DDoS mitigation feature, this does not comprise of a true DDoS mitigation solution, since critical functionality is lacking. And yet, the primary shortcoming of on-premises solutions is their inability to SecurityDAM On-demand Cloud-based DDoS Mitigation 3

protect against volumetric attacks. Such attacks completely saturate the link to the organizational network, making it technically impossible to mitigate high-volume attacks from within the network. Another challenge is the ongoing investment required to keep up with the increasingly dynamic and polymorphic DDoS threats. In most cases an internal IT/security group cannot afford to invest the time and resources needed for developing the required expertise. The problem with ISP-based DDoS solutions While offering a convenient solution, stopping DDoS attacks at the ISP level has many drawbacks. First, there s the issue of traffic volume. Using an always on, shared solution approach, an ISP must handle the traffic of all its protected customers. However, during a DDoS attack on a single customer, the same equipment must still handle the drastically increased traffic without affecting other customers. This results in a situation where the ISP simply can't handle the attack. With the need to provide protection to multiple customers and avoid many false positives, ISPs have known to soften their policies and make thresholds more lenient. Consequently, too much traffic may be passed through during attacks. An additional security hole relates to application-level attacks. ISPs have very limited capability protecting against such attacks, since harmful traffic look identical to legitimate user traffic from an ISP point of view. Specific DDoS expertise is another issue. ISPs usually rely on equipment vendors and lack the required expertise to quickly respond to new types of attacks and add new attack signatures. Finally, there s the cost consideration. If an organization is connected through several ISPs, DDoS protection services need to be purchased from each. Mitigating multi-vector attacks, therefore, requires a layered defense approach with more than one security technology in place. It requires specific expertise that are developed and upgraded on an ongoing basis. On-demand cloud DDoS mitigation SecurityDAM takes a different approach. Using a two-tier defense architecture, our solution employs two protection layers - one placed at the customer s site network perimeter, and the other located at the cloud level. The two DDoS protection layers support and complement each other, ensuring the early detection and mitigation of all attack types with minimum disruption to network and business operations. The service is empowered by a dedicated, 24/7 DDoS emergency response team ready to tackle any attack, known or new. SecurityDAM On-demand Cloud-based DDoS Mitigation 4

SecurityDAM solution architecture The SecurityDAM solution is composed of the following main components: CPE (Customer-premises equipment) is a detection and signaling device placed at the edge of the customer s data center. Constantly monitoring network traffic, the CPE learns the traffic patterns to establish a normal behavior baseline. It detects anomalies and DDoS attacks early on and alerts the SecurityDAM Operation Center (SDOC) to initiate the mitigation process. The device independently detects and mitigates low and slow application-level attacks using a range of technologies such as Network Behavioral Analysis (NBA) and Deep Packet Inspection (DPI). SecurityDAM Operation Center (SOC) is a cloud-based scrubbing center, manned by an emergency response team to ensure the fastest analysis and resolution of new attack types. When the network is under a volumetric DDOS attack, traffic is redirected to the scrubbing center for attack mitigation. After filtering, clean traffic is passed back to its original destination. Attack data is collected and stored, enabling real-time monitoring and historical reporting. SDCC (SecurityDAM Control Center) is a management platform providing configuration, provisioning and accounting functions and enabling real time monitoring and analysis of traffic during attacks. Customer s Self-provisioning Portal is web-based portal that provides real-time insight into events, attack characteristics, post-attack reports and statistics. Figure 1 -SecurityDAM's Portal SecurityDAM On-demand Cloud-based DDoS Mitigation 5

Attack Mitigation - Step by Step During a DDoS attack, SecurityDAM employs its two-layered defense system and contextaware approach to optimize the response and return the network to its normal behavior as quickly as possible. 1- Detection & application attack prevention. The CPE at the customer s network constantly monitors traffic and establishes a normal behavior baseline for the network. Any deviations from this baseline are immediately identified as DDoS attacks, with low and slow application-level attacks independently blocked by the CPE device and reported to the Operations center for tracking purposes. Figure 2 - Employing a two-tier defense architecture provides maximum protection for both volumetric network attacks and application low and slow attacks. 2- Traffic redirection. When the CPE detects a volumetric network flood that it cannot handle, it automatically alerts the SecurityDAM operations center (SOC) by sending it the threat details. All network traffic is then diverted to the scrubbing center a process which can either take place automatically, or following an analysis and joint decision by the SecurityDAM emergency response team and the customer. Traffic redirection is carried out via a BGP notice (for autonomous systems), or DNS redirect (for other networks). An optional FastLane service enables implementing granular DDoS mitigation so that during network attacks, traffic from pre-defined trusted sources is never blocked. Such traffic is routed to dedicated servers to ensure un-interrupted business continuity. SecurityDAM On-demand Cloud-based DDoS Mitigation 6

3- Traffic cleansing. Incoming traffic (including SSL flows if relevant) is scrubbed for illegitimate flows and packets. The process is analyzed by SecurityDAM security experts, who may also update security signatures if needed. Legitimate traffic is channeled back to the attacked site via a GRE tunnel. 4- Return to normal operation. Once security experts conclude that the attack has ended, traffic is diverted back directly to its normal routing and paths. 5- Reporting. Data collected throughout the process enables viewing statistics related to the attack type, duration and so on through the customer s portal. SecurityDAM vs. traditional solutions Network-level attacks Application-level attacks Cost Coverage and response time to DDoS attacks Ongoing DDoS protection On-premises solutions ISP-based Solutions SecurityDAM Solutions deployed within An ISP must be able to the organization s handle massive network perimeter cannot protect attacks and keep the the Internet pipe from pipe open for multiple saturation, therefore will clients. fail. Standard security systems may fail to recognize application-level attacks. Capital investment required in dedicated DDoS mitigation equipment. Long update cycles with no emergency mechanism to handle new attack types. Continuous investment in resources and education is required to keep up with technology and DDoS attack advancements. From an ISP point of view, harmful traffic look identical to legitimate user traffic, preventing the identification of attacks. High ongoing payments - without the assurance of adequate protection during an attack. Rely on 3 rd party equipment without the expertise for real-time deep analysis and updates. ISPs core business is providing internet connectivity, therefore cannot be expected to focus on DDoS innovations. The cloud-based scrubbing center efficiently mitigates volumetric DDoS network attacks. CPE device instantly identifies and deflects any application-level attacks. Managed service with zero up-front investment. 24/7 dedicated team of DDoS security experts, providing real-time response and dynamic updates during attacks, while using the most upto-date mitigation equipment. A dedicated security expert team 100% focused on DDoS attacks and always up-to-date with the latest developments in attacks and mitigation. SecurityDAM On-demand Cloud-based DDoS Mitigation 7

About SecurityDAM Security Dam provides world-class MSSP cloud-based solutions mitigating Distributed Denial of Service (DDoS) attacks on enterprise networks. Founded by a team of security experts, Security Dam is a member of the RAD group. For more information, see www.securitydam.com. i The research for Cyber Security on the Offense: A Study of IT Security Experts, November 2012, by the Ponemon Institute and Radware. SecurityDAM On-demand Cloud-based DDoS Mitigation 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information