THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure
|
|
- Patricia Glenn
- 5 years ago
- Views:
Transcription
1 THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS Junos WebApp Secure Junos Spotlight Secure
2 INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two years through insecure Web apps. Ponemon Institute 2
3 THE COST OF AN ATTACK PONEMON INSTITUTE AVERAGE BREACH COSTS $214 PER RECORD STOLEN Sony Stolen Records 100M Theft Sony Lawsuits $1-2B Reputation Revenue Sony Direct Costs $171M 23 day network closure Lost customers Security improvements 3
4 FIRST, A LITTLE HISTORY Junos WebApp Secure, formerly Mykonos was created by the Mykonos team to fill the perceived gap in existing Web Application Firewalls. Acquired by Juniper Networks in early Renamed Junos WebApp Secure (JWAS) at RSA in March
5 UNDERSTANDING WEB APPLICATION ATTACKS The Reconnaissance Phase Library IP Scan Attacks Script run against multiple sites seeking a specific vulnerability. Targeted Scans Targets a specific site for any vulnerability. Scripts Kiddie & Tool Exploits Generic scripts and tools against one site. The Attack Phase Botnet Script loaded onto a bot network to carry out attack. Human Advanced Hacker Persistent Sophisticated, targeted attack (APT). Low and slow to avoid detection. JAN JUN E DE C 5
6 WEB APPLICATION ATTACKS: RECON IP Scanning: Usually looking for a single known vulnerability across many, many, sites. Attacker looking for any target of opportunity rather than trying to attack a specific target. Targeted Scan: Usually targeting a specific site looking for any possible vulnerability. May try to exploit any of hundreds, or even thousands, of known attack vectors Attacker looking to exploit a specific target. 6
7 WEB APPLICATION ATTACKS: ATTACK SCENARIOS Tools and scripts: Many tools and scripts available. Can often be semi-automated from either an IP or targeted scan. Botnets: Distributing scans, or attacks, across hundreds, or even thousands, of machines, vastly speeding up scanning for vulnerabilities and exploiting vulnerable systems. Live Attacker: The Advanced Persistent Threat (APT). The slowest and most resource intensive kind of attack, but often the most successful and hardest to detect. Live attackers can find holes that an automated tool or script may not be aware of. 7
8 WEB APP SECURITY TECHNOLOGY Web Application Firewall Web Intrusion Deception System Detection Signatures Tar Traps Tracking IP address Browser, software and scripts Profiling IP address Browser, software and scripts Responses Block IP Block, warn and deceive attacker PCI Section 6.6 8
9 THE JUNOS WEBAPP SECURE ADVANTAGE DECEPTION-BASED SECURITY Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive. 9
10 DETECTION BY DECEPTION Tar Traps Query String Parameters Network Perimeter Hidden Input Fields Client Firewall App Server Database Server Configuration 10
11 DECEPTION IN DEPTH: ATTACK SURFACES Attack Surface: All of the places where an attacker might find leverage to compromise a target Deception: The art of making something look like something else. Deceptive Attack Surface: Adding features that look like potential targets but, in reality, were placed by JWAS to trap a potential attacker. We call them Tar Traps 11
12 DECEPTION IN DEPTH: QUERY STRINGS Query String Manipulation: The actual query string The trapped query string The m4=true parameter is added by JWAS outbound to the client, and then stripped on the way back to the application server. The App Server never sees it, but any manipulation will trigger an incident. 12
13 DECEPTION IN DEPTH: HIDDEN FIELDS Hidden Form Fields: Inserted form field: <input type= hidden name= debug value = true > This field is inserted by JWAS outbound to the client and removed on the way back to the server. This field will not appear in a normal browser, but would look like a good target to a live attacker. Many attack scripts will manipulate hidden fields as part of their attack, and any manipulation will trigger an incident. 13
14 DECEPTION IN DEPTH: FAKE JAVASCRIPT Hidden Javascript: Adding fake javascript to the source gives an attacker more potential targets, all of which are fake. The actual page: <TITLE> Mike s old Personal Home Page</TITLE> <BODY BACKGROUND="./images/bg.gif" font color="#000000"> <CENTER><H1>Mike s Personal Page</H1></CENTER> With fake code injected: <TITLE> Mike s old Personal Home Page</TITLE> <script type="text/javascript" src="/geoserv.js"></script> <script type="text/javascript" src="/ihflakb.js"></script> <script type="text/javascript">document.sw_ver='qkic1aaqou2np2ekcnl9kq';</script> <link rel="stylesheet" href="/overhang.css"/></head> <BODY BACKGROUND="./images/bg.gif" font color="#000000"> <CENTER><H1>Mike s Personal Page</H1></CENTER> 14
15 DECEPTION IN DEPTH: FAKE CONFIGURATION FILES <files "sitemap_internal.txt"> AuthUserFile /var/www/public_html/.htpasswd AuthType Basic AuthName "Sitemap" require valid-user </files> Server configuration files can be a source of valuable information for an attacker. In this case, an Apache.htaccess file showing a protected resource. This resource doesn t exist. This configuration file was created by JWAS to give a potential attacker another false trail to follow. 15
16 TRACK ATTACKERS BEYOND THE IP Track IP Address Track Browser Attacks Persistent Token Capacity to persist in all browsers including various privacy control features. Track Software and Script Attacks Fingerprinting HTTP communications. 16
17 TRACKING ATTACKERS: IN DEPTH IP Addresses are not enough: Attackers can use dynamic IP s, proxies, the TOR network, etc., all of which make IP address a data point rather than a positive identification. Tracking other parameters: JWAS uses multiple parameters to track both browsers and scripts. Supercookies System profiles Network parameters Different parameters available from different systems Attacker profiles can be consolidated based on fingerprints and behaviors. 17
18 PROFILE EVERY ATTACKER Every attacker assigned a name Incident history Attacker threat level 18
19 CUSTOMIZABLE ATTACKER PROFILES Attacker profiles are customizable and let operators add case notes, etc., to the attacker s profile. As well as custom names and icons. 19
20 JUNOS SPOTLIGHT SECURE Junos Spotlight Secure Global Attacker Intelligence Service Attacker from San Francisco Junos WebApp Secure protected site in UK Attacker fingerprint uploaded Attacker fingerprint available for all sites protected by Junos WebApp Secure Detect Anywhere, Stop Everywhere 20
21 FINGERPRINT OF AN ATTACKER Timezone Browser version Fonts Browser add-ons 200+ attributes used to create the fingerprint. ~ Real Time availability of fingerprints IP Address False Positives nearly zero 21
22 SMART PROFILE OF ATTACKER Attacker local name (on machine) Attacker global name (in Spotlight) Attacker threat level Incident history 22
23 RESPOND AND DECEIVE Junos WebApp Secure Responses Human Hacker Botnet Targeted Scan IP Scan Scripts &Tools Exploits Warn attacker Block user Force CAPTCHA Slow connection Simulate broken application Force log-out All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat. 23
24 SECURITY ADMINISTRATION Web-based console Real-time On-demand threat information SMTP alerting Reporting (Pdf, HTML) CLI for exporting data into SIEM tool 24
25 UNIFIED PROTECTION ACROSS PLATFORMS Internal Virtualized Cloud 25
26 THE CLASSICAL PERIMETER Network Perimeter Client Firewall App Server Database The Network Perimeter may consist of conventional Firewalls, NAT Gateways, Load Balancers, or other edge devices. 26
27 JWAS INSERTED BETWEEN THE PERIMETER AND THE APPLICATION SERVERS Network Perimeter Client Firewall App Server Database A JWAS Appliance lives between the Network Perimeter and the protected Application Servers 27
28 OVERVIEW: CONFIGURATION Junos WebApp Secure: Installation and configuration in three easy steps 1. Install the appliance whether Virtual Machine, AMI Instance, or physical hardware 2. Initial configuration and initialization from the text console (Text User Interface or TUI) 3. Use the Web Interface (WebUI) to install the system s license and configure the defaults for the initial application It really is that easy. 28
29 CASE STUDY & CUSTOMERS Within 20 minutes,.we were looking at the activity taking place on our web applications. 10% of our traffic was malicious. Keir Asher Senior Technical Analyst Brown Printing 29
30 The smartest buy of the year for any organization with an online presence. 1 st Place Winner, Security Innovators Throwdown st Place Information Security Wall Street Journal Technology Innovation Awards 2011 SINET 16 Security Innovator Cool Vendor Application Security 30
31
32 JUNOS DDoS SECURE Advanced DDoS Mitigation Technology
33 JUNOS DDOS SECURE HIGHLIGHTS Mature Product Highly Differentiated Webscreen acquisition (Feb 2013) 13 years of development Low-and-slow application attack protection New attacks: protects before signatures exist $60B in revenue protected High tech, low touch: fire-and-forget 33
34 HISTORY OF DDOS 1999 SANS discovers first botnet First DDoS Proxy Service launched Russia accused of DDoS against Georgian Govt website Wikileaks Operation Payback attack Visa and Paypal DDoS becomes mainstream with attacks on US banks DDoS attacks take out ebay, CNN and Yahoo! First DDoS Mitigation Appliance launched Anonymous DDoS Habbo website Iranian voters flash crowd government sites to protest vote rigging LOIC popularized by Anonymous and LulzSec 34
35 THE MOTIVATIONS BEHIND DDOS ATTACKS Extortion Pay us or your site is going down Last Man Standing Hire a third party to take out your competition so that traffic is driven to your site Protest Flash Mobs Disaffected groups use social media to coordinate attacks on government & economic targets Sport Teams Fans Hooliganism Fans DDoS a rival club s website to preventing ticket purchases Diversionary Smokescreen DDoS to mask the theft of money, IP or client account data Flash Crowding Legitimate users flood a site, e.g. trying to purchase concert tix as soon as they go on sale. Cyber War Russia accused of using DDoS during invasion of Georgia. Individual Gamer DDoS d by other players because he was too good. Direct Criminal Activity Other Activity Political / Protest Revenge and Because I can 35
36 THE $900,000 CYBER HEIST USING A SOPHISTICATED DIVERSIONARY DDOS DDoS Attack DDoS Attack DDoS Attack DDoS Attack DDoS Attack DDoS Attack DDoS Attack DDoS Attack The Website DDoS Attack DDoS Attack $900,000 Theft DDoS Attack DDoS Attack DDoS Attack DDoS Attack DDoS Attack DDoS Attack DDoS Attack Source: Krebsonsecurity Copyright 2013 Blog Juniper Networks, Inc. 36
37 DDOS ATTACK VECTORS VOLUMETRIC Easy to detect. Attacks are getting bigger in size Frequency of attacks increasing at a moderate rate. ANYTHING THAT MAKES THE RESOURCES BUSY Flash mobs. Legitimate requests for a big event available at one time. SLOW AND LOW Growing faster than volumetric 25% of attacks in 2013 (source: Gartner) More sophisticated & difficult to detect Target back-end weaknesses Small volume of requests can take out a large web site. 37
38 TUTORIALS ON LAUNCHING DDOS ATTACKS 38
39 LOW ION ORBIT CANNON (LOIC) Flood any site Easy to download Simple to run 39
40 DDOS FOR ONE HOUR COSTS $5 40
41 Stealth EVOLVING ATTACK COMPLEXITY Signature-Based Scrubbers Volumetric Low-and-slow Challenge: Creating signatures for new attacks Emerging Battleground Challenge: manual management of IP thresholds in dynamic networks Thresholds & Netflow Analysis Known Newness Unknown 41
42 THE GAPS THAT DDOS SECURE ADDRESSES 1 New attacks: before the signature exists 2 Low-and-slow application attacks 42
43 KEY CONCEPT: CHARM CHARM: Real-time risk score for each source IP 100 Initial 50 Human-like Per packet Simple example: real human traffic typically bursty and irregular; machine/bot traffic is regular 0 Machine-like Algorithms updated regularly with characteristics of new attacks 43
44 Examples KEY CONCEPT: RESOURCE HEALTH Resource health: real-time view of status for every discrete thing on protected interface, based on stateful analysis of source and resource responsiveness Internet Traffic Internet Traffic Resources Internet Traffic DDoS Secure L7 L3-4 DNS/URL Response Time URL Rate, Pending counts HTTP Server Error Codes Backlog Queue (per resource, per port) TCP stats: SYN, SYN-ACK, CLS, RST, etc 44
45 JUNOS DDoS SECURE RESOURCE MANAGEMENT Resource Control The In this attack example, traffic to Resource 2 s reduces response as time the attackers starts to switch degrade the and attack the CHARM to Resource pass threshold 3. is increased to start the process of rate Once limiting again, the bad Junos traffic. DDoS Secure responds dynamically At this point by the increasing good traffic the will pass continue threshold to pass for Resource unhindered 3 whilst Limiting the bad traffic. attackers will start to believe their attack has been successful as their request fails. Resource 1 Resource 2 Resource 3 Resource N 45
46 JUNOS DDoS SECURE PACKET FLOW SEQUENCE CHARM Technology Resource Control IP Behavior Table Resource CHARM Threshold 1 Validates data packet Validates against defined filters Validates packet against RFCs Validates packet sequencing TCP Connection state 3 Behaviour is 4 Calculates recorded CHARM Threshold Supports up to 32M profiles Profiles aged on least used basis Responsiveness of Resource Packet Enters Syntax Screener OK So Far CHARM Generator With CHARM Value CHARM Screener Packet Exits Drop Packet 2 Calculates CHARM value for data packet References IP behaviour table Function of time and historical behaviour Better behaved = better CHARM 5 Drop Packet Allow or Drop CHARM Threshold CHARM value 46
47 HEURISTIC MITIGATION IN ACTION Normal Internet Traffic Normal Internet Traffic DDoS Attack Traffic Resources Normal Internet Traffic Junos DDoS Secure Heurisitc Analysis DDoS Attack Traffic Management PC Normal Internet traffic flows through the Junos DDoS Secure Appliance, while the software analyses the type, origin, flow, data rate, sequencing, style and protocol being utilized by all inbound and outbound traffic. The analysis is heuristic in nature and adjusts over time but is applied in real time, with minimal (store and forward) latency. 47
48 JUNOS DDOS SECURE VARIANTS 1Gbps Virtual Appliance (ESX and KVM) 10Gbps 1u appliance with failsafe / bypass Fiber (10G SR/LR) Copper (10M/100M/1G) All can be used Stand Alone or as Active Standby Pair Or Active Active (Asymmetric Routing) 48
49 JUNOS DDoS SECURE SUMMARY Defined Outstanding 24/7 support 80% Effective 10 mins after installation % effective after 6-12 hours Virtualized options available Dynamic Heuristic Technology Multi Tenanted and fully IPv6 compliant 1Gb to 10Gb HA appliances No Public IP address Layer 2 Transport Bridge 49
50 THE DATACENTER POSITIONING Junos Spotlight Secure Global Attacker Intelligence Service 2014 Q HACKING Junos WebApp Secure Enhanced Layer 7 DDoS SRX Firewall Data Center DDoS Junos DDoS Secure 50
51
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationCisco Firepower with Radware DDoS Mitigation
Cisco Firepower with Radware DDoS Mitigation Business Decision Maker Presentation Eric Grubel VP Business development, Radware February 2017 DDoS in the news French hosting firm flooded with 1 Tbps traffic
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationMulti-vector DDOS Attacks
Multi-vector DDOS Attacks Detection and Mitigation Paul Mazzucco Chief Security Officer August 2015 Key Reasons for Cyber Attacks Money and more money Large number of groups From unskilled to advanced
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationA custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
More informationKunal Jha, Juniper Networks
Kunal Jha, Juniper Networks 1 1 Security Cloud Virtualization BYOD / Mobility SDN 2 2 Simplified Networking RakeshSingh@Juniper.net Senior Systems Engineer Juniper Networks Proprietary and Confidential
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationDoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors
DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response Team
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationWHITE PAPER Hybrid Approach to DDoS Mitigation
WHITE PAPER Hybrid Approach to DDoS Mitigation FIRST LINE OF DEFENSE Executive Summary As organizations consider options for DDoS mitigation, it is important to realize that the optimal solution is a hybrid
More informationCyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA
Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationHOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK
From the Security Experts at Corero Network Security HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK Be Proactive, Not Reactive STEP-BY-STEP GUIDE The Rise of Ransom-Driven DDoS Attacks Ransom-related Denial
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationDeception: Deceiving the Attackers Step by Step
Deception: Deceiving the Attackers Step by Step TrapX Security, Inc. February, 2018 In 2017, Gartner emphasized how companies are transforming their security spending strategy and moving away from prevention-only
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationAppSecure and Mykonos Web Security (MWS) Provide Highly Effective Approach for Securing Applications on the Network, Device, and Cloud
SOLUTION BRIEF Securing Enterprise Applications AppSecure and Mykonos Web Security (MWS) Provide Highly Effective Approach for Securing Applications on the Network, Device, and Cloud Challenge The traditional
More informationWar Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy
War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationCybersecurity. Anna Chan, Marketing Director, Akamai Technologies
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile Business devices and Continuity data collection. & Cybersecurity Anna Chan, Marketing Director,
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationThreat Hunting in Modern Networks. David Biser
Threat Hunting in Modern Networks David Biser What is Threat Hunting? The act of aggressively pursuing and eliminating cyber adversaries as early as possible in the Cyber Kill Chain. Why Perform Threat
More information2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015
2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING
More informationIntegrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution
Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution (Layer 3/4 and Layer 7) Delivering best-in-class network and web application security to the modern enterprise
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationEnterprise D/DoS Mitigation Solution offering
Enterprise D/DoS Mitigation Solution offering About the Domain TCS Enterprise Security and Risk Management (ESRM) offers full services play in security with integrated security solutions. ESRM s solution
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationImperva Incapsula Product Overview
Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationWar Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert
War Stories from the Cloud Going Behind the Web Security Headlines Emmanuel Mace Security Expert The leading cloud platform for enabling secure, high-performing user experiences on any device, anywhere.
More informationSam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF
Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Who am I? Sam Pickles Senior Engineer for F5 Networks WAF Specialist and general security type Why am I here? We get to see the pointy end of a lot of
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationPart 2: How to Detect Insider Threats
Part 2: How to Detect Insider Threats Amichai Shulman Chief Technology Officer Imperva Amichai Shulman CTO, Imperva Speaker at Industry Events RSA, Appsec, Info Security UK, Black Hat Lecturer on information
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationYuri Gushin & Alex Behar
Yuri Gushin & Alex Behar Ø Introduction Ø DoS Attacks overview & evolution Ø DoS Protection Technology Ø Operational mode Ø Detection Ø Mitigation Ø Performance Ø Wikileaks (LOIC) attack tool analysis
More informationSecuring Online Businesses Against SSL-based DDoS Attacks. Whitepaper
Securing Online Businesses Against SSL-based DDoS Attacks Whitepaper Table of Contents Introduction......3 Encrypted DoS Attacks...3 Out-of-path Deployment ( Private Scrubbing Centers)...4 In-line Deployment...6
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More information86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013
Vulnerabilities help make Web application attacks amongst the leading causes of data breaches +7 Million Exploitable Vulnerabilities challenge organizations today 86% of websites has at least 1 vulnerability
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationIBM Next Generation Intrusion Prevention System
IBM Next Generation Intrusion Prevention System Fadly Yahaya SWAT Optimizing the World s Infrastructure Oct 2012 Moscow 2012 IBM Corporation Please note: IBM s statements regarding its plans, directions,
More informationEncrypted Traffic Security (ETS) White Paper
Encrypted Traffic Security (ETS) White Paper The rapid rise in encrypted traffic is changing the security landscape. As more organizations become digital, an increasing number of services and applications
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationWatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.
WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution. Total Security. A stateful packet firewall, while essential, simply isn t enough anymore. The reality is that
More informationCyber War Chronicles Stories from the Virtual Trenches
Cyber War Chronicles Stories from the Virtual Trenches Ron Winward Security Evangelist Radware, Inc. March 17, 2016 Background on the Radware Report Key Cyber Attack Trends for 2015-2016 Case Study: Look
More informationPT Unified Application Security Enforcement. ptsecurity.com
PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationHUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series
HUAWEI TECHNOLOGIES CO., LTD. Huawei 6000 series Huawei 6000 series can detect APT (Advanced Persistent Threat) attacks, which altogether exploit multiple techniques (including zero-day vulnerabilities
More informationFregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G
Fregata DDoS Mitigation Solution Technical Specifications & Datasheet 1G-5G Amidst fierce competition, your business cannot afford to slow down With HaltDos, you don t have to sacrifice productivity and
More informationCONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS
APPLICATION NOTE CONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS Protect your Web Applications from Brute Force Credential Attacks Using WebApp Secure and Intrusion Deception Technology
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationRESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises
RESELLER LOGO RADICALLY BETTER DDoS PROTECTION Radically more effective, radically more affordable solutions for small and medium enterprises IT S TIME TO GET SERIOUS ABOUT CYBER CRIME Despite the headline
More informationDefense in Depth Security in the Enterprise
Defense in Depth Security in the Enterprise Mike Mulville SAIC Cyber Chief Technology Officer MulvilleM@saic.com Agenda The enterprise challenge - threat; vectors; and risk Traditional data protection
More informationBEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION
GUIDE BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION CONTINUOUS SECURITY With attackers getting more sophisticated every day, manual methods of locating and testing web-based apps
More informationSecurity Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.
Web 2.0 Security Recommendations Ken Kaminski Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems 1 Agenda Reputation Services Web application security Secure Coding and Web Application
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationCyber Vigilantes. Rob Rachwald Director of Security Strategy. Porto Alegre, October 5, 2011
Cyber Vigilantes Rob Rachwald Director of Security Strategy Porto Alegre, October 5, 2011 Hacking: Industry Analysis Hacking has become industrialized. Attack techniques and vectors keep changing with
More informationWHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS
July 2018 WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS JUST WHAT THE DOCTOR ORDERED... PROTECT PATIENT DATA, CLINICAL RESEARCH AND CRITICAL INFRASTRUCTURE HEALTHCARE S KEY TO DEFEATING IOT CYBERATTACKS
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationArbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA
Arbor Networks Spectrum Wim De Niel Consulting Engineer EMEA wdeniel@arbor.net Arbor Spectrum for Advanced Threats Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate,
More informationDDoS Introduction. We see things others can t. Pablo Grande.
DDoS Introduction We see things others can t Pablo Grande pgrande@arbor.net DoS & DDoS. Unavailability! Interruption! Denial of Service (DoS) attack is an attempt to make a machine or network resource
More informationFighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity
More informationActive defence through deceptive IPS
Active defence through deceptive IPS Authors Apostolis Machas, MSc (Royal Holloway, 2016) Peter Komisarczuk, ISG, Royal Holloway Abstract Modern security mechanisms such as Unified Threat Management (UTM),
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationUnlocking the Power of the Cloud
TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The
More informationASA Access Control. Section 3
[ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look
More informationData Breaches: Is IBM i Really At Risk? All trademarks and registered trademarks are the property of their respective owners.
Data Breaches: Is IBM i Really At Risk? HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. ROBIN TATAM, CBCA CISM PCI-P Global Director
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationWHITE PAPER. Best Practices for Web Application Firewall Management
WHITE PAPER Best Practices for Web Application Firewall Management WHITE PAPER Best Practices for Web Application Firewall Management.. INTRODUCTION 1 DEPLOYMENT BEST PRACTICES 2 Document your security
More informationNetwork Security Monitoring: An Open Community Approach
Network Security Monitoring: An Open Community Approach IUP- Information Assurance Day, 2011 Greg Porter 11/10/11 Agenda Introduction Current State NSM & Open Community Options Conclusion 2 Introduction
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationHow WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security
How WebSafe Can Protect Customers from Web-Based Attacks Mark DiMinico Sr. Mgr., Systems Engineering Security Drivers for Fraud Prevention WebSafe Protection Drivers for Fraud Prevention WebSafe Protection
More informationWhy IPS Devices and Firewalls Fail to Stop DDoS Threats
Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats How to Protect Your Data Center s Availability About Arbor Networks Arbor Networks, Inc. is a leading provider of network security
More informationIntegrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation
Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation Configuration Example March 2018 2018 Juniper Networks, Inc. Juniper Networks, Inc. 1133
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More information