Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager

Size: px

Start display at page:

Download "Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager"

Hilda Bryant
5 years ago
Views:

1 Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager January 2018

2 2 About Radware

3 3 About Radware Market Leader in Application Availability solutions OVER 12,500 ENTERPRISE & CARRIER CUSTOMERS >$200M Revenue INDUSTRY WIDE RECOGNITION GLOBAL TECHNOLOGY PARTNERS ADC MQ Leader WAF MQ Visionary DDoS Wave Leader

4 4 Market Leading Attack Mitigation Solutions Financial Services 8/12 Top Stock Exchanges 11/20 Top Commercial Banks Enterprise, Retail & Online Businesses Top Brands in Every Key Vertical Carriers, Service & Cloud Providers 5/10 SaaS Providers 10/10 Top Telecom Chosen OEM partner for Cisco Firepower NGFW and Check Point NGFW

5 5 Agenda Global Trends Changes in the Attack Vector Landscape Business Concerns What s Around the Corner? Example Attacks in Adriatics Summary and Predictions

6 Radware Annual Security Reports SOURCE #1 Radware Industry

Employees 48% North America 6% 25% Central / Europe South

& Services Financial Services Govt & Civil Service Healthcare

22% 100-499 17% SOURCE #2 ERT Threat Research Center 2017

Team of security experts for fast mitigation experts under

6 6 Radware Annual Security Reports SOURCE #1 Radware Industry Survey 1,250 Retail and Ecommerce Education Number of Employees 48% North America 6% 25% Central / Europe South America 4% 18% Africa & APAC Middle-East Technology Products & Services Financial Services Govt & Civil Service Healthcare 10, % 3,000-9,999 13% 1,000-2,999 5% % <100 22% % SOURCE #2 ERT Threat Research Center 2017 real-life attack data, security alerts and threat research Team of security experts for fast mitigation experts under attack WannaCry OpIcarus XMR Squad Mirai botnet BrickerBot OpKillingBay CodeFork group

7 7 Global Trends

8 8 Global Trends in Threats & Attacks Bots Data IoTs Cyber-security BTC challenge protection integration value and defense is the top complicates systems, pushed cybercrime business to generating the security concern climb limit fictitious to management new heights demand

9 Slovenia Trends: Shift Towards Application Layer 3% 27% 1% Attack Vectors 22% 6% 41% SYN HTTP DNS UDP NTP 17% 13% 1% Attack Category 47% 22% Anomalies Network DDoS Apolication DDoS (DNS) Intrusions

9 9 Slovenia Trends: Shift Towards Application Layer 3% 27% 1% Attack Vectors 22% 6% 41% SYN HTTP DNS UDP NTP 17% 13% 1% Attack Category 47% 22% Anomalies Network DDoS Apolication DDoS (DNS) Intrusions SYN Flood TCP Handshake Violation Network Volume Attack Duration Attacks: Volume & Non Volume 37% 63% Average Duration Less than 1 min (Burst) Steady Flood (more than 1 hour) Large Increase Application Attacks

10 10 Cryptocurrency Prosperity Drives Cybercrime Ransom is the motivation behind 50% of the attacks Incidence has grown by 40% Yearover-Year One in eight organizations suffered a DDoS Extortion Ransom is the top concern of security professionals in % 50% 40% 30% 20% 10% 0% Ransom as Motivation Tripled 50% 41% 25% 16%

prepared for GDPR 26% See data protection as

11 11 Protecting Sensitive Data is the #1 Concern 45% Have suffered a data breach 30% Of customers will ask for compensation, leave, Or file a suit following a data breach 28% Name data theft as the #1 security challenge 72% Are not fully prepared for GDPR 26% See data protection as the top concern in % Intend to invest more in data protection in 2018

12 13 The Rise of the Botnets - Is Your Data in Good Hands? For some organizations, bots represent more than 75% of their total traffic 79% organizations cannot distinguish between good bots and bad ones What can bots do? 1. DDoS attacks 2. Web scraping - steal data and intellectual property 3. Manipulate pricing 4. Hold inventory

13 14 APIs the Next Weak Link API security is often overlooked data transferred is not subject to inspection or validation Common API vulnerabilities 80% Access violations Protocol attacks 60% 51% 60% 52% Invalidated redirects 40% Parameter manipulations Irregular JSON/XML expressions 20% 0% Don t analyze API vulnerabilities prior to integration Share and consume sensitive data via APIs Don't inspect data transferred via APIs

14 15 Changes in the Attack Vector Landscape

15 16 DDoS Attacks: Shift Towards Application Layer Application attacks become the preferred DDoS vector Network attacks declined significantly HTTP/S and TCP-SYN Floods are causing the most damage 1 in every 5 attacks exceed 1Gbps 50% 40% 30% 20% 10% 37% 28% 33% 23% 7% 35% 23% 18% 12% 10% 4% + 10% DDoS Attacks 0% HTTP HTTPS DNS SMTP VOIP TCP SYN flood Application UDP ICMP TCP-Other IPv6 Other Network

16 18 DNS Attack Vectors % suffered a DoS attack against their DNS server Brute Force attack and Basic Query Floods are the most common vectors 60% 50% 40% 49% 42% 34% 30% 20% 26% 20% 10% 0% Brute Force Basic Query Flood Recursive Flood Reflective Amplification Attack Cache Poisoning Which of these attack vectors did you experience?

17 20 Bot Attacks Web scraping is the main plague Two of five report bot traffic exceeds 75% 44% still can t distinguish between bots and a flash mob 60% Web Scraping Impact 56% 50% 40% 30% 32% 45% 39% 20% 10% 0% Inventory depleted (e.g., sold out within minutes) Inventory held (customers cannot complete purchase) Website copied (screen-captured or content) Intellectual Property stolen (such as pricing)

22 Failure Points in the Data Center Internet Pipe

compromised the most - as they keep the lucrative

service degradation 37% Internet Pipe (Saturation)

Balancer Under (ADC) Attack IPS/IDS Internet Pipe

18 22 Failure Points in the Data Center Internet Pipe Saturation incidence grew 50% from 2016 Servers are compromised the most - as they keep the lucrative data 40% growth in complete outages over mere service degradation 37% Internet Pipe (Saturation) 17% Firewall 6% 4% Load 35% The 1% SQL Server Server Balancer Under (ADC) Attack IPS/IDS Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Server

23 Vertical Highlights 40% Of retailers report bot traffic

fear availability issues, over data theft or reputation

mitigation in 2018 24% Of government and public sector

express low to medium confidence in securing patient

19 23 Vertical Highlights 40% Of retailers report bot traffic above 75% of total 42% Of education institutes actually fear availability issues, over data theft or reputation loss 31% Of service providers intend to invest in DDoS mitigation in % Of government and public sector organizations suffer attacks daily 73% Of healthcare s express low to medium confidence in securing patient records 44% Of financials do not track the dark web after a data security breach

20 24 Business Concerns of Cyber-Attacks

21 25 Biggest Business Concern When Attacked Data loss followed by reputation loss were the biggest concerns Fewer were concerned with revenue loss this year Data Leakage/ information loss 28% Availability / SLA Degradation 23% Reputation loss 17% Revenue loss 13% Customer / partner loss Productivity loss 10% 10% 0% 5% 10% 15% 20% 25% 30% What is your concern if faced with a cyber-attack?

22 28 Multiple Touchpoints = Higher Risk Organizations do not take all the necessary measures when their application services communicate with 3rd party services 80% 70% 60% 50% 40% 30% 72% 50% 42% 32% 47% do not use encryption 20% 10% 0% Username/ password Payment details Personally identifiable information User behavior / preferences / analytics Which data types do you share with 3 rd parties?

23 29 Application Security Concerns Most organizations feel they can handle the OWASP top 10 pretty well. They fear: 1. Application layer DDoS 2. Encrypted / SSL-based attacks 3. API manipulations 4. Data breach Layer 7 DDoS Encrypted web attacks (SSL/TLS-based) API manipulations Data security breach Brute force Cross-site scripting Web Scraping SQL injection Cross-site request forgery Which attacks against applications are most difficult to prevent, detect and contain? 15% 13% 13% 13% 25% 44% 48% 57% 62% 0% 10% 20% 30% 40% 50% 60% 70%

24 31 What s Around the Corner?

25 32 Biggest Threats in 2018 Ransom and data theft are seen as the two biggest threats in the coming year Ransom Data Theft Application vulnerabilities 22% 26% 26% IoT Botnets 13% Permanent Denial of Service 8% API Integration Other 3% 2% 0% 10% 20% 30% 40% 50% Which of the following attacks against applications and/or web servers are most difficult to prevent, detect and contain?

26 33 Projected investments in 2018 The most popular investment areas are guarding sensitive data, endpoint protection, and SIEM/analytics. MY 2018 INVESTMENT WILL BE IN In-house expertise and application infrastructure, 28% Endpoint and Malware Protection, 26% Security Management & Analytics, 20% Data Leakage Prevention, 16% DDoS Protection, 10%

27 34 Adopting Artificial Intelligence / Machine Learning 20% already rely on Machine Learning/AI based protections Better Security - #1 motivation for exploring AI solutions Better security 63% Already rely on, 20% Simpler manageability 27% Filling in the skill gap 27% Neither, 52% Plan to integrate, 28% Gaining a competitive advantage Cost reduction 25% 25% Other 8% 0% 20% 40% 60% 80% 100%

28 35 Examples of Risk to Financial Institutions such as in Adriatic Region

29 36 Ransom Ransom Denial of Service (RDoS) Objective: Cryptocurrencies Threatens use of latest techniques Increase in extortions Decrease in attacks South Korea Banks $315,000 USD 5Gbps sample attack Result of Nayana Ransomware extortion

37 Local Heists Jackpotting ATMs 2010 Barnaby Jack @ BlackHat Vector 1: Remote attack Vector 2: Key + USB Malware Tennessee - 2014 18 months spree Over $400,000

30 37 Local Heists Jackpotting ATMs 2010 Barnaby BlackHat Vector 1: Remote attack Vector 2: Key + USB Malware Tennessee months spree Over $400,000 Keypad attack Romania Machines in one day 3.8 Million Slopes (860,000 Euros) Raiffeisen Bank o o o Spear-phising Malicious payload Gained access of ATM s

31 39 Introducing Radware s Hybrid Attack Mitigation

40 The Rise of the Multi-Vector Attack Low &

Slowloris) Large volume network flood attacks

Force Network Scan SYN Floods SSL Floods App

Balancer/ADC Server Under Attack SQL Server

32 40 The Rise of the Multi-Vector Attack Low & Slow DoS attacks (e.g. Slowloris) Large volume network flood attacks SQL Injections HTTP Floods XSS, CSRF Brute Force Network Scan SYN Floods SSL Floods App Misuse Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Server Cloud DDoS Protection DoS protection Behavioral analysis IPS SSL protection WAF

33 41 An Integrated Hybrid Attack Mitigation is Needed Complete and integrated solution with all security technologies On-Demand Always-On Cloud On-Premise Cloud Radware provides complete hybrid protection Always-On DDoS on-premise or on cloud with DDoS cloud scrubbing activated on-demand Cloud DDoS protection DoS protection Behavioral analysis IPS SSL protection WAF

34 42 Radware s Security Solution Elements Radware Emergency Response Team 24x7 Security Experts Centralized Management & Reporting APSolute Vision Cloud DDoS Protection DoS protection Behavioral analysis IPS SSL protection WAF Cloud DDoS Protection Services Hybrid, Always-On, On-Demand 3.5Tbps mitigation capacity Attack Mitigation Device DefensePro Physical and Virtual Appliance Throughput up to 400Gbps Web Application Firewall AppWall, Cloud WAF Service

35 43 Real-Time Attack Mitigation with DefensePro Real-time attack prevention device that protects your application infrastructure against network and application downtime, application vulnerability exploitation and network anomalies 43

44 Protecting a Dynamic Network at Scale

limited false positives Real Time Signature Creation

Source IP Blocking Blocking Dynamic IP &

36 44 Protecting a Dynamic Network at Scale Behavioral-based Detection Patented algorithm with limited false positives Real Time Signature Creation Block 0-day attacks in up to 18 seconds Beyond Source IP Blocking Blocking Dynamic IP & behind-the-cdn attacks Dedicated Attack Hardware With no impact on legitimate traffic

37 45 Built to Protect from Next Generation Attacks New IoT-based threats introduce sophisticated vectors and require a more automated, more accurate protection solution Sophisticated DNS Vectors Automated behavioral DNS protection for Authoritative and Recursive DNS Growth in Encrypted Attacks Integrated 0-latency multi-layer SSL-flood protection Dynamic, Burst Attacks Burst attack protection

38 46 Summary and Predictions

47 Looking ahead to 2018 Build your protection strategy.

Weaponized Artificial Intelligence Bots and automated attack tools can mimic

APIs are a double-edged sword APIs connect all platforms and services together.

Attack via Proxies Attackers target 3 rd parties who accommodate a variety of

39 47 Looking ahead to 2018 Build your protection strategy. Develop an incident response plan. Weaponized Artificial Intelligence Bots and automated attack tools can mimic human behavior. Can they mimic human learning? APIs are a double-edged sword APIs connect all platforms and services together. Businesses must audit APIs prior to integration. Attack via Proxies Attackers target 3 rd parties who accommodate a variety of businesses CDNs, applications, analytics services or download sites Automated Social Engineering Bots already collect and analyze personal data. Next step is to add a component that deceives and infects the victim

48 Stay Focused. Be Prepared. Build your protection strategy. Develop an incident response plan.

Manageability, flexibility and scalability are key for a seamless security experience Versatile application protection Cross platform API

Evaluate before integrating 3rd party services Fight fire with fire AI based solutions to mitigate advanced cyber-weapons.

40 48 Stay Focused. Be Prepared. Build your protection strategy. Develop an incident response plan. Consolidate and automate Elastic, unified systems against multiple threats. Manageability, flexibility and scalability are key for a seamless security experience Versatile application protection Cross platform API and Application security protect your data assets. Evaluate before integrating 3rd party services Fight fire with fire AI based solutions to mitigate advanced cyber-weapons. Understand who is a bot and who isn t to optimize your resources and maximize your security Hope for the best, Prepare for the worst Reduce Cyber-Attacks Business Impact by getting ready Study new technologies, have an ER plan, patch systems on time, get a hybrid DDoS mitigation solution, hire hackers for clever forensics, rely on experts

Pushed to the Limit! Network and Application Security Threat Landscape January 2018

Pushed to the Limit! Network and Application Security Threat Landscape 2017-8 January 2018 2 Agenda Global Trends Changes in the Attack Vector Landscape Business Concerns What s Around the Corner? Example