The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
|
|
- Todd Skinner
- 5 years ago
- Views:
Transcription
1 The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
2 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
3 Agenda: 1. What are bots? 2. A look at the growing bot threat landscape 3. What to look for in next-generation bot mitigation solutions 4. Case study for bot mitigation 5. Summary
4 What is a Bot?
5 Definition Bot is an abbreviation for robot, also referred to as web or internet robot A bot is a piece of software that automates repetitive tasks There are good bots (travel search) and bad bots (DDoS) A collection of malicious bots is known as a botnet and is directed by a command and control center (CC)
6 Not All Bots Are Bad There Are Good Bots, too! Imitator used to assume a false identity. Often used in DDoS attacks Scraper used for unauthorized data extraction (Ex: Scrape ticketing information) Spammer Polluters that inject spam links into forums, discussions, and comment sections (Ex: Try to influence voter opinions during elections) And many more Scanner Bots, Mapper Bots, Stuffer Bots, Click Bots, Spy Bots, Download Bots, etc. Crawlers/Spiders used for authorized data extraction (Pinterest, Alexa) Searchers used to collect authorized information for search engines (Googlebot & Bingbot) Fetchers used to feed content to web application and mobile devices (Facebook Mobile App, Twitter) Monitors used to monitor website availability and uptime (New Relic bot & Pingdom Bot)
7 What Can Bad Bots Do? Create havoc, steal data, take down sites, extort money, cost companies billions Scrape sites Launch pre-attack scans Post comment spam Exploit application vulnerabilities Execute code injection attacks Launch password guessing hacks Repetitively make and cancel purchases Cause commercial losses Impact your customers' experience Steal information Commit fraud by credential stuffing Cause denial of service attacks Hold and/or consume inventory Cause application and API outages Increase bandwidth costs Increase CPU costs
8 Why You Should Care About Bots: The facts speak for themselves. 77% of data breaches were targeted by botnet activity Verizon 2017 Data Breach Investigation Report 52% In 2016 Bot traffic surpassed human Ponemon Institute Survey 2017 traffic by 97% of sites were victim to web scraping bots LiveMint, The Rise of Bad Bots, April 2017
9 Attackers Understand How to Build Powerful Botnets Attackers Desire: Access to new devices (i.e., bots) Access to devices with lots of bandwidth Access to devices with fast CPUs Easy methods to take over devices Ability to maintain command and control (C&C) communications to/from these devices By 2021 the bot attack vector created by IoT devices will increase by almost 250% IoT Endpoints 2017,Gartner
10 The Botnet Problem Is Growing Significantly Just search on the news
11 Attack on dyn.com Nov 1 st, 2018
12 Oct 31 st, 2018 Nov 1 st, 2018
13 Oct 31 st, 2018 Nov 1 st, 2018
14
15 Botnet is simulating a real user agent
16 SO What Should You Look For In A Bot Mitigation Solution?
17 Cloud-Based or On-Premises Bot Mitigation Solutions Or deploy as a hybrid solution Cloud-based Globally Distributed Network resilient, scalability Purpose-built for the cloud to secure servers/applications Typically lower cost and faster to implement Costs, maintenance, complexity managed by provider Malicious traffic never hits infrastructure (cloud or on-prem) Often bundled with a WAF, DDoS, API, antimalware, etc.. Pros On-premises (Appliance) Highly customizable Suited for applications with explicit policy needs Often bundled with other security solutions such as: firewall, IDS/IPS, SIEM Totally under your control Mature technology Dependent on cloud provider for new challenges or rules May not be as customizable as on-premises Focused on protecting layer 7 Web application servers Requires security expertise managing security appliances Higher associated costs (hardware refresh cycles) Lack of tuning results in false positives Managing rules across regions is complicated Costs, maintenance, complexity managed by the company Cons
18 Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Captcha Challenge IP Rate Limiting/Bot Traffic Shaping JavaScript Challenge Human Interaction Challenge Device Fingerprinting
19 Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge IP Rate Limiting/Bot Traffic Shaping JavaScript Challenge Human Interaction Challenge Device Fingerprinting
20 Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping JavaScript Challenge Human Interaction Challenge Device Fingerprinting
21 Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping Detect and delay traffic created by suspicious bots, and prioritize authorized traffic JavaScript Challenge Human Interaction Challenge Device Fingerprinting
22 Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping Detect and delay traffic created by suspicious bots, and prioritize authorized traffic JavaScript Challenge Type of web challenge sent to determine attacker from legitimate client Human Interaction Challenge Device Fingerprinting
23 Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping Detect and delay traffic created by suspicious bots, and prioritize authorized traffic JavaScript Challenge Type of Web challenge sent to determine attacker from legitimate client Human Interaction Challenge Identifies normal usage patterns based on legitimate user/visitor behavior Device Fingerprinting
24 Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping Detect and delay traffic created by suspicious bots, and prioritize authorized traffic JavaScript Challenge Type of Web challenge sent to determine attacker from legitimate client Human Interaction Challenge Identifies normal usage patterns based on legitimate user/visitor behavior Device Fingerprinting Ability to collect unique information about a client or device for identification (prevents too many requests coming from similar users)
25 Multinational Rental Agency Challenge: They need to allow good bots to harvest data from application web servers, but limit good bot bandwidth to allow human traffic Solution: Was two-fold: Use various challenges and blacklisting to block bad bots Use rate limiting on the good bots to control bandwidth they are able to consume
26 Major Low-Cost Airline Challenge: Automated systems, Bots, were creating reservations for popular routes, reserving seats and holding the reservation before payment keeping legitimate customers form booking tickets. Solution: Deployed Oracle Dyn Bot Management to see originating IP addresses and user application interaction that would clearly indicate a Bot making a reservation vs. a human. Eliminated costly bot problem within hours of implementation
27 Where To Start: Stay up to date on the latest security news Have a plan to protect your site and your data privacy Talk to bot management vendors
28 Summary: 1. There are good bots and bad bots, you cannot just block them all 2. Next-generation bot mitigation, purpose-built for today s digital business 3. The botnet problem is growing exponentially 4. Next-generation bot mitigation solutions, more than just CAPTCHA 5. Have a plan
29
AKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationApplication Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks
Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Alaa Abdulnabi. CISSP, CIRM RSA Pre-Sales Manager, TEAM Region 1 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationThe Oracle Trust Fabric Securing the Cloud Journey
The Oracle Trust Fabric Securing the Cloud Journey Eric Olden Senior Vice President and General Manager Cloud Security and Identity 05.07.2018 Safe Harbor Statement The following is intended to outline
More informationIntroduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?
Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5? https://laurent22.github.io/so-injections/ https://laurent22.github.io/so-injections/ 13 major airlines flight information credit
More informationImperva Incapsula Product Overview
Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security
More informationEnterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE
Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of
More informationComprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline
Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline PRESENTED BY: RICH BIBLE, EMEA SILVERLINE SA November 22, 2018 1 2018 F5 NETWORKS DDoS and Application Attack
More informationCyber War Chronicles Stories from the Virtual Trenches
Cyber War Chronicles Stories from the Virtual Trenches Ron Winward Security Evangelist Radware, Inc. March 17, 2016 Background on the Radware Report Key Cyber Attack Trends for 2015-2016 Case Study: Look
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationCybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY
Cybersecurity THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY Gary Meshell World Wide Leader Financial Services Industry IBM Security March 21 2019 You have been breached; What Happens Next 2 IBM Security
More informationSecurity Gap Analysis: Aggregrated Results
Email Security Gap Analysis: Aggregrated Results Average rates at which enterprise email security systems miss spam, phishing and malware attachments November 2017 www.cyren.com 1 Email Security Gap Analysis:
More informationHow DDoS Mitigation is about Corporate Social Responsibility
How DDoS Mitigation is about Corporate Social Responsibility We see the Network, we monitor the Network and we can protect your business with automatic DDoS mitigation services from our Network core. Regardless
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More information86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013
Vulnerabilities help make Web application attacks amongst the leading causes of data breaches +7 Million Exploitable Vulnerabilities challenge organizations today 86% of websites has at least 1 vulnerability
More informationTHE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES
THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES TABLE OF CONTENTS 3 Introduction 4 Survey Findings 4 Recent Breaches Span a Broad Spectrum 4 Site Downtime and Enterprise
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationBusiness Logic Attacks BATs and BLBs
Business Logic Attacks BATs and BLBs Noa Bar-Yosef Security Research Engineer Imperva 12/02/2009 noa@imperva.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this document
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationWHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS
July 2018 WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS JUST WHAT THE DOCTOR ORDERED... PROTECT PATIENT DATA, CLINICAL RESEARCH AND CRITICAL INFRASTRUCTURE HEALTHCARE S KEY TO DEFEATING IOT CYBERATTACKS
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationSmart and Secured Infrastructure. Rajesh Kumar Technical Consultant
Smart and Secured Infrastructure Rajesh Kumar Technical Consultant IoT Use Cases Smart Cities Connected Vehicles / V2X / ITS Industrial Internet / IIoT / Industry 4.0 Enterprise IoT / Smart Buildings Technical
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationTSspeedbooster Security Add-on
1 www.tsspeedbooster.com Fine-Tune the Level of Remote Desktop & Cloud Server Security with TSspeedbooster Security Add-on When it comes to exposing Remote Desktop Protocol to direct connections, you need
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationBehavioral Analytics A Closer Look
SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationVincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1 2013 2 3 in 4 3 5.900.000.000 $ 4 RSA s Top 10 List 5 RSA s top 10 phishing list Copyright 2014 EMC
More informationWhat is SD WAN and should I know or care about it? Ken LaMere Ecessa
What is SD WAN and should I know or care about it? Ken LaMere Ecessa Powered by 1 Source International What is SD WAN? 10 Years Ago 7 Years Ago 7 Years Ago 5 Years Ago 5 Years Ago Today Today Market Trends
More informationNeustar Security Solutions Overview
Neustar Security Solutions Overview Our digital, hyperconnected world is a world of opportunity, but also one of anonymity and criminal activity. Your job is to minimize risk and enforce an acceptable
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE
CASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE The Customer: Top 10 Airline CREDENTIAL STUFFING KILLCHAIN A Top 10 Global Airline that earns over $15 Billion in annual revenue and serves
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationAdvanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector
Advanced Threat Defense Certification Testing Report Trend Micro Deep Discovery Inspector ICSA Labs Advanced Threat Defense July 12, 2016 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More informationWar Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy
War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+
More informationAdvanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection
Advanced Threat Defense Certification Testing Report Symantec Advanced Threat Protection ICSA Labs Advanced Threat Defense December 8, 2015 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,
More informationSecure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect
Secure your Web Applications with AWS WAF & AWS Shield James Chiang ( 蔣宗恩 ) AWS Solution Architect www.cloudsec.com What to expect from this session Types of Threats AWS Shield AWS WAF DEMO Real World
More informationApplication Security Using Runtime Protection
Application Security Using Runtime Protection How RASP can secure your web applications with point & click protection Waratek Solves the Application Security Problems That No One Else Can Application Security
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Your Name Here 2 The Online Threat Environment 3 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web Threat Landscape
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationAdvanced Techniques for DDoS Mitigation and Web Application Defense
Advanced Techniques for DDoS Mitigation and Web Application Defense Dr. Andrew Kane, Solutions Architect Giorgio Bonfiglio, Technical Account Manager June 28th, 2017 2017, Amazon Web Services, Inc. or
More informationComplying with PCI DSS 3.0
New PCI DSS standards are designed to help organizations keep credit card information secure, but can cause expensive implementation challenges. The F5 PCI DSS 3.0 solution allows organizations to protect
More informationIdentiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks
Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect
More informationKaspersky Security Network
The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationDDoS Detection&Mitigation: Radware Solution
DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationArtificial Intelligence Drives the next Generation of Internet Security
Artificial Intelligence Drives the next Generation of Internet Security Sam Lee Regional Director sam.lee@cujo.com Copyright 2017 CUJO LLC, All rights reserved. Artificial Intelligence Leads the Way Copyright
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationHOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK
From the Security Experts at Corero Network Security HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK Be Proactive, Not Reactive STEP-BY-STEP GUIDE The Rise of Ransom-Driven DDoS Attacks Ransom-related Denial
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationWHITE PAPER. Applying Software-Defined Security to the Branch Office
Applying Software-Defined Security to the Branch Office Branch Security Overview Increasingly, the branch or remote office is becoming a common entry point for cyber-attacks into the enterprise. Industry
More informationIBM Cloud Internet Services: Optimizing security to protect your web applications
WHITE PAPER IBM Cloud Internet Services: Optimizing security to protect your web applications Secure Internet applications and APIs against denialof-service attacks, customer data compromise, and abusive
More informationComodo cwatch Web Security Software Version 1.6
rat Comodo cwatch Web Security Software Version 1.6 Quick Start Guide Guide Version 1.6.010918 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Comodo cwatch Web Security - Quick Start Guide
More informationRESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises
RESELLER LOGO RADICALLY BETTER DDoS PROTECTION Radically more effective, radically more affordable solutions for small and medium enterprises IT S TIME TO GET SERIOUS ABOUT CYBER CRIME Despite the headline
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationWhy Are We Still Being Breached?
TM TM Why Are We Still Being Breached? Are 1 st Generation and NexGen solutions working? Rick Pither Director of Cybersecurity Session Agenda 01 SparkCognition Introduction TM 02 Why Are We Still Being
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More information68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.
PRESENTED BY: Credit Theft 68% DDoS 63% Web Fraud 50% Cross-site Scripting SQL Injection Clickjack Cross-site Request Forgery 25% 24% 20% 17% Other 2% F5 Ponemon Survey -Me East-West Traffic Flows App
More informationHow to construct a sustainable vulnerability management program
How to construct a sustainable vulnerability management program 1 #whoami -Howard Tsui -Senior Threat and Vulnerability Management Engineer -Financial industry in the United States -Contact teaupdate12@gmail.com
More informationMastering The Endpoint
Organizations Find Value In Integrated Suites GET STARTED Overview In the face of constantly evolving threat vectors, IT security decision makers struggle to manage endpoint security effectively. More
More informationLarge-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity
Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Anthony V. Teelucksingh Computer Crime and Intellectual Property Section (CCIPS) Criminal
More informationBrussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security
Cyber Resiliency Minimizing the impact of breaches on business continuity Jean-Michel Lamby Associate Partner - IBM Security Brussels Think Brussels / Cyber Resiliency / Oct 4, 2018 / 2018 IBM Corporation
More informationSIEM (Security Information Event Management)
SIEM (Security Information Event Management) Topic: SECURITY and RISK Presenter: Ron Hruby Topics Threat landscape Breaches and hacks Leadership and accountability Evolution of security technology What
More informationCisco Systems Korea
(kiseo@cisco.com) Cisco Systems Korea 2008 Cisco Systems, Inc. All rights reserved. 1 Agenda 2008 Cisco Systems, Inc. All rights reserved. 2 2008 Cisco Systems, Inc. All rights reserved. 3 Threats Are
More informationCopyright 2018, Oracle and/or its affiliates. All rights reserved.
Beyond SQL Tuning: Insider's Guide to Maximizing SQL Performance Monday, Oct 22 10:30 a.m. - 11:15 a.m. Marriott Marquis (Golden Gate Level) - Golden Gate A Ashish Agrawal Group Product Manager Oracle
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationIMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES
IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES Introduction Almost all enterprises have rogue or misconfigured certificates that are unknown to operations teams without a discovery tool they
More informationAutomation is changing the modern world. DevOps, Infrastructure Automation, Process Automation
PRESENTED BY: Automation is changing the modern world DevOps, Infrastructure Automation, Process Automation $2.3 billion 50% 30% 77% in account-takeover losses of Internet traffic comes from bots. of automated
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationSUPERCHARGE YOUR DDoS PROTECTION STRATEGY
ebook SUPERCHARGE YOUR DDoS PROTECTION STRATEGY Precision, Scalability, Automation and Affordability: four principles of an impermeable DDoS defense solution 1 INTRODUCTION DDoS attacks plague organizations
More informationSpotlight Report. Information Security. Presented by. Group Partner
Cloud SecuriTY Spotlight Report Group Partner Information Security Presented by OVERVIEW Key FINDINGS Public cloud apps like Office 365 and Salesforce have become a dominant, driving force for change in
More informationBad Bots Adversely Affect Your Customers Amy DeMartine, Principal Analyst
CX NYC 2018 Bad Bots Adversely Affect Your Customers Amy DeMartine, Principal Analyst Most website visitors aren t humans, but are instead bots or, programs built to do automated tasks. They are the worker
More informationQualys Cloud Platform
Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More information