Allot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity. Solution Brief

Similar documents
Inline DDoS Protection versus Scrubbing Center Solutions. Solution Brief

2017 Allot Communications Ltd. All rights reserved. If You Turn the Lights on in Your Network, Will You Like What You See?

If You Turn the Lights on in Your Network, Will You Like What You See?

Allot Virtual TDF/PCEF Drives Real Data Monetization. Solution Brief

McAfee Unified Security Powered by Allot. Solution Brief

Delivering Security as a Service to SMB Customers

Delivering Security as a Service to SMB Customers. Solution Brief

Traffic Management Solution: Allot NetEnforcer and Juniper Networks Session and Resource Control (SRC) Platform

Optimizing Broadband Networks for Performance and Profit. Solution Brief

Allot Service Gateway Pushing the DPI Envelope

Use Cases. E-Commerce. Enterprise

Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats

Retail Stores & Restaurant Chains

Use Cases. Transportation. Enterprise

Use Cases. Higher Education. Enterprise

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

Enabling Application Control and Subscriber Management in Broadband Networks

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Symantec Client Security. Integrated protection for network and remote clients.

FIREWALL BEST PRACTICES TO BLOCK

Local & National Government

Use Cases. Energy & Utilities. Enterprise

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Use Cases. Healthcare. Enterprise

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Radware DefensePro DDoS Mitigation Release Notes Software Version Last Updated: December, 2017

QoE Congestion Management With Allot QualityProtector

Arbor Solution Brief Arbor Cloud for Enterprises

Arbor White Paper Keeping the Lights On

Encrypted Traffic Security (ETS) White Paper

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

( ) 2016 NSFOCUS

Analisi degli attacchi DDOS e delle contromisure

Imperva Incapsula Website Security

Use Cases. Media & Telecom. Enterprise

Detect & Respond to IoT Botnets AS AN ISP. Christoph Giese Telekom Security; Cyber DefenSe Center

CABLE MSO AND TELCO USE CASE HANDBOOK

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Check Point DDoS Protector Introduction

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Cisco Firepower with Radware DDoS Mitigation

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Check Point DDoS Protector Simple and Easy Mitigation

Imperva Incapsula Product Overview

THE EVOLUTION OF SIEM

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Securing Your Microsoft Azure Virtual Networks

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

Nokia Intrusion Prevention with Sourcefire. Appliance Quick Setup Guide

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Coordinated Threat Control

A Top US Bank Trusts Neustar SiteProtect for Reliable DDoS Protection Depth

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Smart and Secured Infrastructure. Rajesh Kumar Technical Consultant

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Safeguard Your Internet Presence with Sophisticated DDoS Mitigation.

THE ACCENTURE CYBER DEFENSE SOLUTION

Security Gap Analysis: Aggregrated Results

Securing Your Amazon Web Services Virtual Networks

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Automating Security Response based on Internet Reputation

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

AKAMAI THREAT ADVISORY. Satori Mirai Variant Alert

Intelligent and Secure Network

NETWORK THREATS DEMAN

2015 DDoS Attack Trends and 2016 Outlook

Software-Defined Secure Networks in Action

IoT Security for the Enterprise

Juniper Sky Advanced Threat Prevention

Use Cases. Finance. Enterprise

ForeScout ControlFabric TM Architecture

The Interactive Guide to Protecting Your Election Website

Validating the Security of the Borderless Infrastructure

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

AKAMAI CLOUD SECURITY SOLUTIONS

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

DDoS MITIGATION BEST PRACTICES

Capability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One)

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Cyber Attacks: Evolving Network Architectures to Meet the Challenge

Deploying a Next-Generation IPS Infrastructure

Reducing the Cost of Incident Response

Solutions to prevent IoT devices to be used for DDOS attacks. WISeKey General Business Use

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Built-in functionality of CYBERQUEST

Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide. Sourcefire Sensor on Nokia v4.8

Get Armoured Against Endpoint Attacks. Singtel Business. Managed Defense Endpoint Services Threat Detection and Response (ETDR)

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

A Unified Threat Defense: The Need for Security Convergence

Transcription:

Allot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity Solution Brief

Contents 1 Allot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity... 1 2 IoT Service Protection... 3 2.1 Acceptable Usage Policies (AUP)... 3 2.2 Protect the IoT Service Against DDoS Attacks... 4 2.3 Prevent Download of Malware to IoT Devices... 4 3 IoT Infrastructure Protection... 5 3.1 Acceptable Usage Policies... 5 3.2 Stop Outgoing DDoS... 5 Infected IoT devices - Host Behavior Anomaly Detection (HBAD)... 6 3.3 Visibility... 6 3.4 Summary... 7 Appendix A. When Things Misbehave An Analysis of Mirai Threats... 8 2018 Allot Communications Ltd. All rights reserved. Allot Communications, Sigma and NetEnforcer and the Allot logo are trademarks of Allot Communications. All other brand or product names are the trademarks of their respective holders. The information in this document is for reference purpose only and constitutes neither an offer, a commitment nor an acceptance. Allot may change the information at any time without notice.

1 Allot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity IoT has found its way into many aspects of our lives and businesses including healthcare, energy, transportation safety and maintenance. These services, some defined as critical infrastructure at the national level, are also primary targets of malicious criminal and state sponsored activity. The need to secure IoT and ensure continuity of IoT-based services is a reality recently demonstrated when DDoS attacks left some housing in Finland without heating. Vulnerable connected devices also pose a threat to the enterprise that deploys them. Verizon's Data Brief Digest 2017 describes such an event. A university experienced 5,000 devices making hundreds of Domain Name Service (DNS) lookups, which slowed the institution's entire network and restricted access to many internet services. On a larger scale the sheer volume of devices has the capability to threaten telecommunications infrastructure as witnessed in the attack on access routers in Deutsche Telekom and the infamous DDoS attack on Dyn 1. Allot IoT Defense (AID) enables enterprises to secure IoT deployments at the network layer that address two main concerns: IoT Service Protection To ensure service continuity of the IoT devices and protect them from attack as described below. IoT Infrastructure Protection To protect the IoT network and Enterprise network infrastructure that provides connectivity for the IoT and its IT systems. 1 See Mirai case study below 1 2018 Allot Communications Ltd. All Rights Reserved

Figure 1: Allot IoT Defense In addition, Allot IoT Defense provides powerful network analytics for visibility into IoT deployments for endpoint identification, communications patterns and trend analysis to support capacity planning and troubleshooting. 2 2018 Allot Communications Ltd. All Rights Reserved

2 IoT Service Protection IoT Service Protection is delivered at three levels in order to reduce its available attack surface and protect it from service disruption and infection. These are based on the following functions: Acceptable usage policies to prevent unapproved communication to the IoT devices Protect the IoT service against DDoS attacks Prevent download of malware to the IoT devices 2.1 Acceptable Usage Policies (AUP) IoT deployments typically serve a specific or a limited set of functions and they communicate directly with a limited set of management servers and services. The objective of the AUP is to police communications by source, application and behavior in order to reduce the attack surface of the device. Allot Secure Service Gateway enables the enterprise to define Acceptable Usage Policies that control access to the IoT devices and police the communication channel between the IoT device and authorized servers. The challenge is to provide granular access control and traffic policing on a large scale. Allot multiservice platforms, deployed globally in carrier networks, data centers and enterprise networks police millions of flows and have the scale and robustness required for the largest of IoT deployments. The Acceptable Usage Policies can be defined in terms of: IP addresses / Domains of the servers authorized to communicate with the IoT devices Type of protocols and applications permitted for communication Time of day/ day of week for when the communication is allowed Number of new connections and amount of BW permitted for the communication These policies are useful for reducing the attack surface and limiting the ability of attackers to take control over the IoT devices. 3 2018 Allot Communications Ltd. All Rights Reserved

Figure 2: Allot's Policy Editor to Control IoT Traffic 2.2 Protect the IoT Service Against DDoS Attacks As IoT based services permeate healthcare, energy and transportation, the effect of service disruption can have significant consequences as recently demonstrated. Tools like Shodan make it easy to identify IoT deployments that are limited in their capability to withstand an attack, owing to limited resources and lack of on-device protection. Allot Secure Service Gateway DDoS protection provides advanced inline protection of DDoS attacks and can be effectively used to ensure continuity of an IoT Service. The challenge is to provide a fast response at massive scale. Allot multiservice platforms today protect national infrastructure in-line, protecting over 1TBps of aggregate traffic with detection and mitigation taking less than two minutes. 2.3 Prevent Download of Malware to IoT Devices Mirai hit the headlines in 2016 as the source of some of the most devastating DDoS attacks seen until then. Mirai s code is publically available, the malware has been analyzed by numerous security experts and can be recognized by many commercially available anti-viruses, yet it continues to threaten IoT devices. This is because many of these devices are difficult or impossible to patch or there is no client software available to install and protect them. Mirai s infection process includes infiltration of an auxiliary bot on an IoT device, which later downloads the core malware. Allot Secure Service Gateway provides network based Anti-Malware, utilizing the same technology with which Allot multiservice platforms protect mobile devices. The largest deployment involves close to nine million devices. Incoming traffic is inspected by the Secure Service Gateway, incorporating leading anti-virus engines, Kaspersky, Bit Defender and/or Sophos. Allot Secure Service Gateway is the only effective way to prevent infection of IoT devices, because it is networkbased. 4 2018 Allot Communications Ltd. All Rights Reserved

3 IoT Infrastructure Protection The goal of IoT infrastructure protection is to ensure resilience of the enterprise infrastructure. As has been evident in cases of both service provider and enterprise networks, a compromised IoT deployment has the power to impact the very infrastructure it relies on for connectivity. IoT infrastructure protection is delivered at three levels in order to reduce its available attack surface, identify and quarantine infected devices and protect the infrastructure from service disruption. These are based on the following functions: Acceptable Usages policies to prevent unapproved communication from the IoT devices Stop Outgoing DDoS by protecting the IoT infrastructure from internally sourced DDoS attacks that threaten external networks and services Identify and quarantine infected IoT devices 3.1 Acceptable Usage Policies Similar to IoT Service Protection, Allot Secure Service Gateway enables the enterprise to define Acceptable Usage Policies that control communications from the IoT devices and police the communication channel between the IoT device and authorized servers. The Acceptable Usage Policies can be defined in terms of: IP addresses / Domains of the IoT devices and the management servers Type of protocols and applications allowed to be used for communication Time of day/ day of week when the communication is permitted Number of new connections / amount of BW permitted for the communication. 3.2 Stop Outgoing DDoS Large volumetric infections of IoT devices, typified by those recently triggered the highly damaging Mirai virus, impact not only the target of the attack, but also the network to which they are connected, and transit networks. The result is impaired service and quality of experience for users who share the same infrastructure. In addition to the crippling effect they can have on an enterprise network, the same enterprise could find itself liable for not adequately securing its network. Allot Secure Service Gateway DDoS protection provides advanced inline detection and mitigation against inbound and outbound DDoS attacks and can be effectively used to protect the internal infrastructure of an enterprise. 5 2018 Allot Communications Ltd. All Rights Reserved

Infected IoT devices - Host Behavior Anomaly Detection (HBAD) Allot Secure Service Gateway with Service Protector enabled also delivers Host Behavior Anomaly Detection (HBAD) to identify bot activities initiated from within the network. This allows quick identification of infected IoT devices and enables effective mitigation by limiting or quarantining those devices. For example HBAD can pinpoint abnormal activity such as port scanning that was identified in Mirai-style infected networks. 3.3 Visibility Allot Secure Service Gateway delivers powerful analytics with Allot ClearSee Network Analytics. Analytics is a key component of IoT Defense, providing comprehensive visibility into IoT deployments. Utilizing HP Vertica and MicroStrategy BI, Allot ClearSee scales to provide real time and historical analytics that enable IT operations to identify devices, communications patterns, protocols and application usage and network utilization. These capabilities can be used for troubleshooting, trend analysis, planning and defining policies for the purpose of network optimization and behavior analysis and enforcement. Allot ClearSee can also serve as a data source, providing raw data or intelligent (correlated) data for third party SIEM solutions. 6 2018 Allot Communications Ltd. All Rights Reserved

3.4 Summary IoT Defense is based on the existing capability of Allot Secure Service Gateway and Allot multiservice platforms. They provide the three pillars: Visibility, Security and Control required to ensure service availability for IoT deployments and protect IoT infrastructure when and if things misbehave. We believe that this layered approach is the best way of dealing with the diversity and scale that characterizes IoT deployments. 7 2018 Allot Communications Ltd. All Rights Reserved

Appendix A. When Things Misbehave An Analysis of Mirai Threats The Mirai botnet hit the headlines in 2016 following the massive DDoS attacks on Krebs and Dyn. The latter brought down parts of the internet on the US east coast using an army of hacked surveillance cameras that attacked the largest managed DNS infrastructure. A month later it infected home routers of German internet provider Deutsche Telekom, disconnecting nearly a million users from the internet for almost three days. The exploit code used to attack the routers was believed to be a modified version of Mirai. While Mirai-infected bot attacks have mostly occurred in the U.S. and Europe, security researchers determined that over half a million IoT devices located in 164 countries worldwide were vulnerable to Mirai, so these botnet attacks were not limited to these regions. They are a global phenomenon. During January 2017 Allot witnessed Mirai-like DDoS attacks in several service providers in Asia, all exhibiting similar characteristics. The Allot ServiceProtector inline DDoS protection system mitigated a slew of Mirai-like floods with relatively short hit-and-run cycles of massive traffic spikes to the target. These indicated powerful DDoS attacks, similar to other Mirai-powered DDoS attacks that required an effective real-time mitigation solution to block them. Figure 3- Surgical identification of the attack 8 2018 Allot Communications Ltd. All Rights Reserved

Figure 4: Taken from Mirai capture- attempting to login IoT Device Mirai targets vulnerable devices with open management TCP ports such as 22, 23, 7547, 2323, etc. using a series of known passwords. Allot ServiceProtector inline sensors detected massive scan activity on all these ports. In addition, packet captures taken from the service providers' network indicated login attempts using different passwords from Mirai s list of common passwords. After a vulnerable device is infected by Mirai, it becomes a remote controlled bot that can further spread the infection to other compromised devices and participate in a massive DDoS attack upon command. The attack on Deutsche Telekom took advantage of a vulnerability in the Eir D1000 modem that could enable a remote attacker to take control of an affected device using Transmission Control Protocol (TCP) port 7547. In our investigation, Allot ServiceProtector - Host Behavior Anomaly Detection (HBAD) identified significant HTTP scans on port 7547 as well as scans on port 23 generated by devices in the service providers' network; most probably scanning attempts to spread the bot infection to other external targets. Since the release of the original Mirai source code on September 30, it has inspired many bad actors to exploit similar pools of IoT vulnerable devices and launch massive DDoS attacks. Such attacks proved that, if used on specific targets, they can cause a wide-scale outage by bringing down websites, services, or even internet infrastructure. It is hard to estimate the number of devices infected by Mirai and its copycats, or their distribution worldwide. Significantly, our investigation indicates that the family of Mirai-like botnets has not gone away. Anomaly-based DDoS protection such as Allot ServiceProtector provides a solution to the challenge presented by such malware. It can block the largest 9 2018 Allot Communications Ltd. All Rights Reserved

incoming DDoS attacks generated by the scale of IoT bots. It stops the spread of bot infections and mitigate outbound DDoS attacks originating from such botnets. 10 2018 Allot Communications Ltd. All Rights Reserved

P/N Dxxxxxx Rev.1 www.allot.com sales@allot.com Americas: 300 TradeCenter, Suite 4680, Woburn, MA 01801 USA - Tel: +1 781-939-9300; Fax: +1 781-939-9393; Toll free: +1 877-255-6826 Europe: NCI Les Centres d'affaires Village d'entreprises, 'Green Side' 400 Avenue Roumanille, BP309 06906 Sophia Antipolis, Cedex France - Tel: +33 (0) 4-93-001160; Fax: +33 (0) 4-93-001165 Asia Pacific: 25 Tai Seng Avenue, #03-03, Scorpio East Building, Singapore 534104, Tel: +65 6749-0213; Fax: +65 6848-1015 Japan: 4-2-3-301 Kanda Surugadai, Chiyoda-ku, Tokyo 101-0062 - Tel: +81 (3) 5297 7668; Fax: +81 (3) 5297 7669 Middle East & Africa: 22 Hanagar Street, Industrial Zone B, Hod Hasharon, 4501317 Israel - Tel: 972 (9) 761-9200; Fax: 972 (9) 744-3626

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback