The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering

Similar documents
AKAMAI CLOUD SECURITY SOLUTIONS

Intelligent and Secure Network

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

Beyond Blind Defense: Gaining Insights from Proactive App Sec

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Imperva Incapsula Website Security

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

RSA Web Threat Detection

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Maximum Security with Minimum Impact : Going Beyond Next Gen

The Oracle Trust Fabric Securing the Cloud Journey

Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

Imperva Incapsula Product Overview

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

Cyber War Chronicles Stories from the Virtual Trenches

DDoS MITIGATION BEST PRACTICES

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Personal Cybersecurity

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Security Gap Analysis: Aggregrated Results

How DDoS Mitigation is about Corporate Social Responsibility

Securing Your Amazon Web Services Virtual Networks

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Integrated Access Management Solutions. Access Televentures

Business Logic Attacks BATs and BLBs

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Panda Security 2010 Page 1

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Endpoint Protection : Last line of defense?

Smart and Secured Infrastructure. Rajesh Kumar Technical Consultant

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

TSspeedbooster Security Add-on

BUILDING A NEXT-GENERATION FIREWALL

Behavioral Analytics A Closer Look

Securing Your Microsoft Azure Virtual Networks

How Breaches Really Happen

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

What is SD WAN and should I know or care about it? Ken LaMere Ecessa

Neustar Security Solutions Overview

Synchronized Security

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

CASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Advanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Business Strategy Theatre

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

Advanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Application Security Using Runtime Protection

RSA Web Threat Detection

The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company

Advanced Techniques for DDoS Mitigation and Web Application Defense

Complying with PCI DSS 3.0

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Kaspersky Security Network

The Interactive Guide to Protecting Your Election Website

DDoS Detection&Mitigation: Radware Solution

SYMANTEC DATA CENTER SECURITY

Symantec Endpoint Protection Family Feature Comparison

A Review Paper on Network Security Attacks and Defences

Securing Digital Transformation

IBM Security Network Protection Solutions

Artificial Intelligence Drives the next Generation of Internet Security

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

WHITE PAPER. Applying Software-Defined Security to the Branch Office

IBM Cloud Internet Services: Optimizing security to protect your web applications

Comodo cwatch Web Security Software Version 1.6

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Why Are We Still Being Breached?

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

How to construct a sustainable vulnerability management program

Mastering The Endpoint

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

SIEM (Security Information Event Management)

Cisco Systems Korea

Copyright 2018, Oracle and/or its affiliates. All rights reserved.

RSA Security Analytics

IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES

Automation is changing the modern world. DevOps, Infrastructure Automation, Process Automation

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Security

SUPERCHARGE YOUR DDoS PROTECTION STRATEGY

Spotlight Report. Information Security. Presented by. Group Partner

Bad Bots Adversely Affect Your Customers Amy DeMartine, Principal Analyst

Qualys Cloud Platform

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Transcription:

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering

Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.

Agenda: 1. What are bots? 2. A look at the growing bot threat landscape 3. What to look for in next-generation bot mitigation solutions 4. Case study for bot mitigation 5. Summary

What is a Bot?

Definition Bot is an abbreviation for robot, also referred to as web or internet robot A bot is a piece of software that automates repetitive tasks There are good bots (travel search) and bad bots (DDoS) A collection of malicious bots is known as a botnet and is directed by a command and control center (CC)

Not All Bots Are Bad There Are Good Bots, too! Imitator used to assume a false identity. Often used in DDoS attacks Scraper used for unauthorized data extraction (Ex: Scrape ticketing information) Spammer Polluters that inject spam links into forums, discussions, and comment sections (Ex: Try to influence voter opinions during elections) And many more Scanner Bots, Mapper Bots, Stuffer Bots, Click Bots, Spy Bots, Download Bots, etc. Crawlers/Spiders used for authorized data extraction (Pinterest, Alexa) Searchers used to collect authorized information for search engines (Googlebot & Bingbot) Fetchers used to feed content to web application and mobile devices (Facebook Mobile App, Twitter) Monitors used to monitor website availability and uptime (New Relic bot & Pingdom Bot)

What Can Bad Bots Do? Create havoc, steal data, take down sites, extort money, cost companies billions Scrape sites Launch pre-attack scans Post comment spam Exploit application vulnerabilities Execute code injection attacks Launch password guessing hacks Repetitively make and cancel purchases Cause commercial losses Impact your customers' experience Steal information Commit fraud by credential stuffing Cause denial of service attacks Hold and/or consume inventory Cause application and API outages Increase bandwidth costs Increase CPU costs

Why You Should Care About Bots: The facts speak for themselves. 77% of data breaches were targeted by botnet activity Verizon 2017 Data Breach Investigation Report 52% In 2016 Bot traffic surpassed human Ponemon Institute Survey 2017 traffic by 97% of sites were victim to web scraping bots LiveMint, The Rise of Bad Bots, April 2017

Attackers Understand How to Build Powerful Botnets Attackers Desire: Access to new devices (i.e., bots) Access to devices with lots of bandwidth Access to devices with fast CPUs Easy methods to take over devices Ability to maintain command and control (C&C) communications to/from these devices By 2021 the bot attack vector created by IoT devices will increase by almost 250% IoT Endpoints 2017,Gartner

The Botnet Problem Is Growing Significantly Just search on the news

Attack on dyn.com Nov 1 st, 2018

Oct 31 st, 2018 Nov 1 st, 2018

Oct 31 st, 2018 Nov 1 st, 2018

Botnet is simulating a real user agent

SO What Should You Look For In A Bot Mitigation Solution?

Cloud-Based or On-Premises Bot Mitigation Solutions Or deploy as a hybrid solution Cloud-based Globally Distributed Network resilient, scalability Purpose-built for the cloud to secure servers/applications Typically lower cost and faster to implement Costs, maintenance, complexity managed by provider Malicious traffic never hits infrastructure (cloud or on-prem) Often bundled with a WAF, DDoS, API, antimalware, etc.. Pros On-premises (Appliance) Highly customizable Suited for applications with explicit policy needs Often bundled with other security solutions such as: firewall, IDS/IPS, SIEM Totally under your control Mature technology Dependent on cloud provider for new challenges or rules May not be as customizable as on-premises Focused on protecting layer 7 Web application servers Requires security expertise managing security appliances Higher associated costs (hardware refresh cycles) Lack of tuning results in false positives Managing rules across regions is complicated Costs, maintenance, complexity managed by the company Cons

Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Captcha Challenge IP Rate Limiting/Bot Traffic Shaping JavaScript Challenge Human Interaction Challenge Device Fingerprinting

Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge IP Rate Limiting/Bot Traffic Shaping JavaScript Challenge Human Interaction Challenge Device Fingerprinting

Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping JavaScript Challenge Human Interaction Challenge Device Fingerprinting

Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping Detect and delay traffic created by suspicious bots, and prioritize authorized traffic JavaScript Challenge Human Interaction Challenge Device Fingerprinting

Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping Detect and delay traffic created by suspicious bots, and prioritize authorized traffic JavaScript Challenge Type of web challenge sent to determine attacker from legitimate client Human Interaction Challenge Device Fingerprinting

Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping Detect and delay traffic created by suspicious bots, and prioritize authorized traffic JavaScript Challenge Type of Web challenge sent to determine attacker from legitimate client Human Interaction Challenge Identifies normal usage patterns based on legitimate user/visitor behavior Device Fingerprinting

Next-Generation Bot Management What To Look For.. Good Bot Whitelisting Provides ability to recognize and remember good bots and allow them access Captcha Challenge Is a challenge intended to differentiate between computers and human IP Rate Limiting/Bot Traffic Shaping Detect and delay traffic created by suspicious bots, and prioritize authorized traffic JavaScript Challenge Type of Web challenge sent to determine attacker from legitimate client Human Interaction Challenge Identifies normal usage patterns based on legitimate user/visitor behavior Device Fingerprinting Ability to collect unique information about a client or device for identification (prevents too many requests coming from similar users)

Multinational Rental Agency Challenge: They need to allow good bots to harvest data from application web servers, but limit good bot bandwidth to allow human traffic Solution: Was two-fold: Use various challenges and blacklisting to block bad bots Use rate limiting on the good bots to control bandwidth they are able to consume

Major Low-Cost Airline Challenge: Automated systems, Bots, were creating reservations for popular routes, reserving seats and holding the reservation before payment keeping legitimate customers form booking tickets. Solution: Deployed Oracle Dyn Bot Management to see originating IP addresses and user application interaction that would clearly indicate a Bot making a reservation vs. a human. Eliminated costly bot problem within hours of implementation

Where To Start: Stay up to date on the latest security news Have a plan to protect your site and your data privacy Talk to bot management vendors

Summary: 1. There are good bots and bad bots, you cannot just block them all 2. Next-generation bot mitigation, purpose-built for today s digital business 3. The botnet problem is growing exponentially 4. Next-generation bot mitigation solutions, more than just CAPTCHA 5. Have a plan

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback