Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

Similar documents
Arbor Solution Brief Arbor Cloud for Enterprises

Arbor White Paper Keeping the Lights On

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

WHITE PAPER Hybrid Approach to DDoS Mitigation

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Comprehensive datacenter protection

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

DDoS Managed Security Services Playbook

Safeguard Your Internet Presence with Sophisticated DDoS Mitigation.

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

DDoS Detection&Mitigation: Radware Solution

DDoS MITIGATION BEST PRACTICES

White Paper NEXT GENERATION DDoS SERVICES

A10 DDOS PROTECTION CLOUD

TechValidate Survey Report: SaaS Application Trends and Challenges

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Why DDoS Makes for Risky Business and What You Can Do About It

IBM Cloud Internet Services: Optimizing security to protect your web applications

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

RSA NetWitness Suite Respond in Minutes, Not Months

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

AKAMAI CLOUD SECURITY SOLUTIONS

SECURITY SERVICES SECURITY

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

RSA INCIDENT RESPONSE SERVICES

Preparing your network for the next wave of innovation

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

RSA INCIDENT RESPONSE SERVICES

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Traditional Security Solutions Have Reached Their Limit

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Defending against increasingly sophisticated DDoS attacks

Enterprise D/DoS Mitigation Solution offering

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Incident Response Services

Multi-vector DDOS Attacks

Securing Your Microsoft Azure Virtual Networks

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

I D C T E C H N O L O G Y S P O T L I G H T

SIEMLESS THREAT MANAGEMENT

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Defend Against the Unknown

Corero & GTT DDoS Trends Report Q2 Q3 2017

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

A GUIDE TO DDoS PROTECTION

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

A Top US Bank Trusts Neustar SiteProtect for Reliable DDoS Protection Depth

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

TRUE SECURITY-AS-A-SERVICE

with Advanced Protection

Your network is your business lifeline. Protect it. LEVEL 3 ADAPTIVE NETWORK SECURITY

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Securing Your Amazon Web Services Virtual Networks

Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats

Use Cases. E-Commerce. Enterprise

Cloudflare Advanced DDoS Protection

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Symantec Security Monitoring Services

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

FOR FINANCIAL SERVICES ORGANIZATIONS

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

DDoS Introduction. We see things others can t. Pablo Grande.

Deploying a Next-Generation IPS Infrastructure

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Security in India: Enabling a New Connected Era

OSSIR. 8 Novembre 2005

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

THE ACCENTURE CYBER DEFENSE SOLUTION

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

WHITE PAPER. Fail-Safe IPS Integration with Bypass Technology

SIEMLESS THREAT DETECTION FOR AWS

Sustainable Security Operations

Information Security Specialist. IPS effectiveness

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Transcription:

Downtime by DDoS: Taking an Integrated Multi-Layered Approach Arbor Solution Brief

About Arbor Networks Arbor Networks Inc., the cyber security division of NETSCOUT, helps secure the world s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor s advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers marketleading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a force multiplier, making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context so customers can solve problems faster and reduce the risk to their business. To learn more about Arbor products and services, please visit our website at arbornetworks.com. Arbor s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal. 1

Your DDoS Protection Is Not Good Enough Companies who suffer an outage experience losses in revenue and productivity, face potential compliance and regulatory violations, and lower customer satisfaction. Increased duration or frequency of outages will ultimately affect the company brand. One of the leading reasons organizations experience network and application outages is from network/security issues like Distributed Denial of Service (DDoS) attacks. If you care about downtime risks, you care about security. DDoS attacks are the primary threat to the availability of your network. In 2013, the number of DDoS attacks continued its trend upward in both size and complexity. In fact, the number of attacks over 20 Gbps in 2013 increased more than eight times over the number in 2012, and this trend looks to continue throughout 2014. The average size of a DDoS attack has also been consistent in its growth with verified attacks reaching more than 245 Gbps (Figure 1). 1 Not all DDoS attacks require high bandwidth saturation to deny access to a site or a service. More complex threats such as application-layer attacks continue to grow particularly with DNS and encrypted Web services (Figure 2, page 2). 1 And multi-vector attacks which combine volumetric, state-exhaustion attacks that target existing security infrastructure, such as Firewalls and IPS, and application-layer attack vectors continue to tax enterprises. 300 250 245 200 Gbps 150 100 50 0 J FMA M J J A SONDJ FMA M J J A SOND J FMA M J J A SONDJ FMA M J J A SONDJ FMA M J J A SOND 2009 2010 2011 2012 2013 Figure 1 ATLAS peak monitored attack sizes month-by-month (January to present) 1 Arbor Networks Worldwide Infrastructure Security Report (Volume IX) 1

DDoS attacks can last anywhere from minutes to 24 or more hours, however smaller-duration attacks can still cause significant harm. In fact, 88% of the attacks from 2013 lasted less than an hour. 2 This raises a key concern since most mitigation practices are not agile enough to react to these short and sharp attacks. Combined with the fact that 87% of companies that experienced a DDoS were actually victims of multiple attacks, 3 you can realize that the total time under attack can be much greater than just an hour or two. This can represent significant business challenges. Enterprises must look at integrating a multi-layered protection approach for high-capacity attacks, low-bandwidth attacks, and for the more complex attacks such as application-layer and state-exhaustion attacks. Survey Respondents 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 82% HTTP 77% DNS 54% HTTPS 25% SMTP 20% SIP/VoIP 6% IRC 9% Other Mastering Complex Attack Protection With technological advancements come increasingly sophisticated threats and attack campaigns. DDoS attacks are no exception, and have actually grown in size, frequency and scope. In some instances, DDoS attacks can often be part of a larger campaign where it is used to distract network and security operations teams so that far more nefarious activities can breach the network without notice. Low and slow DDoS attacks have evolved to evade flow-based detection from your ISP while targeting specific components of a network infrastructure, such as security devices, DNS servers and web applications. Meanwhile, volumetric-based attacks continue to be used and are still very effective in crippling enterprise networks. The sheer size, frequency, and abrupt impact of these types of attacks are make them effective. Even enterprises with large bandwidth struggle to keep their networks running and available when facing volumetric-based attacks in the range of a few hundred gigabits per second. Some of the most effective DDoS attacks enter your network without even being detected, and not even noticed until the damage is already done. These low and slow types of attacks are not meant to block or clog your primary Internet connections. These attacks are within your network environment and do not require the same type of traffic volumes because they are localized. These highly targeted attacks are just as crippling because they avoid detection from ISP and cloud-based services while denying access to critical applications and bringing a business to a screeching halt. Figure 2 Targets of application-layer attacks Source: Arbor Networks ninth annual Worldwide Infrastructure Security Report 2 Arbor Networks Worldwide Infrastructure Security Report (Volume IX) 3 The Danger Deepens: Neustar s Annual DDoS Attacks and Impact Report 2

The odds are not in favor of the defense because enterprises view DDoS protection as reactive. Although attack mitigation is key to maintaining availability and reducing downtown, you must look at incorporating a hybrid approach to your strategy. To address the multiple DDoS threats. Mitigation is only part of the solution. Successful DDoS defenses rely on: Real-time detection. Automated blocking of application and state exhausting attacks. Adopting an Integrated Multi-Layered Approach Understanding the current landscape of DDoS attacks is paramount when developing or enhancing your current security posture. Mapping the different DDoS threat types to your current capabilities, and identifying your gaps, will help in adopting an intelligent integrated approach. The threats today come in many sizes, speeds and from almost countless destinations (including within your own corporate network). The ability to identity, block, mitigate and prevent are all parts of an integrated multi-layered approach to DDoS protection (Figure 3). Speedy escalation to cloud scrubbing center for the largest attacks. Prevent the Attack Customer Portal Cloud Signaling Block the Attack Identify the Attack Arbor Cloud Mitigate the Attack Figure 3 Integrated approach from Arbor 3

The Front Line Defense: Arbor Networks APS Availability attacks can be classified as either high volume attacks or low-bandwidth attacks. High volume attacks or flood attacks can saturate Internet links to the data center and are best mitigated within a provider network or utilizing a cloud-based scrubbing center. Low-bandwidth attacks can cripple enterprises because they gain access into the network. Many low-bandwidth attacks fly under the radar of most-provider based, in-cloud DDoS solutions, so on-premise solutions are your best defense. APS provides on-premise protection that serves as an enterprise s first line of defense. Whether the attacks are complex in design, encrypted in an attempt to be disguised like important information, or low-and-slow, APS is designed to detect and prevent DDoS attacks with little to no user interaction before services are degraded. APS offers proactive monitoring and blocking against application-layer DDoS attacks, state exhausting attacks and volumetric attacks. As your business develops and deploys web-based services or utilizes the web for financial transactions, your reliance on encrypted traffic grows. Unfortunately nefarious traffic can also be encrypted, so inspecting encrypted traffic for such threats is required. APS, with in-box SSL Inspection, meets FIPS-140 Level 3 standards and secures the certifications within the device. This allows the solution to inspect data for embedded attacks and help block those threats from harming the network by decrypting the traffic that has corresponding SSL certifications. If the traffic is valid, the original decrypted packet is passed. If the encrypted traffic does not have corresponding certificate, APS will provide traditional traffic inspection, or you can simply block the traffic. Because the cost of downtime is high, your team must consider the use of on-premise capabilities in concert with cloud-based options to protect against low-and-slow as well as high-volume attacks. The on-premise APS solution enhances overall protection by communicating with ISP cloud-based scrubbing services as well as with Arbor Cloud SM to provide seamless transition between on- and off-premise traffic scrubbing. Arbor s Cloud Signaling capability allows you to establish thresholds within your on-premise inspection and scrubbing to ensure that traffic is off-loading without interruption ensuring availability. You can even enable cloud mitigation of DDoS attacks down to individual protection groups. Having an on-premise device to support these complex and lower-bandwidth attacks reduces the time to react to a threat, and minimizes the time to mitigation associated with off-loading traffic to an ISP or third-party cloud for inspection and scrubbing. Cloud Signaling Only Arbor integrates local on-premise protection with cloud and ISP-based DDoS services. Ask your DDoS service provider for Cloud Signaling or choose Arbor Cloud for DDoS services that integrate with your on-premise protection from Arbor Networks. Value of Cloud Signaling Faster response time with local identification and alerting of attacks too large for on-premise mitigation. Local visibility on APS to attacks blocked upstream. 4

On-Demand Capacity for Mitigation: Arbor Cloud When an attack occurs, speed and agility are critical to business continuity. In the event of a volumetric attack, the on-premise solution serves as a first line of defense-rerouting inbound traffic to one of four global scrubbing centers for cloud-based mitigation. When this occurs, Arbor Cloud s 24x7 Security Operations Center (SOC) work hand-in-hand with your IT team to quickly redirect malicious DDoS traffic away from your infrastructure based on predetermined methods. Here is how it works: 1. When Arbor s on-premise solution detects an attack that cannot be mitigated locally, it triggers an alert to the Arbor Cloud scrubbing center using our unique Cloud Signaling technology. 2. The Arbor Cloud Security Operations Center (SOC) notifies your organization of the attack. 3. In the meantime, based on predefined reroute options, Arbor Cloud redirects traffic to one of our four global scrubbing centers (through DNS redirection or BGP routing). Arbor Cloud provides global scrubbing capacity and can handle today s largest and most complex attacks that threaten the availability of critical resources and assets, while providing you with detailed visibility into its actions and processes while ensuring the availability of your network and web-based applications. Through using Arbor on-premise APS and cloud-based scrubbing (Arbor Cloud) solutions, you reduce the time to mitigation and protection that occurs when utilizing a series of distributed devices and partners. Plus with DDoS protection from Arbor Networks, you are assured that our collective expertise is always available when you need it. 4. Attack traffic is scrubbed and legitimate ( clean ) traffic is forwarded to its intended destination limiting downtime and optimizing network availability. 5. Once an attack has subsided, Arbor Cloud reroutes clean traffic back to your enterprise network. 6. Arbor Cloud generates a report that details the attack in its entirety including expert analysis from SOC engineers and available ASERT data. To ensure understanding and transparency, this report is delivered during a one-on-one meeting between Arbor SOC engineers and your organization. 5

Intelligence to Fight and Win: ATLAS Intelligence Feed Arming customers with policies and countermeasures that enable you to quickly address potential and active threats increases your security posture for the now and unknown. ATLAS Intelligence Feed from Arbor Networks enables you to directly benefit from the expertise of Arbor s respected and experienced research team: ASERT. Arbor s ATLAS threat monitoring infrastructure is a combination of Arbor traffic from 300 ISP deployments and a global network of sensors and data feeds, real-time visibility into 90 Tbps of global Internet traffic provides unmatched insight into emerging threats. This information is used to develop effective countermeasures against the latest attacks. The countermeasures are then provisioned into Arbor solutions such as APS and Arbor Cloud, along with the latest defenses to new threats as well as updated IP location data. These feeds provide information and capabilities such as: Botnets & DDoS Toolkits IP/Domain Reputation-Based Data IP Geo-Location Malware Identification Identifies and blocks malicious traffic from active botnets and the advanced toolkits used to launch DDoS attacks. Provides insight to where traffic is coming from, and locations that are known to host command and control and malware tools. Allows identification of location by country for sources of inbound and destination of outbound traffic. Allows identification of Malware and blocks it from gaining access providing a preventative measure to your security. Unlike other DDoS solutions, Arbor Networks protects against attacks using reputation-based data powered by ATLAS traffic analysis and our ASERT team s research, which is scored and given a confidence level. Unlike other solutions, the confidence scoring is determined by events that reflect activity of active malware, botnets and campaigns in real-time. Arbor continues to measure the effectiveness of existing and new DDoS threats and adjusts the reputation score. This is different than traditional intelligence scoring where a single-time analysis is performed and a threat signature identified. In addition to understanding and mitigating from the identified threat, knowing where that threat comes from prepares you for future attacks from that origination point. The ATLAS Intelligence Feed provides dynamic reputation feeds, which include details on known sites that operate as command control servers, sites that deliver drive by downloads and policies that are designed to keep network users from visiting those sites. Arbor s feed is updated regularly to keep pace with the ever-evolving threat landscape, so you are provided the most up-to-date information to make informed decisions. Web Crawler Identification Outbound Advanced Threat Protection Identifies web crawlers to assure no impact to web site page ranking and search engine results while blocking malicious or irrelevant web crawlers. Filters outbound threats before increasing risk to your systems and data. 6

Smarter and Faster Mitigation DDoS defense is no longer an either or proposition between deploying a solution on-premise or outsourcing to a cloud-based mitigation provider. Understanding the current landscape and the types of threats you and your industry face requires an integrated multi-layered approach. In the event of an attack, your solution should provide multiple countermeasures to ensure effective mitigation with little to no downtime. In order for improved and repeatable protection, intelligence around threats must be available. Having a safe path to access your websites, and transact against your services is single imperative to ensuring availability. If you are serious about mitigating your downtime risks from DDoS attacks, Arbor Networks can partner with you to ensure you are protected today and from future DDoS attacks. With an integrated multi-layered approach that works with your network and systems to ensure availability and reduce the attack timeframe, you are assured confidence. With global intelligence at your fingertips and the ability to block attacks of any scale and complexity while reducing your reaction times from hours to minutes, you can be assured that your availability will not be impacted from any DDoS threat. With Arbor Networks, you have the most advanced, integrated multi-layer DDoS protection available. Data Sheets Arbor Networks APS Arbor Cloud White Paper DDoS for Enterprise Arbor Cloud for Enterprises 7

Industry Analysts Agree: Multi-Layer Defense is Required for Comprehensive DDoS Protection Forrester Research DDoS Requires A Two-Phased Mitigation Strategy: DDoS is a complex problem that requires a thoughtful solution. You will need a strategy that keeps your local connection up at the beginning of an attack and then cleans the upstream traffic prior to it reaching your network. Source: www.forrester.com/develop+a+twophased+ddos+mitigation+strat egy/fulltext/-/e-res86101 Frost & Sullivan A hybrid solution is the only effective way to address volumetric and application-layer attacks. Source: www.slideshare.net/frostandsullivan/uncover-the-burgeoning-market-for-ddos-mitigation IDC Hybrid defense scenarios (on-premise equipment married with cloud services) will become more prevalent as organizations seek to defend against all vectors of DDoS attacks and as solution providers and product vendors work more closely together to deliver joint solutions. Source: www.idc.com/getdoc.jsp?containerid=239954 Infonetics We are starting to see strong customer demand for hybrid solutions that blend in-cloud or hosted DDoS mitigation with on-premise solutions and provide a single management, reporting, and forensics pane even as attack prevention moves back and forth from a provider s cloud to the customer s network. Source: www.arbornetworks.com/news-and-events/press-releases/ recent-press-releases/5230-infonetics-research-report-identifies-arbornetworks-as-the-world-leader-in-on-premise-ddos-protection Securosis DoS mitigations do not stand in isolation, rather on-premise devices and services are co-dependent to provide adequate protection. Source: securosis.com/assets/library/reports/securosis_defending-against- DoS_FINAL.pdf Ovum The future of protection looks hybrid, with on-premise and cloud working in tandem. Source: www.ovum.com/research/the-new-buzz-about-ddos/ 8

9

CORPORATE HEADQUARTERS 76 Blanchard Road Burlington, MA 01803 USA Toll Free USA +1 866 212 7267 T +1 781 362 4300 NORTH AMERICA SALES Toll Free +1 855 773 9200 EUROPE T +44 207 127 8147 ASIA PACIFIC T +65 6664 3140 www.arbornetworks.com 2016 Arbor Networks, Inc. All rights reserved. Arbor Networks, the Arbor Networks logo, ArbOS, Cloud Signaling, Arbor Cloud, ATLAS, and Arbor Networks are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners. SB/DDoSDOWNTIME/EN/0516-LETTER

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback