Building Resilience to Denial-of-Service Attacks

Similar documents
Technical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services

Anticipating the wider business impact of a cyber breach in the health care industry

From Dabbling to Doing The Age of the Intuitive Enterprise

Cyber Risk and Networked Medical Devices

Cyber Espionage A proactive approach to cyber security

Real estate predictions 2017 What changes lie ahead?

Emerging Technologies The risks they pose to your organisations

The New Healthcare Economy is rising up

Building and Testing an Effective Incident Response Plan

Vulnerability Management. June Risk Advisory

Cloud Computing Overview. The Business and Technology Impact. October 2013

Are we breached? Deloitte's Cyber Threat Hunting

Risk Advisory Academy Training Brochure

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Cyber Security Incident Response Fighting Fire with Fire

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Transform your network and your customer experience. Introducing SD-WAN Concierge

Multi-factor authentication enrollment guide for Deloitte client or business partner user

Preparing your network for the next wave of innovation

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

Never Drop a Call With TecInfo SIP Proxy White Paper

Transform your network and your customer experience. Introducing SD-WAN Concierge

Kaspersky Security Network

Cyber Security is it a boardroom issue?

IBM Cloud Internet Services: Optimizing security to protect your web applications

Achieving effective risk management and continuous compliance with Deloitte and SAP

Cyber Security: Are digital doors still open?

Headline Verdana Bold

UPS system failure. Cyber crime (DDoS ) Accidential/human error. Water, heat or CRAC failure. W eather related. Generator failure

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

EVERYTHING YOU NEED TO KNOW ABOUT NETWORK FAILOVER

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Global Mobile Consumer Survey, US Edition Overview of results

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Internet of Things (IoT) Securing the Connected Ecosystem

The Windstream Enterprise Advantage for Banking

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

AKAMAI CLOUD SECURITY SOLUTIONS

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Modernizing Healthcare IT for the Data-driven Cognitive Era Storage and Software-Defined Infrastructure

MASERGY S MANAGED SD-WAN

DATACENTER SERVICES DATACENTER

Healthcare IT Modernization and the Adoption of Hybrid Cloud

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

A Top US Bank Trusts Neustar SiteProtect for Reliable DDoS Protection Depth

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

DDoS MITIGATION BEST PRACTICES

THE ACCENTURE CYBER DEFENSE SOLUTION

Defending against increasingly sophisticated DDoS attacks

Networks

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Angela McKay Director, Government Security Policy and Strategy Microsoft

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

Accelerate Your Enterprise Private Cloud Initiative

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Evolution For Enterprises In A Cloud World

Arbor White Paper Keeping the Lights On

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

Build Your Zero Trust Security Strategy With Microsegmentation

Security by Default: Enabling Transformation Through Cyber Resilience

Hyper-Converged Infrastructure: Providing New Opportunities for Improved Availability

The Quest to Measure Strength of Function for Authenticators: SOFA, So Good

Data center interconnect for the enterprise hybrid cloud

Real-time Communications Security and SDN

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA?

Future-ready security for small and mid-size enterprises

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Cisco Software-Defined Access

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

A Guide to Ensuring Security and Resiliency

Webcast title in Verdana Regular

Cyber risk Getting the boardroom focus right

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

The impact of digital transformation on industries

Deloitte Shared Services Conference 2018 Lab: Scaling RPA David Wright, Kim Burton, Dupe Witherick and Marina Gordeeva, Deloitte

Disaster Recovery Is A Business Strategy

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

CFOs in a new global environment Sandy Cockrell, Deloitte

WHITE PAPER Hybrid Approach to DDoS Mitigation

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Keys to a more secure data environment

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

COMPETITIVE EDGE IN THE CLOUD DRIVING GROWTH AND VALUE WITH ADAPTIVE DELIVERY, SECURITY, AND ACCELERATION

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

SIEM Solutions from McAfee

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

Disaster recovery strategic planning: How achievable will it be?

Software-Defined WAN Does Not Grow on WAN Alone

Transcription:

Building Resilience to Denial-of-Service Attacks

Building resilience to denial-of-service attacks Traditionally, organizations have relied on disaster recovery (DR) solutions to provide protection from technology disruptions, but recent incidents have highlighted how ill- equipped these methods are in supporting recovery from cyber incidents. Recently there has been a significant increase in distributed denial-of-service (DDoS) incidents. These incidents are proving to be some of the largest technology disruptions in recent years, impacting network connectivity for organizations around the world. The methods used were similar to any other DDoS attack: the target was inundated with massive amounts of traffic to overwhelm its infrastructure often leveraging Internet of Things (IoT) devices to carry out the attack. The attack crippled the target s Domain Name System (DNS) services which disrupted business and revenue streams for many companies, including large digital businesses. Traditionally, organizations have relied on DR solutions to provide protection from technology disruptions, but this event highlighted how ill-equipped these methods are in supporting recovery from cyber incidents. Traditional DR has been around for over 40 years. It emerged from the need to protect mainframe environments from physical disruption and was appropriate for this task. Today s digital economy is drastically different in several important respects: Emergence of digital business Some of the high-profile organizations that suffered disruptions as a result of the DDoS attacks are businesses heavily dependent on technology. For many such companies, disruption of information technology (IT) services can directly correlate to lost revenues. Growing interconnectivity With the exponential adoption of cloud, mobility, IoT, and Big Data technologies, networks are becoming increasingly critical to businesses. These same technologies also widen the threat landscape; DDoS attacks turn everyday connected devices into a robotic army of attackers. Zero downtime expectations The increased reliance of society on technology creates an always-on expectation on the part of customers and business partners. In this particular case, the multi-hour disruption in network services was justifiably unacceptable to many. 2

Extensive reliance on third parties Reliance on an internet service or cloud provider may be one of the most evident dependencies, but for many organizations, these are likely not the only external points of potential failure. Digital ecosystems are growing and major disruptions can occur through multiple avenues. Rise in cyberattacks Rapidly evolving cyber threats require innovative approaches to protect businesses. DDoS attacks are not new, but the ways these attacks are orchestrated change every day. What s wrong with traditional network defense and recovery? As technology continues to revolutionize business and as threats to business operations become more complex, legacy solutions are proving increasingly costly, outdated and insufficient. While considered front line defenses, traditional DDoS prevention solutions are incapable of mitigating against large-scale attacks and can provide a false sense of security. Utilizing carriers to deflect traffic not only blocks DDoS-based traffic but also blocks legitimate traffic that otherwise should not be blocked. Firewalls are typically programmed to allow access to traffic utilizing some of the same ports and protocols that are most commonly exploited by attackers. Furthermore, the placement of most firewalls within the network tends to be too far downstream to stop many attacks. Attackers also tend to introduce malicious traffic by spoofing the registered IP addresses of the targeted network, further limiting the effectiveness of firewalls and router- based access control lists. Traditional DR solutions are focused on addressing physical disruptions and employ redundancy as a foundation. For networks, this often means having active and backup circuits. Cyberattacks are logical, targeted, and potentially persistent in nature meaning the redundancy-based approach not only fails to provide a recovery capability, but can actually serve to propagate the attack to backup circuits. In the case of DDoS attacks, infrastructure may be recovered to an alternate site, but the applications, database, and server configurations often require that the alternate data center maintain production network configurations. The result is a rerouting of the DDoS traffic to the alternate facility. DDoS is an attack against logical While considered front line defenses, traditional DDoS prevention solutions are incapable of mitigating against large-scale attacks and can provide a false sense of security. 3

resources, not the physical infrastructure. Since DR does nothing to address the capacity of resources, it does nothing to address DDoS. Further, the active-backup model requires maintenance of backup circuits in parallel with active circuits, a practice that has been shown to be difficult for many companies to reliably maintain. In many cases, when the active circuit fails, failover does not work because the backup circuit has been misconfigured or is not functioning.the result is a failed recovery and potentially a full site or network disruption. How do digital disruptions such as DDoS attacks impact businesses? As our example shows, the impact of DDoS attacks can vary greatly from situation to situation. In some cases, while there is disruption at the storefront, back-end business continues uninterrupted. For e-commerce businesses, the inability to maintain web connectivity could have a significant impact. For other businesses, the loss of web access may be undesirable, but it also may have no impact on revenue streams. The more reliant businesses are on technology, the greater the impact of digital disruptions is likely to be. Given the growing adoption of networkenabled technologies, disruption of communication channels can effectively disrupt the very heart of an enterprise, bringing important business functions to a halt and irreparably damaging brand value and customer or client relationships. High-impact disruptions could include a retailer suffering major channel disruption on Black Friday, a hospital being unable to admit patients, or an airline having to cancel thousands of flights during the holiday season. What can organizations do? The answer is a shift toward Cyber Resilience, which develops the ability to withstand disruptions to IT capabilities supporting critical business operations. Disaster recovery is a contingency planning approach that assumes disruptions will occur and aims to recover from them. Cyber risk is pervasive in an organization, and the Cyber Resilience approach drives resilience across the enterprise by addressing the people, process, and technology challenges associated with traditional contingency planning methods in an attempt to deliver an always-on enterprise. Following (on page 4) are a number of characteristics that improve overall operational resilience, most of which do not fall under the traditional DR umbrella. These characteristics are also appropriate to consider when pursuing resilience to DDoS attacks. 4

Cyber Resilience infrastructure is designed to be Agile DNS caching solutions allow for resolution of network addressing in the face of DNS failures and outages. This potentially addresses multiple forms of DNS disruptions, including situations when DDoS attacks hammer DNS. Surge-supporting High-capacity, cloud-based DDoS protection services allow you to quickly reroute DDoS traffic and keep your IT resources readily available. These on-demand services quarantine traffic from suspicious IP addresses and scrub them to allow clean traffic through. Scalable Load-balanced front end web servers can help handle an initial onslaught of queries targeted at those environments. Secure Validating access to web services can winnow out malicious and robotic/automated access. Securing end user-originated traffic from internet-originated traffic supports continuity of services as organizations shift critical services to the cloud and other external sources. Software-defined WAN technologies provide secure access to enterprise and Internetbased resources through encryption, evergreen proxy, URL filtering, anti-virus protection, and other network security technologies. Risk-sensing Anti-DDoS appliances support quick identification and diversion of web-based queries that may be part of a DDoS attack. Adaptive Quickly gaining momentum is a hybrid network solution in which two different access technologies [e.g. Multi-Protocol Layer Switching (MPLS), Internet] are used to provide diverse WAN services to a particular site. Many large organizations currently employ a dual-carrier strategy in which an MPLS circuit from each carrier is terminated at each remote site to provision against potential circuit and/or carrier failure. Modular Software-defined WAN technologies can support network micro-segmentation, which provides the agility to failover only impacted systems and/or network segments. They allow organizations to utilize multiple enterprise circuits in a standardized fashion and even provide increased bandwidth and resiliency for remote sites with a single MPLS circuit through the deployment of an Internet circuit. Automated Software-defined networks provide a layer of application-aware routing and path diversity. This provides the ability to automate and proactively divert network traffic, increasing overall network resiliency based on pre-defined thresholds. It also allows organizations to replace expensive MPLS circuits with low-cost, high- bandwidth Internet circuits providing direct Internet access to remote sites. 5

Thriving in the network-driven digital economy Networks underpin the digital economy; building proactive management of cyber risks into the overall business strategy is a foundation for today s high-performing organizations. The IoT, cloud, mobility, and other emerging technologies organizations are embracing offer great rewards and the risks are manageable. As the cybersecurity landscape continues to evolve, Cyber Resilience provides a framework and preemptive approach to enterprise resiliency and supports a Secure.Vigilant.ResilientTM cyber program. Cyber Resilience services provide a framework and pre-emptive approach to enterprise resiliency. 6

For more information please visit www.deloitte.com/us/cyber Contacts for Cyber Resilience John Gelinne Principal Cyber Risk Services Deloitte Risk and Financial Advisory Deloitte & Touche LLP jgelinne@deloitte.com Bob Black Principal Technology Strategy and Architecture Deloitte Consulting LLP bobblack@deloitte.com Myke Miller Managing Director Technology Strategy and Architecture Deloitte Consulting LLP mykemiller@deloitte.com Pete Renneker Senior Manager Cyber Risk Services Deloitte Risk and Financial Advisory Deloitte & Touche LLP prenneker@deloitte.com This document contains general information only and Deloitte Risk and Financial Advisory is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte Risk and Financial Advisory shall not be responsible for any loss sustained by any person who relies on this document. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the Deloitte name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Copyright 2018 Deloitte Development LLC. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback