DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Similar documents
Check Point DDoS Protector Introduction

Check Point DDoS Protector Simple and Easy Mitigation

the Breakdown of Perimeter Defenses

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Information Security Adaption: Survival In An Evolving Threat Landscape. Carl Herberger VP, Security Solutions, Radware

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Securing the Next Generation Data Center

Corrigendum 3. Tender Number: 10/ dated

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

exam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Cisco Firepower with Radware DDoS Mitigation

Comprehensive datacenter protection

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

New Software Blade and Cloud Service Prevents Zero-day and Targeted Attacks

Intelligent and Secure Network

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

DDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud

Security Gap Analysis: Aggregrated Results

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Cisco Firepower NGFW. Anticipate, block, and respond to threats

IPS-1 Robust and accurate intrusion prevention

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

CASE STUDY: REGIONAL BANK

haltdos - Web Application Firewall

Intelligent Protection

WHITE PAPER Hybrid Approach to DDoS Mitigation

Cisco Firepower NGFW. Anticipate, block, and respond to threats

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Business Strategy Theatre

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

IBM Next Generation Intrusion Prevention System

Tender 10/ dated Reply to Pre-bid Queries

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

Silverline DDoS Protection. Filip Verlaeckt

Emerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan

Agile Security Solutions

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Arbor White Paper Keeping the Lights On

NIP6000 Next-Generation Intrusion Prevention System

IBM Security Network Protection Solutions

DDoS Detection&Mitigation: Radware Solution

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

Herding Cats. Carl Brothers, F5 Field Systems Engineer

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

akamai s [state of the internet] / security

Unlocking the Power of the Cloud

Imperva Incapsula Website Security

Symantec Client Security. Integrated protection for network and remote clients.

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

FIREWALL BEST PRACTICES TO BLOCK

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Design your network to aid forensics investigation

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

August 14th, 2018 PRESENTED BY:

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Enterprise D/DoS Mitigation Solution offering

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Imma Chargin Mah Lazer

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees

Managed Endpoint Defense

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

SIEMLESS THREAT MANAGEMENT

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Arbor Solution Brief Arbor Cloud for Enterprises

Multi-vector DDOS Attacks

PT Unified Application Security Enforcement. ptsecurity.com

PROTECTING INFORMATION ASSETS NETWORK SECURITY

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Future-ready security for small and mid-size enterprises

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

CIH

AKAMAI THREAT ADVISORY. Satori Mirai Variant Alert

Cyber War Chronicles Stories from the Virtual Trenches

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

BIG-IP Application Security Manager : Implementations. Version 13.0

Stopping Advanced Persistent Threats In Cloud and DataCenters

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

FortiDDoS Deployment Guide for Cloud Signaling with Verisign OpenHybrid

McAfee Network Security Platform Administration Course

Transcription:

DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved.

Agenda 1 2 3 4 DDoS Trends Overview DDoS 2.0 Check Point DDoS Protector Multiple Threat Prevention Solution 2

Cybercrime Trends for 2012 44% 35% 33% 32% SQL Injections APTs Botnet DDoS 65% Businesses Experienced Attacks Average $214,000 of Damage Per Attack Ponemon Institute, May 2012 3

DDoS Timeline Summary Graph Attack Risk Vandalism and Publicity CodeRed 2001 Worms Nimda (Installed Trojan) 2001 2011, Radware, Ltd. Blaster 2003 Slammer (Attacking SQL sites) 2003 Financially Motivated Blending Motives Agobot (DoS Botnet) Republican website DoS 2004 Storm (Botnet) 2007 DDoS Srizbi (Botnet) Rustock 2007 (Botnet) 2007 Estonia s Web Sites DoS 2007 Hacktivism Kracken (Botnet) 2009 2010 IMDDOS (Botnet) Google / Twitter Attacks2009 Georgia Web sites DoS 2008 2001 2005 2010 Dec 2010 Operation Payback July 2009 Cyber Attacks US & Korea LulzSec Sony, CIA, FBI Mar 2011 Netbot DDoS Blend DDoS Attacks Gaining Momentum Mar 2011 Codero DDoS / Twitter Israeli sites Mar 2011 Operation Payback II Peru, Chile Mar 2011 DDoS Wordpress.com Time 2012 4

Agenda 1 DDoS Trends 2 3 4 Overview DDoS 2.0 Check Point DDoS Protector Multiple Threat Prevention Solution 5

DDoS Tool Anyone Can Use Simple Interface Focused Payload Script - Killer Attacks Simple Scripting Randomize Attacks Difficult Detection Source: Spiderlabs.com 6

Attackers Use Multi-Layer DDoS Simultaneous Attack Vectors Large-volume network flood attacks SYN flood attack Low and slow DoS attacks (e.g., Socket stress) Application vulnerability High and slow application DoS attacks Web attacks: brute force login locked 1 successful attack vector = No service 7

Agenda 1 DDoS Trends 2 3 4 Overview DDoS 2.0 Check Point DDoS Protector Multiple Threat Prevention Solution 8

Introducing Check Point Check Point DDoS Protector Block Denial of Service Attacks within seconds! 9

Check Point DDoS Protector Customized multi-layered DDoS protection Protects against attacks within seconds Integrated security management and expert support DDoS Protector 10

DDoS Attack Information Network Flood Server Flood Application Low & Slow Attacks High volume of packets High rate of new sessions Web / DNS connectionbased attacks Advanced attack techniques 11

Multi-Layer DDoS Protection Network Flood Server Flood Application Low & Slow Attacks Two patent technologies Fuzzy Logic and real time signature technology Advanced Action Escalation Technology 100% Accurate of mitigating attack traffic, while Behavioral High volume of network packets analysis Automatic and High rate of pre-defined new sessions signatures Web Behavioral / DNS connectionbased DNS HTTP and attacks Advanced Granular attack custom filters techniques passing 100% legitimate traffic. (NSS Lab 2010) Stateless and behavioral engines Protections against misuse of resources Challenge / response mitigation methods Create filters that block attacks and allow users 12

On-the-Fly Signature Creation Protect Applications and Services Automatically Public Network Inputs Network Servers Clients DoS and DDoS Application Level Threats Real-Time Signature Inbound Traffic Inspection Module Behavioral Analysis Closed Feedback Zero-Minute Malware Propagation Abnormal Activity Detection Outbound Traffic Enterprise Network Real-Time Signature Generation Optimize Signature Remove When Attack is Over 13

Appliance Specifications Model DP 506 DP 1006 DP 2006 DP 3006 DP 4412 DP 8412 DP 12412 Capacity 0.5Gbps 1Gbps 2Gbps 3Gbps 4GBps 8Gbps 12Gbps Max Concurrent Sessions Max DDoS Flood Attack Protection Rate Latency 2 Million 4 Million 1 Million packets per second 10 Million packets per second <60 micro seconds Real-Time Signatures Detect and protect against attacks in less than 18 seconds 14

Flexible Deployment Options Ready to Protect in Minutes Fits to Existing Network Topology Optional Learning Mode Deployment Low Maintenance and Support 15

Support IPv6 networks Detect and block IPv6 attacks 16

Deployment Locations Scenarios: 1 2 3 On-Premise Deployment Transparent network device easily DDoS Security Appliance fits into existing network topology (layer 2 bridge) + Off-Site Deployment DDoS Security Appliance 17

Agenda 1 DDoS Trends 2 3 4 Overview DDoS 2.0 Check Point DDoS Protector Multiple Threat Prevention Solution 18

Anti-Bot Software Blade DISCOVER and STOP Bot Attacks Discover Bot infections Multi-tier discovery Prevent Bot damage Stop traffic to remote operators Investigate Bot infections Extensive forensics tools 19

ThreatSpect Engine ThreatSpect Engine Maximum security with multi-gig performance Reputation Detect Command & Control sites and drop zones Over 250 millions addresses in ThreatCloud Real time updates Network Signatures Over 2000 bots family unique communication patterns Dozen of behavioral patterns Suspicious Email Activity Over 2 million outbreaks 20

End to end Mitigation Solution Global Internet On-premises Protection Against Application DDoS Attacks Low & Slow Attacks ISP Anti-Dos Protection Against Volumetric Bandwidth Attacks ISP Core Network ISP Anti-DoS Service (clean pipe) Customer Site 21

Integrated Security Management Unified Logs and Monitoring and Unified Reporting Leverage SmartView Tracker, SmartLog and SmartEvent for historic and realtime security status 22

Summary Blocks DDoS Attacks Within Seconds Customized multi-layered Anti-bot, DDoS protection Ready to protect in minutes Integrated with Check Point Security Management 23

You need to Monitor the flood of IPS, Anti-Bot and Antivirus events around the clock Identify real intrusions and stop them Continually optimize and manage threat prevention policies Develop a response plan to quickly recover from attacks 25

ThreatCloud Security Services Managed Security Service continuously monitors your network and provides actionable alerts, attack protection and Check Point expertise 24/7 Incident Response provides expert assistance during critical security incidents to get you back to business as usual quickly 26

Managed Security Service Threat Prevention Software Blades Check Point Human Expertise Threat Intelligence IPS AV Anti Bot Monitors your Check Point gateways for advanced threats and provides expert resources to optimize your security around the clock 27

Managed Security Service Features Your logs are continually examined by Check Point s analysis engine and security experts Thousands of events distilled into real time, clear, actionable alerts Constant tuning optimizes coverage and performance for Threat Prevention Software Blades 24/7 coverage protects your network with Check Point security Fully Managed / Monitoring services 28

We monitor your logs to turn your flood of events Into Actionable Alerts! Thousands of Events per Day Few Actionable Alerts per Week! 24/7 Analysis by Check Point Experts 29

Do you utilize the latest Intelligence? We access dynamic, global security intelligence from the Check Point ThreatCloud The industry s largest security intelligence collaboration infrastructure delivering real-time protection to security gateways 250 million addresses for Bot discovery 4.5 million malware signatures 300,000 malware-infested websites 30

Managed Security Service Portal provides Global Intelligence view and reports Global benchmarks Blacklists Who is attacking? What attacks? 31

Managed Security Service Levels Monitoring Security Service Fully Managed Service Standard Premium Elite Automated monitoring & alerting Yearly policy tuning Expert monitoring & alerting; Incident tracking Quarterly policy tuning Complete Threat Prevention gateway management On-going tuning; implemented by Check Point SOC Customer owned and deployed Check Point gateways Check Point-provided Gateways with Threat Prevention Software Blades 32

ThreatCloud Security Services Managed Security Service continuously monitors your network and provides actionable alerts, attack protection and Check Point expertise 24/7 Incident Response provides expert assistance during critical security incidents to get you back to business as usual quickly 33

When An Incident Occurs Customer calls incident response hotline Conference call line opened for immediate triage and initial assessment System/network resources analyzed and baseline patterns established Logs/malware analyzed, including full packet capture or binary analysis Recommendations and remediation provided, full report delivered 34

3D Security Analysis Report 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. [Restricted] ONLY for designated 2012 Check groups Point and Software individuals Technologies Ltd. [PROTECTED] All rights reserved.

3D Security Analysis Report tool 36

Thank You 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback