Silverline DDoS Protection. Filip Verlaeckt

Similar documents
Comprehensive datacenter protection

F5 Synthesis Information Session. April, 2014

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Ihr Standort bleibt erreichbar. Ihre Applikation bleiben erreichbar - Hybride Security-Lösungen für moderne Rechenzentren

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

A10 DDOS PROTECTION CLOUD

Herding Cats. Carl Brothers, F5 Field Systems Engineer

DDoS Detection&Mitigation: Radware Solution

Internet2 DDoS Mitigation Update

Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Multi-vector DDOS Attacks

Imma Chargin Mah Lazer

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

F5 DDoS Hybrid Defender : Setup. Version

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Imperva Incapsula Product Overview

DDoS Protection in Backbone Networks

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Cloudflare Advanced DDoS Protection

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

Arbor Solution Brief Arbor Cloud for Enterprises

A GUIDE TO DDoS PROTECTION

Securing and Accelerating the InteropNOC with F5 Networks

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

August 14th, 2018 PRESENTED BY:

DDoS Mitigation & Case Study Ministry of Finance

Practical Guide to Choosing a DDoS Mitigation Service WHITEPAPER

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

KEEPING THE BAD GUYS OUT WHILE LETTING THE GOOD GUYS IN. Paul Deakin Federal Field Systems Engineer

Cisco Firepower with Radware DDoS Mitigation

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

DDoS Introduction. We see things others can t. Pablo Grande.

DDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud

War Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert

Protect Against Evolving DDoS Threats: The Case for Hybrid

Thunder TPS. Overview. A10 Networks, Inc.

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Insight Guide into Securing your Connectivity

F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

WHITE PAPER Hybrid Approach to DDoS Mitigation

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Large FSI DDoS Protection Reference Architecture

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

Network Security. Thierry Sans

Advanced Attack Response and Mitigation

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Cyber War Chronicles Stories from the Virtual Trenches

A Survey of Defense Mechanisms Against DDoS Flooding A

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

Corrigendum 3. Tender Number: 10/ dated

Neustar forms partnership with Limelight for turbocharged DDoS mitigation

Clean Pipe Solution 2.0

haltdos - Web Application Firewall

DDOS RESILIENCY SCORE (DRS) "An open standard for quantifying an Organization's resiliency to withstand DDoS attacks" Version July

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.

Chapter 7. Denial of Service Attacks

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

Flow-based Traffic Visibility

Incapsula Guide to Selecting a DDoS Solution WHITE PAPER

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

Data Sheet. DPtech Anti-DDoS Series. Overview. Series

the Breakdown of Perimeter Defenses

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

SUPERCHARGE YOUR DDoS PROTECTION STRATEGY

PROTECTING INFORMATION ASSETS NETWORK SECURITY

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?

DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

UDP-based Amplification Attacks and its Mitigations

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Transcription:

Silverline DDoS Protection Filip Verlaeckt f.verlaeckt@f5.com

The evolution of attackers September 1996 First high profile DDoS attack. NY ISP Panix.com that was nearly put out of business. January 2008 Anonymous executes a series of high-profile DDoS attacks against the Church of Scientology. December 2010 WikiLeaks supporters hit PayPal, Visa, Mastercard, and other financial sites with DDoS attacks. April 2011 Attackers use a DDoS attack against Sony to mask the theft of millions of customer records. April 2012 Anonymous knocks down the sites of the U.S. Dept. of Justice, the CIA, and the British Secret Intelligence Service. September 2012 Syrian Cyber Fighters launch Operation Ababil with DDoS attacks on 13 U.S. banks to protest an anti-muslim video. 1996 2008 2009 2010 2011 2012 2013 Script kiddies The rise of hacktivism Cyber war F5 Networks, Inc 2

The evolution of attackers Feb 05 Bitly Outage as result of DDoS attack Feb 11 Elance Freelance Job Site NTP Reflection Attack; temporary website disruption Feb 11 odesk Temporary website disruption as result of DDoS attack Feb 20 Namecheap Simultaneous attack on 300 websites it registers Mar 04 Meetup Event Planning NTP Amplification attack carried out by extortionists Mar 11 GitHub Code Host UDP based Amplification attack Mar 17 Royalty Free Stock Images DDoS attack by extortionists Mar 20 Hootsuite DDoS attack by extortionists Mar 24 Basecamp DDoS attack by extortionists Mar 27 SurveyGizmo DDoS attack; Site down 2 days; ISP abandoned recovery 2014 2014 Script kiddies The rise of hacktivism Cyber war F5 Networks, Inc 3

New Attack Vectors Emerge: Network Time Protocol (NTP) Attacks Zero to Huge in 3 months 350000 300000 Derp Trolling attacks against all major game sites where PhantomL0rd was trying to play FEB 14 325 Gbps 250000 200000 150000 100000 DEC 13 100 Gbps JAN 14 150 Gbps 50000 0 F5 Networks, Inc 4

How have attacks changed recently? Instead compromise 3,000 to 5,000 commercial servers in major data centers Not known bad IP addresses (purchased legitimate resources to launch attack) Big Iron with lots of CPU s creates more traffic Lots of 10 Gbps pipes are attached to those commercial servers Current attacks go beyond overwhelming the site and overwhelm the bandwidth pipe instead Largest single victim attacks 120 Gbps Largest concurrent attacks 190 Gbps (3 banks attacked simultaneously) Average attack size increased 16 Times Q2 2013 over Q2 2012 F5 Networks, Inc 5

More sophisticated attacks are multi-layer Application SSL DNS Network F5 Networks, Inc 6

Current DDoS Solution Market Carriers and CDNs AT&T Verizon Akamai CloudFlare Customer on Premises Equipment (Appliances) F5 Networks, Arbor Networks, Radware, Narus, GenieNRM, Andrisoft, RioRey Cloud Services SMB: Neustar, BlackLotus, Corero, Imperva Enterprise: Prolexic, Verisign, F5 Silverline DDoS Protection Enterprise Secondary: F5 Silverline DDoS Protection F5 Networks, Inc 7

F5 cloud-based scrubbing with Hybrid defenses Threat Intelligence Feed Next-Generation Firewall Corporate Users Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Network Application Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attackers Cloud Scrubbing Service Volumetric attacks and floods, operations center experts, L3-7 known signature attacks ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E-Commerce Subscriber IPS Strategic Point of Control F5 Networks, Inc 8

F5 cloud-based scrubbing with Hybrid defenses Threat Intelligence Feed Next-Generation Firewall Corporate Users Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Legitimate Users DDoS Attackers Cloud Network Application Cloud Scrubbing Service Volumetric attacks and floods, operations center experts, L3-7 known signature attacks Multiple ISP strategy ISPa/b CLOUD KEY FEATURES Network attacks: ICMP flood, UDP flood, SYN flood Real-time Volumetric DDoS attack detection and mitigation in the cloud Multi-layered L3-L7 DDoS attack protection DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS 24x7 expert SOC services Transparent attack IPS reporting via F5 customer portal SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Financial Services E-Commerce Subscriber Strategic Point of Control F5 Networks, Inc 9

What is Silverline DDoS?

The Silverline DDoS Protection Story Defense.net was founded by the pioneers of the commercial DDoS Mitigation Industry Designed to address customer frustrations of legacy cloud based DDoS providers Acquired by F5 in 2014 to be the first in a series of F5 as a Service product offerings AKA Silverline Enhanced through the addition of BIG IP technology and an increased global footprint F5 Networks, Inc 11

Hearing Challenges with Current Enterprise Options SCALE PER CUSTOMER CONCENTRATION RISK SOLUTION SIDE EFFECTS SLOW MITIGATION STARTUP FALSE POSITIVES NOT ENOUGH VISIBILITY INTO ATTACKS 12 F5 Networks, Inc 12

Global Coverage 24/7 Support F5 Security Operations Center (SOC) is available 24/7 with security experts ready to respond to DDoS attacks within minutes Seattle, WA US Global Coverage Fully redundant and globally distributed data centers world wide in each geographic region San Jose, CA US Ashburn, VA US Frankfurt, DE Singapore, SG Industry-Leading Bandwidth Attack mitigation bandwidth capacity over 2.0 Tbps Scrubbing capacity of over 1.0 Tbps Guaranteed bandwidth with Tier 1 carriers

How does F5 Silverline protect against DDoS attacks?

Silverline DDoS Protection Threat Intelligence Feed Next-Generation Firewall Corporate Users Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Network Application Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attackers Cloud Scrubbing Service Volumetric attacks and floods, operations center experts, L3-7 known signature attacks ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E-Commerce Subscriber IPS Strategic Point of Control F5 Networks, Inc 16

DDoS Architecture Scrubbing Center Inspection Tools provide input on attacks for Traffic Actioner & SOC Traffic Actioner injects blackhole routes and steers traffic Inspection Toolsets Traffic Actioner Route Management Scrubbing Center Inspection Plane Flow Collection Flow collection aggregates attack data from all sources Visibility Portal Portal provides real-time reporting and configuration Cloud Signaling Management Legitimate Users Cloud Scrubbing Service Switching Copied traffic for inspection BGP signaling Routing/ACL Netflow Network Mitigation Data Plane Proxy Mitigation Netflow Routing (Customer VRF) GRE Tunnel Proxy IP Reflection X-Connect Customer DDoS Attackers Volumetric attacks and floods, operations center experts, L3-7 known signature attacks Switching mirrors traffic to Inspection Toolsets and Routing layer Ingress Router applies ACLs and blackholes traffic Network Mitigation removes advanced L4 attacks Proxy Mitigation removes L7 Application attacks Egress Routing returns good traffic back to customer F5 Networks, Inc 17

Multiple Ways to Direct Traffic to our Massive Scrubbing Centers BGP (BORDER GATEWAY PROTOCOL) ANYCAST DNS / ANYCAST Multiple Ways to Return Clean Traffic GRE TUNNELS PROXY IP REFLECTION L2VPN F5 Networks, Inc 18

Routed Configuration F5 Silverline DDoS Protection Engaged Data Center TCP Connection: SYN-ACK SRC: 1.2.3.4:80 DST: 86.75.30.9:27182 1.2.3.4 BGP Route Advertisement: F5 route for 1.2.3.0/24 becomes preferred F5 Silverline DDoS Protection 86.75.30.9 TCP Connection: SYN SRC: 86.75.30.9:27182 DST: 1.2.3.4:80 F5 Router F5 Router Internet ISP Router GRE Tunnel Customer/IS P Transit Network Customer Router 1.2.3.5 1.2.3.6 69.86.73.76 TCP Connection: SRC: 69.86.73.76:4243 DST: 1.2.3.4:80 Clean traffic is returned via GRE Tunnel to customer s data center 1.2.3.7 BGP Configuration Change: withdraw advertisement for 1.2.3.0/24 Customer Admin F5 Networks, Inc 19

Proxy Configuration F5 Silverline DDoS Protection Engaged DNS Configuration Change #www.abc.com 1.2.3.4 www.abc.com 5.6.7.8 DNS Query: www.abc.com DNS Query: www.abc.com DNS Query: www.abc.com Data Center DNS Response: www.abc.com 5.6.7.8 Local DNS DNS Response: www.abc.com 5.6.7.8 Public DNS Servers F5 Silverline DDoS Protection DNS Response: www.abc.com 5.6.7.8 Authoritative DNS Customer Admin TCP Connection: SRC: 86.75.30.9:27182 DST: 5.6.7.8:80 TCP Connection: SRC: 6.6.6.18:31415 DST: 1.2.3.4:80 86.75.30.9 TCP Connection: SRC: 69.86.73.76:4243 DST: 5.6.7.8:80 5.6.7.8 Proxy NAT Pool 6.6.6.0/24 ISP Router Customer Router 1.2.3.4 69.86.73.76 TCP Connection: SRC: 69.86.73.76:4242 DST: 1.2.3.4:80 ISP Router ACL permit: 6.6.6.0/24 1.2.3.4/32 deny: any 1.2.3.4/32 F5 Networks, Inc 20

F5 Silverline AttackView Portal Unprecedented Transparency Attack Data Instant inspection on the filters and countermeasures used for mitigation Detailed timeline analysis on type, size, origin, and attack vector Configuration and Provisioning Configure/ review/ modify settings for both Proxy and GRE mode through the portal Detailed Communication Real time attack communications Detailed events showing attack attributes and SOC mitigations applied F5 Networks, Inc 21

Portal: Timeline of Events Timeline of events Event Detail Real time customer portal shows: Type of attack IP origin Mitigation process Flagged annotations of SOC communications F5 Networks, Inc 22

Portal: Real-Time Information SOC Chat: Coordinate directly with the F5 SOC Share attack details Define exact mitigations needed Directly chat with the F5 SOC Application Fluency & Detail Application View: Protocol inspection and statistics Mitigation actions Flagged annotations of SOC communications F5 Networks, Inc 23

Portal: Configuration and Provisioning Directly manage configuration via customer portal Configure Proxy and Routing attributes Manage SSL Certificates Update White and Black List information Check health status of GRE tunnels Administer users and roles Download reports and view audit history F5 Networks, Inc 24

Current Integration Single Vendor; Complete Protection Threat Intelligence Feed Next-Generation Firewall Corporate Users Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Network Application Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attackers Cloud Scrubbing Service Volumetric attacks and floods, operations center experts, L3-7 known signature attacks ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E-Commerce Subscriber IPS Strategic Point of Control F5 Networks, Inc 25

F5 Silverline DDoS Protection - Service Options Always On Primary protection as the first line of defense The Always On subscription stops bad traffic from ever reaching your network by continuously processing all traffic through the cloudscrubbing service and returning only legitimate traffic to your network. Always Available Primary protection available on-demand The Always Available subscription runs on stand-by and can be initiated when under attack. F5 Networks, Inc 26

Q and A? F5 Networks, Inc 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback