Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

Similar documents
Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Cyber War Chronicles Stories from the Virtual Trenches

Cisco Firepower with Radware DDoS Mitigation

DDoS Detection&Mitigation: Radware Solution

Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Multi-vector DDOS Attacks

Comprehensive datacenter protection

Radware: Anatomy of an IoT Botnet and Economics of Defense

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

haltdos - Web Application Firewall

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

Silverline DDoS Protection. Filip Verlaeckt

SHARE THIS WHITEPAPER. Attack Mitigation Service Fully Managed Hybrid (Premise & Cloud) Cyber-Attack Mitigation Solution - Whitepaper

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Drive Greater Value from Your Cisco Deployment with Radware Solutions

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

WHITE PAPER Hybrid Approach to DDoS Mitigation

I D C T E C H N O L O G Y S P O T L I G H T

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Network Security Monitoring with Flow Data

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Flow-based Traffic Visibility

Insight Guide into Securing your Connectivity

A10 DDOS PROTECTION CLOUD

Imma Chargin Mah Lazer

Check Point DDoS Protector Introduction

Large FSI DDoS Protection Reference Architecture

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

DDoS Protection in Backbone Networks

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

A different approach to Application Security

Intelligent and Secure Network

Corrigendum 3. Tender Number: 10/ dated

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

A GUIDE TO DDoS PROTECTION

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

SDN Applications and Use Cases. Copyright 2015 ITRI

Check Point DDoS Protector Simple and Easy Mitigation

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

F5 Synthesis Information Session. April, 2014

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Analisi degli attacchi DDOS e delle contromisure

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

the Breakdown of Perimeter Defenses

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

Pulse Secure Application Delivery

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Imperva Incapsula Product Overview

Scrutinizer Flow Analytics

DDoS Mitigation & Case Study Ministry of Finance

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education

Arbor WISR XII The Stakes Have Changed. Julio Arruda V1.0

Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM

INVESTOR PRESENTATION

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

DDoS MITIGATION BEST PRACTICES

FortiDDoS Deployment Guide for Cloud Signaling with Verisign OpenHybrid

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

TOLLY. Radware, Inc. Radware, Inc. commissioned. DefensePro Test Summary. Throughput Benchmark and Attack Mitigation Evaluation.

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?

Defending against increasingly sophisticated DDoS attacks

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

DDoS Introduction. We see things others can t. Pablo Grande.

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Network Security: Firewall, VPN, IDS/IPS, SIEM

Internet2 DDoS Mitigation Update

Thunder TPS. Overview. A10 Networks, Inc.

GDPR Update and ENISA guidelines

The Next Cyber War Geo-Political Events And Cyber Attacks. Werner Thalmeier Director Security Solutions EMEA & CALA

Enterprise D/DoS Mitigation Solution offering

Advanced Techniques for DDoS Mitigation and Web Application Defense

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Flow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018

Cisco Firepower NGFW. Anticipate, block, and respond to threats

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Network Security. Thierry Sans

Transcription:

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015

Topics What s New in Cybersecurity An Attack Mitigation Network Architecture o Building a Better Mousetrap o Reference Use Cases o A Case Study o Summary

Security Report Update What s Trending? The Rise of the Continuous Attack Application Attacks on the Rise No One is Immune - Unexpected Targets Hybrid Solutions are Gaining Ground Internet Pipe 2014 s #1 Failure Point Cloud, IoT & SDN are Changing the Rules of the Game Reflective Attacks the Largest DDoS Headache Losing Sleep in the C-suite 3

Motivation Behind Attacks are Changing Cyber Crime Hactivism Espionage War Financial gain is the primary motive Driven by ideological differences Gaining information for political, financial, competitive leverage Damage/destroy centers of power; military or non-military 4

No One is Immune Unexpected Targets Threats in new industries, organizational sizes and technology deployments Healthcare and Education unexpected targets now at risk Gaming, Hosting and ISP companies increased likelihood Financial Services the only industry to have a reduced risk 2014 Change from 2013 5

Why Should You Care? 1 minute OUTAGE -$11,000 loss per server Annual cost of -$5,780,000 per server Today more than ever, TIME IS MONEY * Representing lost revenues from on SLA breach Based on 99.9% availability

Did You Know? Attacks evenly split across network and application layers Web-based attacks remain the single most common attack vector 1 in every 4 are HTTPS Increase reflective attacks cause UDP attacks to increase From 7% in 2013 to 16% in 2014 Application 49% 9% 23% 16% Network 51% 18% 6% 16% 10% Reflective attacks represent 2014 s single largest DDoS headache VoIP 1% Web (HTTP/HTTPS) TCP- Other UDP ICMP SMTP DNS IPv6 1% TCP-SYN Flood

Carrier Threats Lurking in the Shadows

Multi-Vectors Attacks Low & Slow DoS attacks (e.g.sockstress) SQL Injections XSS, CSRF Large volume network flood attacks Network Scan Syn Floods HTTP Floods SSL Floods Brute Force App Misuse Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Server Cloud DDoS protection DoS protection Behavioral analysis IPS WAF SSL protection 9

Attack Mitigation Architecture

Attack Mitigation Pillars Collection Detection Mitigation Operation

How Can You Protect From Something You Don t See? Non-Radware Radware Source IP-agnostic detection Encapsulated attacks Encrypted SSL-based attacks Beyond HTTP (SMTP, FTP, SQL) OpenFlow-based Detection Application Attacks Application Attacks Network Attacks Network Attacks Multilayer Detection is Critical! 12

Radware Mitigation Elements DefensePro Real-time attack mitigation device providing layer 4-7 multi-attack coverage DefenseFlow Network-wide attack detection and cyber command and control AppWall Web Application Firewall (WAF) providing full coverage of OWASP top-10 threats

Robust Data Collection Radware Virtual & Physical Appliances L3-4-7 Collection 3rd Party Detection Devices (NetFlow, SIEM, ) NetFlow Radware Flow Collector Command & Control CheckPoint DDoS Protector SDN Enabled Devices OpenFlow / Open Daylight Cisco FirePower 9300 Multi-source collection ensuring 100% attack coverage

Behavior-Based vs. Rate-Based Detection Non-Radware Radware Rate-Based Detection Behavior-Based Detection To prevent service-level impact of legit traffic

Rate-Invariant Behavioral Analysis Rate Analysis 100.0% TCP Flag Distribution Analysis Flash Crowd 50.0% 0.0% SYN SYN-ACK ACK Data RST FIN-ACK RST Flood Attack Rate Analysis 100.0% 50.0% TCP Flag Distribution Analysis 0.0% SYN SYN-ACK ACK Data RST FIN-ACK 16

Beyond Primitive Source IP Blocking Non-Radware Radware Source IP Address Only X.X.X.X Signature with multiple parameters Smart traffic blocking based on Real-Time Signature incorporating multiple parameters comparing to primitive source IP address blocking

Shortest Time to Mitigate via Synchronized Operation Non-Radware Non-Synchronized Operation Radware Synchronized Operation Attack Detection Attack Mitigation Attack Detection Attack Mitigation Signature regenerated from scratch by Mitigation Device Signature is synched to Mitigation Device Radware synchronized operation = real-time mitigation engagement. Non-synchronized operation = up to 28 minutes delay

Real-Time Signature Generation vs. Manual Non-Radware Manual Signature Generation Radware Real-Time Signature Generation 30 MINUTES 18 SECONDS Manual signature creation can take up to 30 minutes. Radware Real-Time Signature is generated in up to 18 seconds.

Automatic vs. Labor-Intensive Operation Non-Radware Manual Signature Generation Radware Real-Time Signature Generation Manual Attack Blocking Automatic Attack Blocking Manual SoC analysis is required for every attack causing high investment in HR

Complete & Automatic Attack Lifecycle Management Attack termination New service provisioning Lower TCO Less dependency on HR Traffic diversion Automatic mitigation activation

Cyber Attack Protection In Action

Use Case 1 3 rd Party NetFlow-Based Attack Detection Internet Service Provider Network Protected Objects 3 rd Party NetFlow-based Attack Detector Scrubbing Center DefensePro Attack detection by the NetFlow Attack Detector DefenseFlow configures DefensePro with Traffic baselines and diversion information DefenseFlow Diverts traffic for attack cleansing

Use Case 2 Radware NetFlow-Based Attack Detection Internet Service Provider Network Protected Objects Radware Flow Collector Scrubbing Center DefensePro DefenseFlow exports DefenseFlow to DefensePro detects diverts the traffic attack baselines for (behavioral attack and cleansing analysis) diversion information

Use Case 3 OpenFlow-Based Attack Detection Internet Service Provider Network Protected Objects SDN Controller Scrubbing Center DefensePro DefenseFlow DefenseFlow configures Diverts DefensePro detects suspicious the for attack traffic (behavioral information attack analysis) cleansing and traffic diversion

Use Case 4 Layer-7 Attack Detection Internet Service Provider Network Protected Objects Scrubbing Center DefensePro DefensePro Radware DefenseFlow Detects WAF DefenseFlow and the configures SSL Application Inspection Diverts DefensePro Layer can suspicious also (L7) for be Attack attack utilized traffic and information sync attack advanced attack and cleansing baseline web traffic tier diversion to protection DefenseFlow

Summary of Use Cases Case Attack Detection Traffic Redirection Attack Mitigation NetFlow Attack Detector BGP Redirection NetFlow Telemetry BGP Redirection OpenFlow (SDN) Telemetry SDN Redirection DefensePro DefensePro BGP Redirection 27

A Case Study

Case Study #1 - Boston s Children Hospital About Boston s Children Hospital Why Attack a Hospital? 25,000 inpatients each year and 557,000 visits Ranked nationally in 10 pediatric specialties 200+ specialized clinical programs Clinical operations dependent upon networked data and devices Shared ISP services across a network of 7 other healthcare providers Early 2014, custody dispute related to 15-year old in BCH s care Turned over to Massachusetts protective services Group claiming affiliation with Anonymous begin threatening BCH 29

A Look Inside the Attack 30

Attack Vectors Involved and Identified Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Server Infrastructure UDP Fragmented Flood DNS Reflection UDP Flood (PPS) State TCP Out Of State Flood UDP Scan Zero Payload attacks Zero sequence number attacks Invalid ACK number attacks ICMP Flood Application Slowloris SQL-Injection XSS Worm infection - Mydoom SIPVicious - Scanning tool Web-etc/passwd-Dir-Traversal 31

BCH Attack Analysis Summary Duration Multi Vector Mitigation Total duration of the attack was over a month Radware solution was deployed after attack started Total of 15 different attack vectors in the same attack campaign As many as 6 different vectors were observed simultaneously Mixture of web attacks and DDoS attacks - common in Hacktivism related events Proactive planning - didn t assume they weren t a target Identified impacted assets and processes Enlisted outside, expert support Learnings Anyone may be a target! An integrated solution is required Prepare a response plan 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback