Arbor Solution Brief Arbor Cloud for Enterprises

Similar documents
Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

Arbor White Paper Keeping the Lights On

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

Comprehensive datacenter protection

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

DDoS MITIGATION BEST PRACTICES

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Enterprise D/DoS Mitigation Solution offering

Imperva Incapsula Product Overview

A GUIDE TO DDoS PROTECTION

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

DDoS Managed Security Services Playbook

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Cloudflare Advanced DDoS Protection

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

A10 DDOS PROTECTION CLOUD

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

DDoS Introduction. We see things others can t. Pablo Grande.

AKAMAI CLOUD SECURITY SOLUTIONS

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

RSA INCIDENT RESPONSE SERVICES

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

RSA INCIDENT RESPONSE SERVICES

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Inline DDoS Protection versus Scrubbing Center Solutions. Solution Brief

WHITE PAPER Hybrid Approach to DDoS Mitigation

White Paper NEXT GENERATION DDoS SERVICES

Use Cases. E-Commerce. Enterprise

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Chapter 10: Denial-of-Services

Why DDoS Makes for Risky Business and What You Can Do About It

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Check Point DDoS Protector Introduction

Corrigendum 3. Tender Number: 10/ dated

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Practical Guide to Choosing a DDoS Mitigation Service WHITEPAPER

I D C T E C H N O L O G Y S P O T L I G H T

Multi-vector DDOS Attacks

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Safeguard Your Internet Presence with Sophisticated DDoS Mitigation.

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

Global DDoS Threat Landscape

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Your network is your business lifeline. Protect it. LEVEL 3 ADAPTIVE NETWORK SECURITY

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

Comprehensive Citrix HDX visibility powered by NetScaler Management and Analytics System

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Prolexic Attack Report Q4 2011

CloudSOC and Security.cloud for Microsoft Office 365

Silverline DDoS Protection. Filip Verlaeckt

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

War Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

DDoS Detection&Mitigation: Radware Solution

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Are You Fully Prepared to Withstand DNS Attacks?

Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Beyond Blind Defense: Gaining Insights from Proactive App Sec

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

Cisco Firepower NGFW. Anticipate, block, and respond to threats

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

Information Security Specialist. IPS effectiveness

Securing Your Microsoft Azure Virtual Networks

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SIEMLESS THREAT MANAGEMENT

APP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform

DDoS Defense for Financial Services Companies

Keeping the Doors Open and the Lights On

Kaspersky Security Network

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Transcription:

Arbor Solution Brief Arbor Cloud for Enterprises Integrated DDoS Protection from the Enterprise to the Cloud

About Arbor Networks Arbor Networks Inc., the cyber security division of NETSCOUT, helps secure the world s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor s advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers marketleading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a force multiplier, making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context so customers can solve problems faster and reduce the risk to their business. To learn more about Arbor products and services, please visit our website at arbornetworks.com. Arbor s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal. 1

Table of Contents The New Breed of Attack: Multi-Layered DDoS...2 Distributed DDoS Attacks...2 Volumetric DDoS Attacks...2 State Exhausting DDoS Attacks...3 Application-Layer DDoS Attacks...3 Traditional Perimeter Security Solutions Are Not Designed to Defend Against DDoS...3 Arbor Cloud SM : On-Premise + In-Cloud DDoS Protection for Global Networks...4 In-Cloud Protection: Powerful, Proactive, On-Demand...6 Powered by the ASERT TEAM...6 Cloud Signaling : Full Integration from the Data Center to the Cloud...6 Conclusion...7 1

The New Breed of Attack: Multi-Layered DDoS Today s DDoS threats have evolved in both complexity and sophistication. They target the availability of networks, services and applications often at the same time through a multi-layered attack strategy. This strategy combines high-bandwidth assaults that overwhelm the capacity of enterprise data centers with low-bandwidth, hard-to-detect attacks aimed at bringing down critical applications. These new multi-layer attacks can negate the effectiveness of traditional perimeter security devices, such as firewalls and Intrusion Prevention Systems (IPS). High-volume flood attacks overpower the bandwidth limitations of these devices. Meanwhile, low and slow application-layer attacks fly under their radar escaping detection until critical services are down or badly degraded. Unfortunately, most organizations are unprepared for this new breed of attack and are blindsided when their traditional security devices fail to protect their networks and core business systems. To better ensure business availability, today s enterprise should have multi-layered DDoS protection from the edge of its network to the cloud. Protection against the new breed of DDoS attacks requires an understanding of the methodologies and tools used by attackers. Today s multi-layer DDoS assaults can combine any or all of the following approaches into a single, coordinated attack. The results can be catastrophic including upstream saturation, state exhaustion and service outage. Distributed DDoS Attacks Taking advantage of the proliferation of compromised computers, attackers utilize a command-and-control network to create a botnet. They use these botnets to launch targeted DDoS attacks originating from the vast number of infected hosts. Volumetric DDoS Attacks These devastating attacks typically target network infrastructure components such as switches, routers or servers. By flooding bandwidth with connection requests, they cripple legitimate traffic and availability to critical resources. A myriad of volumetric attack tools are available that utilize common protocols. Some of the more widespread types include: UDP flood attacks that take advantage of the connectionless nature of the UDP protocol. Reflection flood attacks that utilize a legitimate resource such as DNS to amplify an attack. The DNS response is multiplied many times and sent to the victim s spoofed IP address, thereby exhausting resources. Internal Apps ISP Remote Offices ISP Mobile WiFi Corporate Servers Figure 1: Multi-layered DDoS attacks Employees 2

State Exhausting DDoS Attacks These attacks target security infrastructure devices such as firewalls, IPS and load balancers. They take advantage of connection-state tables by flooding them with half-open connections and other TCP connection attacks. Application-Layer DDoS Attacks These attacks represent the most popular attack vector as their stealthy nature makes them harder to detect. They target systems on the application layer from Web services to custom applications. By making critical applications inaccessible to those who rely on them, these attacks deliver a significant blow to business availability. Traditional Perimeter Security Solutions Are Not Designed to Defend Against DDoS Traditional perimeter security devices such as firewalls and IPS are essential elements of a layered-defense strategy. However, they are not designed to protect against the multi-layered nature of today s complex DDoS attacks. DDoS attacks typically utilize legitimate traffic payload distributed from large networks of hosts, and exhaust capacity in critical assets and systems. Examples include link capacity, session capacity, application service capacity (e.g., HTTP/S, DNS) and back-end databases. Traditional security devices fail to protect from DDoS attacks because the traffic appears to be legitimate and is allowed to pass by these systems. Additionally, firewalls and IPS are stateful inspection devices, which means they are vulnerable to today s multi-layer attacks and often become the targets themselves. Why Firewall and IPS Devices Do Not Solve the DDoS Problem Vulnerable to DDoS Attacks Because these devices are inline, stateful devices, they are vulnerable and targets of DDoS attacks. Firewalls and IPS are the first to be affected by large flood or connection attacks. Failure to Ensure Availability Built to protect against known (vs. emerging) threats. Designed to look for threats within single sessions, not across sessions. Deployed in Wrong Location for DDoS Protection Very close to servers. Too close to upstream router. Protection Limited to Certain Attacks Address only specific application threats. By default, they must allow common attack traffic such as TCP port 80 (HTTP) or UDP port 53 (DNS). They do not handle attacks containing valid requests. Incompatible with Cloud-Based DDoS Protection Systems Fail to interoperate with cloud-based DDoS prevention solutions. Increase response time to DDoS attacks. Lack of DDoS Expertise DDoS protection requires prior knowledge of attack types. 3

Arbor Cloud SM : On-Premise + In-Cloud DDoS Protection for Global Networks Arbor Cloud is an integrated, multi-layer solution for protecting against today s complex DDoS attacks. This comprehensive protection is achieved by augmenting Arbor s on-premise, always-on DDoS defense product with its cloud-based, on-demand traffic scrubbing service. Using Cloud Signaling technology, Arbor Cloud integrates on-premise and cloud-based protection, accelerating attack identification and mitigation. This service is backed by a 24X7 Security Operations Center staffed by Arbor s DDoS and security experts. Arbor Cloud provides on-premise protection that helps prevent stealthy, low-and-slow attacks that bypass firewalls and IPS and target critical business applications. This on-premise protection also guards against state-exhausting DDoS attacks that overwhelm existing security devices. Augmenting the on-site protection is the on-demand traffic scrubbing service staffed by Arbor s DDoS security experts. This cloud-based service defends against volumetric DDoS attacks that are too large to be mitigated on-premise. With each layer of protection, Arbor delivers its industryleading expertise and technology whether through its on-premise detection and mitigation product or its globally deployed architecture for DDoS traffic scrubbing in the cloud. As a result, Arbor Cloud provides a single, carrieragnostic security solution that helps protect globally distributed networks from multi-layer attacks that evade traditional perimeter defenses. Arbor Cloud delivers a powerful first line of defense through Arbor s industry-leading on-premise DDoS attack detection and mitigation product. This easy-to-deploy and manage appliance is designed to automatically neutralize attacks before they impact critical servers or systems. It helps deliver protection from: Application-layer attacks State exhausting attacks Volumetric attacks (up to the limitation of the device) Because the cost of downtime is extremely high for most global organizations, Arbor s on-premise solution is designed to automatically detect and mitigate DDoS attacks with little or no user interaction before services are degraded. It also offers simple fallback plans and resolution techniques when attacks cannot be readily identified. Moreover, the on-premise solution can recognize legitimate CDN traffic and will not accidentally block it. With Arbor Cloud DDoS Protection Service, the enterprise manages the on-premise device, maintaining control over their first line of defense. Arbor Multi-Layer Cloud Protection On-Premise Protection Provide a first line of defense against high-volume attacks; defend against low-and-slow attacks that fly under the radar of traditional perimeter defenses and bring down critical business applications; and guard against stateexhausting attacks that overwhelm firewalls and IPS devices. In-Cloud Protection Block high-bandwidth DDoS attacks that overpower the mitigation capacity of enterprise data centers, and provide cloud-based traffic scrubbing for stealthy, high-volume attacks that evade traditional security checkpoints. Coordinated Protection Accelerate detection and mitigation by seamlessly integrating on-premise via Arbor Networks APS and in-cloud protection through Cloud Signaling. A Global Protection Layer from a Single Vendor Rely on comprehensive, carrier-agnostic protection for your global enterprise network backed by world-leading security and network research and intelligence from ATLAS /ASERT and 24x7 service and support by our experts. 4

Additional benefits of Arbor s on-premise solution include: Automatic Threat Updates Arbor enjoys a close and privileged relationship with leading ISPs around the world. Through its extensive network of sensors and data feeds, Arbor has real-time visibility into 70Tb/sec of global Internet traffic. This gives Arbor unmatched insight into emerging threats information used by the ASERT Team to develop defenses against new and emerging threats. The ATLAS Intelligence Feed (AIF) delivers threat updates directly to the on-premise solution in real-time, requiring no action on the part of enterprise security and IT teams. Visibility, Control and Alerting On-premise protection delivers real-time visibility into attacks, blocked hosts and even packets. It offers the flexibility operators need to alter attack countermeasures and thresholds, if required. It also includes active alerting that notifies security engineers of ongoing attacks that are blocked, as well as other network events that may require attention. Manual or Automatic Mitigation Alerts When the on-premise solution detects an attack, you can manually alert the cloud deployment about the attack. Alternatively, you can preset the on-premise solution to automatically send an alert to the cloud upstream when a threshold is reached. Advanced Web Crawler Service Arbor has even taken into consideration a Web site s page ranking and search engine results. ASERT maintains policies in AIF designed to allow specific Web crawlers to access your site, while blocking those that are identified as malicious or irrelevant. Arbor Cloud Stops High-Volume Attacks Real-Time and Historical Attack Forensics and Reporting Enterprises can visually understand the actions taken by the on-premise solution through detailed, real-time attack reports. Besides documenting these actions in audit logs, the solution provides forensic reports detailing blocked hosts, origin countries of attacks and historical trends. These easy-to-understand reports can also be given to peers or management to educate them on the threats to service availability and the steps taken to address the attacks. Cloud Signaling On-Premise Stops Stealthy Attacks Arbor Networks APS Full Control of Mitigation Unlike other managed DDoS solutions, Arbor Cloud enables enterprises to maintain control over DDoS mitigation via the on-premise solution. The Arbor Cloud Portal provides information regarding the attack and mitigation, a timer for measuring attack duration, granular reporting on attack traffic and account management tools. Enterprise Network Figure 2: On-premise + Cloud protection 5

In-Cloud Protection: Powerful, Proactive, On-Demand When an attack occurs, speed and agility are critical to business continuity. In the event of a volumetric attack, Arbor s on-premise solution serves as a first line of defense rerouting inbound traffic to one of Arbor Cloud s four global scrubbing centers for cloud-based mitigation. These four scrubbing centers are located in: Ashburn, VA, San Jose, CA, Amsterdam and Singapore. The SOC is located in Sterling, VA. When this occurs, Arbor s experienced security experts and engineers work hand-in-hand with the enterprise IT team to quickly redirect malicious DDoS traffic away from the affected infrastructure based on predetermined methods. Through four global scrubbing centers, Arbor Cloud can help defuse the large, complex high bandwidth attacks that make headlines daily and threaten the availability of critical resources and assets. After an attack occurs, Arbor Cloud delivers a comprehensive and granular report detailing the attack in its entirety. To ensure understanding and transparency in service delivery, this report is delivered during a one-on-one meeting with Arbor s Security Operations Center engineers and the enterprise organization. Powered by ASERT Arbor security researchers have a real-time view of over 70% of global internet traffic. This unmatched access to emerging threats enables the ASERT Team to develop timely, automatic updates to on-premise solutions and the Arbor Cloud SOC. As a part of the Arbor Cloud service, ASERT will provide customers with the same global intelligence and insight that it delivers to the Arbor SOC through weekly Threat Briefs that will be available on the ATLAS portal. Additionally, In the event of late breaking attacks or urgent threats, a Threat Brief will be released that informs customers of these threats. From the portal, customers will be able to see the following (which includes the threat briefs): Global Threat Map: Real-time visibility into globally propagating threats Threat Briefs: Summarizing the most significant security events that have taken place over the past 24 hours Top Threat Sources: Multi-dimensional visualization of originating attack activity Threat Index: Summarizing Internet malicious activity by offering detailed threat ratings Top Internet Attacks: 24-hour snapshot of the most prevalent exploits being used to launch attacks globally Cloud Signaling Technology: Integration from the Data Center to the Cloud with Arbor Networks APS Arbor Cloud integrates on-premise and cloud-based protection using Arbor s unique Cloud Signaling technology. By enabling communication between the on-site and in-cloud environments, Cloud Signaling technology facilitates rapid DDoS attack detection and mitigation. When an attack begins to saturate connection bandwidth, for example, the on-premise device can trigger an alert to the Arbor Cloud scrubbing center augmenting on-premise protection with cloud-based mitigation. Rely on Arbor Cloud Advanced protection against:* Spoofed/Non-spoofed DoS Attacks TCP (SYN, etc.), ICMP, UDP Floods Botnets Blackenergy, Darkness, YoYoDDoS, etc. Common DoS/DDoS Tools Slowloris/Pyloris, Pucodex, Sockstress, ApacheKiller Voluntary Botnets (Anonymous, etc.) HOIC, LOIC, etc. Application Attacks HTTP URL GET/POST Floods Malformed HTTP Header Attacks Slow-HTTP Request Attacks SYN Floods Against SSL Protocols Malformed SSL Attacks SSL Renegotiation Attacks SSL Exhaustion (Single Source/ Distributed Source) DNS Cache Poisoning Attacks DNS Request Floods SIP Request Floods Custom Attacks Unique to Your Service Location-Based IP Addresses * APS also allows user-configured custom protection. 6

Conclusion Organizations today are often ill-prepared to protect their globally dispersed networks against highly targeted, complex and multi-layered DDoS attacks. The new attack reality calls for an integrated multi-layer solution designed to fend off assaults by employing the most effective detection technique at the most efficient location, whether that means on-premise or in the cloud. Arbor Cloud offers 24x7 DDoS protection from the premises to the cloud using Arbor s proven DDoS detection and mitigation solutions at both ends. In-cloud protection is designed to block high-bandwidth DDoS attacks that flood your network with traffic. Meanwhile, on-premise protection helps prevent low-bandwidth, hard-to-detect attacks that bypass existing security devices like firewalls and IPS devices, and target the applications that keep your business running. It s all supported by Arbor s 24x7 Security Operations Center staffed by our DDoS and security experts. For more information about how Arbor Cloud can help protect your enterprise against today s multi-layer DDoS attacks, please contact your Arbor representative or log on to www.arbornetworks.com/products/arbor-cloud. 7

8

9

CORPORATE HEADQUARTERS 76 Blanchard Road Burlington, MA 01803 USA Toll Free USA +1 866 212 7267 T +1 781 362 4300 NORTH AMERICA SALES Toll Free +1 855 773 9200 EUROPE T +44 207 127 8147 ASIA PACIFIC T +65 6664 3140 www.arbornetworks.com 2016 Arbor Networks, Inc. All rights reserved. Arbor Networks, the Arbor Networks logo, ArbOS, Cloud Signaling, Arbor Cloud, ATLAS, and Arbor Networks are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners. SB/ACE/EN/0516-LETTER

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback