Check Point DDoS Protector Introduction

Similar documents
Check Point DDoS Protector Simple and Easy Mitigation

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Securing the Next Generation Data Center

Corrigendum 3. Tender Number: 10/ dated

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

haltdos - Web Application Firewall

Data Sheet. DPtech Anti-DDoS Series. Overview. Series

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Data Sheet. DPtech IPS2000 Series Intrusion Prevention System. Overview. Series IPS2000-MC-N. Features

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Distributed Denial of Service

Appliance Comparison Chart

Comprehensive datacenter protection

Appliance Comparison Chart

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

IxLoad-Attack TM : Network Security Testing

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

TESTING DDOS DEFENSE EFFECTIVENESS AT 300 GBPS SCALE AND BEYOND

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

Symantec Network Security 7100 Series

DDoS Detection&Mitigation: Radware Solution

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Radware DefensePro DDoS Mitigation Release Notes Software Version Last Updated: December, 2017

the Breakdown of Perimeter Defenses

A Unified Threat Defense: The Need for Security Convergence

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Dynamic Datacenter Security Solidex, November 2009

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Imperva Incapsula Product Overview

Cloudflare Advanced DDoS Protection

A10 DDOS PROTECTION CLOUD

SECURITY FOR SMALL BUSINESSES

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Basic Concepts in Intrusion Detection

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Cisco IOS Inline Intrusion Prevention System (IPS)

Computer Security: Principles and Practice

IPS-1 Robust and accurate intrusion prevention

Resources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can

A Security Orchestration System for CDN Edge Servers

DDoS Mitigation & Case Study Ministry of Finance

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats

Check Point IPS R75. Administration Guide

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Configuring attack detection and prevention 1

Tender 10/ dated Reply to Pre-bid Queries

Cisco Firepower with Radware DDoS Mitigation

Chapter 7. Denial of Service Attacks

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Thunder TPS. Overview. A10 Networks, Inc.

Features. HDX WAN optimization. QoS

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

Imma Chargin Mah Lazer

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

Snort: The World s Most Widely Deployed IPS Technology

Arbor Solution Brief Arbor Cloud for Enterprises

The Protocols that run the Internet

Activating Intrusion Prevention Service

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

McAfee Network Security Platform

SANGFOR AD Product Series

McAfee Network Security Platform

methods of attack detection built on customized hardware vs. signature based methods built on standard CPU/RAM WHAT IS A DDOS ATTACK?

Appliance Comparison Chart

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education

Inline DDoS Protection versus Scrubbing Center Solutions. Solution Brief

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

CSE 565 Computer Security Fall 2018

Spirent Avalanche. Applications and Security Testing Solutions. Application. Features & Benefits. Data Sheet. Network Performance Testing

SmartWall Threat Defense System - NTD1100

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Advanced Techniques for DDoS Mitigation and Web Application Defense

Additional Security Services on AWS

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

IPS R Administration Guide

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Stopping Advanced Persistent Threats In Cloud and DataCenters

Are You Fully Prepared to Withstand DNS Attacks?

Distributed Denial of Service (DDoS)

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Future-ready security for small and mid-size enterprises

Cisco ASA 5500 Series IPS Solution

Transcription:

Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com

Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2

(D)DoS Attack Methods and Tools Attacks can be partitioned into three dimensions Network DoS Attack Application flood DoS attacks Directed application DoS attacks Consuming bandwidth resources Target the application resources Exploit application implementation weaknesses 3

Network and Application Attack Coexist DDoS Attack by Types Application Layer Attacks TCP SYN Flood Network Layer Attacks More attacks are targeted at the application layer 4

Attackers Use Multi-Layer DDoS Simultaneous Attack Vectors Large-volume network flood attacks SYN flood attack Low and slow DoS attacks (e.g., Socket stress) Application vulnerability High and slow application DoS attacks Web attacks: brute force login locked 1 successful attack vector = No service 5

DDoS and Traditional Security Attackers Take Advantage of Traditional Security Firewalls track state of network connections (Can be bottleneck) Firewalls allow legitimate traffic (e.g. port 80 to web server) IPS allows legitimate request (e.g. get http/1.0\r\n) Application Control allows legitimate services (DNS or HTTPS) 6

Traditional Firewalls Not Sufficient Not Designed for Network and Application DDoS Protection Basic rate based flood protection affects all traffic (Real users and attack traffic) Lacks Comprehensive Layer 7 DDoS protection Poor detection of sneaky attacks No filters to block attacks and allow real traffic Administrators cannot create custom signatures 7

Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 8

Introducing Check Point Check Point DDoS Protector Block Denial of Service Attacks within seconds! 9

Layers of attacks Network Flood Server Flood Application Directed High volume of packets High rate of new sessions Challenges Web / DNS connectionbased attacks Advanced attack techniques PPS processing capacity ID malicious sources Accurate mitig. Deep packet inspection Ad-hoc filters creation 10

Layers of Defense Network Flood Server Flood Application Directed Behavioral High volume of network packets analysis Automatic and High rate of pre-defined new sessions signatures Web Behavioral / DNS connectionbased DNS HTTP and attacks Advanced Granular attack custom filters techniques Stateless and behavioral engines Protections against misuse of resources Challenge / response mitigation methods Create filters that block attacks and allow users 11

Check Point DDoS Protector Customized multi-layered DDoS protection Protects against attacks within seconds Integrated security management and expert support DDoS Protector 12

DDoS Protector Product Line Enterprise Grade Up to 3 Gbps throughput 2M concurrent sessions 1 Mpps max. DDoS flood attack rate Datacenter Grade Up to 12 Gbps throughput 4M concurrent sessions 10 Mpps max. DDoS flood attack rate 7 models to choose from 1GbE copper and 10GbE fiber connections Low latency 13

Product Information DP x06 Series DP x412 Series Model DP 506 DP 1006 DP 2006 DP 3006 DP 4412 DP 8412 DP 12412 Capacity 0.5Gbps 1Gbps 2Gbps 3Gbps 4GBps 8Gbps 12Gbps Max Concurrent Sessions Max DDoS Flood Attack Protection Rate Latency 2 Million 4 Million 1 Million packets per second 10 Million packets per second <60 micro seconds Real-time signatures Detect and protect against attacks in less than 18 seconds 14

Where to Protect Against DDoS Scenarios: 1 2 3 On-Premise Deployment DDoS Protector Appliance + Off-Site Deployment DDoS Protector Appliance 15

Simple Deployment No network address changes (Layer 2 bridge) 1.Plug it in 2.Let it learn 3.Protected by signatures Baseline good network and application behavior Signatures are ready to protect Ready to protect any size network in minutes 16

High-Availability DDoS Protector Active Passive High availability (HA): 2 compatible devices in a two-node cluster Compatibility: Same platform, software version, software license, throughput license, and signatures Device identification: Primary device is active and secondary device is passive 17

Integrated Security Management Unified Logs and Monitoring and Unified Reporting Leverage SmartView Tracker, SmartLog and SmartEvent for historic and realtime security status 18

DDoS Protector Integration In SmartView Tracker and SmartLog, each log and log update (for sampled source) is being presented separately, so one attack creates many lines of logs presented. In SmartEvent, the attack is consolidated into one event. 19

Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 20

Protection Methods Pre-defined signatures of know attacks and attack tools Stateless engines for dropping malformed packets Syn. Flood Protection Connection Limits Behavioral Engine with automatic signatures to runtime engine for fast attack packets dropping. 21

Behavioral DoS System Modules Zero day protection against unknown DoS/DDoS Flood attacks How Does It Work? Adaptation of the network baselines through statistical analysis The system periodically adapts the decision algorithms to the particular baseline traffic characteristics of the protected network Analysis correlation and decision through Adaptive decision engine Automatic prevention through attack footprint analysis and Closed-Feedback mechanism up to 18 seconds process 22

Types of Attacks Prevented Network DoS Attack Consuming bandwidth resources Real-time protection against: TCP SYN floods TCP SYN+ACK floods TCP FIN floods TCP RESET floods TCP Fragment floods UDP floods ICMP floods IGMP floods Packet Anomalies 23

DNS Flood Protection Basic Module: DNS Traffic Behavioral Analysis Continuous learning of DNS servers traffic patterns on a few dimensions Real-time signature creation upon detection using multiple DNS packet data parameter Mitigation Actions Protocol compliance checks, Challenge Response mechanism, Rate limit Mitigation actions are activated on suspicious sources only 24

HTTP Mitigator Application flood DoS attacks Target the application resources HTTP Mitigator Behavioral Based Bot originated HTTP flood attacks High & Low rate HTTP flood DDoS attacks Page floods Misuse the server resources HTTP bandwidth consumption attacks (e.g., large downloads) 2012 Check Point Software Technologies Slide Ltd. 25 25

Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 26

DDoS Protector Advantages Network Behavioral Analysis with Real Time signatures Detects 0 day attacks, prevents in seconds Hi Accuracy and Usability under Attack Selective challenge actions, action escalation Multi-Layer, highly customizable protections Signature based, Packet Anomaly, Rate Limits, Behavioral Attack Traffic mitigation is not impacting legitimate traffic Flexible Deployment Emergency Response Team part of Support Service NSS and CC EAL4+ certifications 27

Emergency Response and Support Emergency Response Team Help from security experts when under DoS attacks Leverage experience gathered from real-life attacks Check Point customer support World-class support infrastructure Always-on support 7x24 Flexible service options 28

Summary Blocks DDoS Attacks Within Seconds Customized multi-layered DDoS protection Ready to protect in minutes Integrated with Check Point Security Management 29

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback