Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager

Similar documents
Pushed to the Limit! Network and Application Security Threat Landscape January 2018

Radware: Anatomy of an IoT Botnet and Economics of Defense

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

Cisco Firepower with Radware DDoS Mitigation

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Cyber War Chronicles Stories from the Virtual Trenches

haltdos - Web Application Firewall

The Top 6 WAF Essentials to Achieve Application Security Efficacy

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Herding Cats. Carl Brothers, F5 Field Systems Engineer

DDoS Detection&Mitigation: Radware Solution

Imperva Incapsula Product Overview

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Multi-vector DDOS Attacks

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

IBM Cloud Internet Services: Optimizing security to protect your web applications

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Comprehensive datacenter protection

Intelligent and Secure Network

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

INVESTOR PRESENTATION

AKAMAI CLOUD SECURITY SOLUTIONS

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Gladiator Incident Alert

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

F5 Synthesis Information Session. April, 2014

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Corrigendum 3. Tender Number: 10/ dated

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Check Point DDoS Protector Introduction

WHITE PAPER Hybrid Approach to DDoS Mitigation

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

I D C T E C H N O L O G Y S P O T L I G H T

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Securing Your Most Sensitive Data

IBM Security Network Protection Solutions

Corero & GTT DDoS Trends Report Q2 Q3 2017

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Securing Your Microsoft Azure Virtual Networks

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Advanced Techniques for DDoS Mitigation and Web Application Defense

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

The Interactive Guide to Protecting Your Election Website

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Securing Your Amazon Web Services Virtual Networks

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

PT Unified Application Security Enforcement. ptsecurity.com

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Maximum Security, Zero Compromise in Availability and Performance

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

Use Cases. E-Commerce. Enterprise

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

August 14th, 2018 PRESENTED BY:

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

SIEMLESS THREAT MANAGEMENT

Mitigating Security Breaches in Retail Applications WHITE PAPER

Service Provider View of Cyber Security. July 2017

Neustar Security Solutions Overview

DDoS MITIGATION BEST PRACTICES

Web Applications Security. Radovan Gibala F5 Networks

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

A GUIDE TO DDoS PROTECTION

Encrypted Traffic Security (ETS) White Paper

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Cisco Firepower NGFW. Anticipate, block, and respond to threats

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Additional Security Services on AWS

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Building Resilience in a Digital Enterprise

Seceon s Open Threat Management software

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering


Security for the Cloud Era

Arbor White Paper Keeping the Lights On

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Altitude Software. Data Protection Heading 2018

Business Strategy Theatre

Prolexic Attack Report Q4 2011

Table of Content Security Trend

Transcription:

Pushed to the Limit! Network and Application Security Threat Landscape 2017-8 Lior Zamir Technical Account Manager January 2018

2 About Radware

3 About Radware Market Leader in Application Availability solutions OVER 12,500 ENTERPRISE & CARRIER CUSTOMERS >$200M Revenue INDUSTRY WIDE RECOGNITION GLOBAL TECHNOLOGY PARTNERS ADC MQ Leader WAF MQ Visionary DDoS Wave Leader

4 Market Leading Attack Mitigation Solutions Financial Services 8/12 Top Stock Exchanges 11/20 Top Commercial Banks Enterprise, Retail & Online Businesses Top Brands in Every Key Vertical Carriers, Service & Cloud Providers 5/10 SaaS Providers 10/10 Top Telecom Chosen OEM partner for Cisco Firepower NGFW and Check Point NGFW

5 Agenda Global Trends Changes in the Attack Vector Landscape Business Concerns What s Around the Corner? Example Attacks in Adriatics Summary and Predictions

6 Radware Annual Security Reports SOURCE #1 Radware Industry Survey 1,250 Retail and Ecommerce Education Number of Employees 48% North America 6% 25% Central / Europe South America 4% 18% Africa & APAC Middle-East Technology Products & Services Financial Services Govt & Civil Service Healthcare 10,000+ 25% 3,000-9,999 13% 1,000-2,999 5% 550-999 8% <100 22% 100-499 17% SOURCE #2 ERT Threat Research Center 2017 real-life attack data, security alerts and threat research Team of security experts for fast mitigation experts under attack WannaCry OpIcarus XMR Squad Mirai botnet BrickerBot OpKillingBay CodeFork group

7 Global Trends

8 Global Trends in Threats & Attacks Bots Data IoTs Cyber-security BTC challenge protection integration value and defense is the top complicates systems, pushed cybercrime business to generating the security concern climb limit fictitious to management new heights demand

9 Slovenia Trends: Shift Towards Application Layer 3% 27% 1% Attack Vectors 22% 6% 41% SYN HTTP DNS UDP NTP 17% 13% 1% Attack Category 47% 22% Anomalies Network DDoS Apolication DDoS (DNS) Intrusions SYN Flood TCP Handshake Violation Network Volume Attack Duration Attacks: Volume & Non Volume 37% 63% Average Duration Less than 1 min (Burst) Steady Flood (more than 1 hour) Large Increase Application Attacks

10 Cryptocurrency Prosperity Drives Cybercrime Ransom is the motivation behind 50% of the attacks Incidence has grown by 40% Yearover-Year One in eight organizations suffered a DDoS Extortion Ransom is the top concern of security professionals in 2018 60% 50% 40% 30% 20% 10% 0% Ransom as Motivation Tripled 50% 41% 25% 16% 2014 2015 2016 2017

11 Protecting Sensitive Data is the #1 Concern 45% Have suffered a data breach 30% Of customers will ask for compensation, leave, Or file a suit following a data breach 28% Name data theft as the #1 security challenge 72% Are not fully prepared for GDPR 26% See data protection as the top concern in 2018 16% Intend to invest more in data protection in 2018

13 The Rise of the Botnets - Is Your Data in Good Hands? For some organizations, bots represent more than 75% of their total traffic 79% organizations cannot distinguish between good bots and bad ones What can bots do? 1. DDoS attacks 2. Web scraping - steal data and intellectual property 3. Manipulate pricing 4. Hold inventory

14 APIs the Next Weak Link API security is often overlooked data transferred is not subject to inspection or validation Common API vulnerabilities 80% Access violations Protocol attacks 60% 51% 60% 52% Invalidated redirects 40% Parameter manipulations Irregular JSON/XML expressions 20% 0% Don t analyze API vulnerabilities prior to integration Share and consume sensitive data via APIs Don't inspect data transferred via APIs

15 Changes in the Attack Vector Landscape

16 DDoS Attacks: Shift Towards Application Layer Application attacks become the preferred DDoS vector Network attacks declined significantly HTTP/S and TCP-SYN Floods are causing the most damage 1 in every 5 attacks exceed 1Gbps 50% 40% 30% 20% 10% 37% 28% 33% 23% 7% 35% 23% 18% 12% 10% 4% + 10% DDoS Attacks 0% HTTP HTTPS DNS SMTP VOIP TCP SYN flood Application UDP ICMP TCP-Other IPv6 Other Network

18 DNS Attack Vectors 2017 41% suffered a DoS attack against their DNS server Brute Force attack and Basic Query Floods are the most common vectors 60% 50% 40% 49% 42% 34% 30% 20% 26% 20% 10% 0% Brute Force Basic Query Flood Recursive Flood Reflective Amplification Attack Cache Poisoning Which of these attack vectors did you experience?

20 Bot Attacks Web scraping is the main plague Two of five report bot traffic exceeds 75% 44% still can t distinguish between bots and a flash mob 60% Web Scraping Impact 56% 50% 40% 30% 32% 45% 39% 20% 10% 0% Inventory depleted (e.g., sold out within minutes) Inventory held (customers cannot complete purchase) Website copied (screen-captured or content) Intellectual Property stolen (such as pricing)

22 Failure Points in the Data Center Internet Pipe Saturation incidence grew 50% from 2016 Servers are compromised the most - as they keep the lucrative data 40% growth in complete outages over mere service degradation 37% Internet Pipe (Saturation) 17% Firewall 6% 4% Load 35% The 1% SQL Server Server Balancer Under (ADC) Attack IPS/IDS Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Server

23 Vertical Highlights 40% Of retailers report bot traffic above 75% of total 42% Of education institutes actually fear availability issues, over data theft or reputation loss 31% Of service providers intend to invest in DDoS mitigation in 2018 24% Of government and public sector organizations suffer attacks daily 73% Of healthcare s express low to medium confidence in securing patient records 44% Of financials do not track the dark web after a data security breach

24 Business Concerns of Cyber-Attacks

25 Biggest Business Concern When Attacked Data loss followed by reputation loss were the biggest concerns Fewer were concerned with revenue loss this year Data Leakage/ information loss 28% Availability / SLA Degradation 23% Reputation loss 17% Revenue loss 13% Customer / partner loss Productivity loss 10% 10% 0% 5% 10% 15% 20% 25% 30% What is your concern if faced with a cyber-attack?

28 Multiple Touchpoints = Higher Risk Organizations do not take all the necessary measures when their application services communicate with 3rd party services 80% 70% 60% 50% 40% 30% 72% 50% 42% 32% 47% do not use encryption 20% 10% 0% Username/ password Payment details Personally identifiable information User behavior / preferences / analytics Which data types do you share with 3 rd parties?

29 Application Security Concerns Most organizations feel they can handle the OWASP top 10 pretty well. They fear: 1. Application layer DDoS 2. Encrypted / SSL-based attacks 3. API manipulations 4. Data breach Layer 7 DDoS Encrypted web attacks (SSL/TLS-based) API manipulations Data security breach Brute force Cross-site scripting Web Scraping SQL injection Cross-site request forgery Which attacks against applications are most difficult to prevent, detect and contain? 15% 13% 13% 13% 25% 44% 48% 57% 62% 0% 10% 20% 30% 40% 50% 60% 70%

31 What s Around the Corner?

32 Biggest Threats in 2018 Ransom and data theft are seen as the two biggest threats in the coming year Ransom Data Theft Application vulnerabilities 22% 26% 26% IoT Botnets 13% Permanent Denial of Service 8% API Integration Other 3% 2% 0% 10% 20% 30% 40% 50% Which of the following attacks against applications and/or web servers are most difficult to prevent, detect and contain?

33 Projected investments in 2018 The most popular investment areas are guarding sensitive data, endpoint protection, and SIEM/analytics. MY 2018 INVESTMENT WILL BE IN In-house expertise and application infrastructure, 28% Endpoint and Malware Protection, 26% Security Management & Analytics, 20% Data Leakage Prevention, 16% DDoS Protection, 10%

34 Adopting Artificial Intelligence / Machine Learning 20% already rely on Machine Learning/AI based protections Better Security - #1 motivation for exploring AI solutions Better security 63% Already rely on, 20% Simpler manageability 27% Filling in the skill gap 27% Neither, 52% Plan to integrate, 28% Gaining a competitive advantage Cost reduction 25% 25% Other 8% 0% 20% 40% 60% 80% 100%

35 Examples of Risk to Financial Institutions such as in Adriatic Region

36 Ransom Ransom Denial of Service (RDoS) Objective: Cryptocurrencies Threatens use of latest techniques Increase in extortions Decrease in attacks South Korea 2017 7 Banks $315,000 USD 5Gbps sample attack Result of Nayana Ransomware extortion

37 Local Heists Jackpotting ATMs 2010 Barnaby Jack @ BlackHat Vector 1: Remote attack Vector 2: Key + USB Malware Tennessee - 2014 18 months spree Over $400,000 Keypad attack Romania - 2016 31 Machines in one day 3.8 Million Slopes (860,000 Euros) Raiffeisen Bank o o o Spear-phising Malicious payload Gained access of ATM s

39 Introducing Radware s Hybrid Attack Mitigation

40 The Rise of the Multi-Vector Attack Low & Slow DoS attacks (e.g. Slowloris) Large volume network flood attacks SQL Injections HTTP Floods XSS, CSRF Brute Force Network Scan SYN Floods SSL Floods App Misuse Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Server Cloud DDoS Protection DoS protection Behavioral analysis IPS SSL protection WAF

41 An Integrated Hybrid Attack Mitigation is Needed Complete and integrated solution with all security technologies On-Demand Always-On Cloud On-Premise Cloud Radware provides complete hybrid protection Always-On DDoS on-premise or on cloud with DDoS cloud scrubbing activated on-demand Cloud DDoS protection DoS protection Behavioral analysis IPS SSL protection WAF

42 Radware s Security Solution Elements Radware Emergency Response Team 24x7 Security Experts Centralized Management & Reporting APSolute Vision Cloud DDoS Protection DoS protection Behavioral analysis IPS SSL protection WAF Cloud DDoS Protection Services Hybrid, Always-On, On-Demand 3.5Tbps mitigation capacity Attack Mitigation Device DefensePro Physical and Virtual Appliance Throughput up to 400Gbps Web Application Firewall AppWall, Cloud WAF Service

43 Real-Time Attack Mitigation with DefensePro Real-time attack prevention device that protects your application infrastructure against network and application downtime, application vulnerability exploitation and network anomalies 43

44 Protecting a Dynamic Network at Scale Behavioral-based Detection Patented algorithm with limited false positives Real Time Signature Creation Block 0-day attacks in up to 18 seconds Beyond Source IP Blocking Blocking Dynamic IP & behind-the-cdn attacks Dedicated Attack Hardware With no impact on legitimate traffic

45 Built to Protect from Next Generation Attacks New IoT-based threats introduce sophisticated vectors and require a more automated, more accurate protection solution Sophisticated DNS Vectors Automated behavioral DNS protection for Authoritative and Recursive DNS Growth in Encrypted Attacks Integrated 0-latency multi-layer SSL-flood protection Dynamic, Burst Attacks Burst attack protection

46 Summary and Predictions

47 Looking ahead to 2018 Build your protection strategy. Develop an incident response plan. Weaponized Artificial Intelligence Bots and automated attack tools can mimic human behavior. Can they mimic human learning? APIs are a double-edged sword APIs connect all platforms and services together. Businesses must audit APIs prior to integration. Attack via Proxies Attackers target 3 rd parties who accommodate a variety of businesses CDNs, applications, analytics services or download sites Automated Social Engineering Bots already collect and analyze personal data. Next step is to add a component that deceives and infects the victim

48 Stay Focused. Be Prepared. Build your protection strategy. Develop an incident response plan. Consolidate and automate Elastic, unified systems against multiple threats. Manageability, flexibility and scalability are key for a seamless security experience Versatile application protection Cross platform API and Application security protect your data assets. Evaluate before integrating 3rd party services Fight fire with fire AI based solutions to mitigate advanced cyber-weapons. Understand who is a bot and who isn t to optimize your resources and maximize your security Hope for the best, Prepare for the worst Reduce Cyber-Attacks Business Impact by getting ready Study new technologies, have an ER plan, patch systems on time, get a hybrid DDoS mitigation solution, hire hackers for clever forensics, rely on experts

https://www.radware.com/ert-report-2017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback