Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM

Similar documents
Comprehensive datacenter protection

Herding Cats. Carl Brothers, F5 Field Systems Engineer

F5 Synthesis Information Session. April, 2014

August 14th, 2018 PRESENTED BY:

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

ADC im Cloud - Zeitalter

A different approach to Application Security

Silverline DDoS Protection. Filip Verlaeckt

Securing and Accelerating the InteropNOC with F5 Networks

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

DATACENTER SECURITY. Paul Deakin System Engineer, F5 Networks

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Intelligent and Secure Network

KEEPING THE BAD GUYS OUT WHILE LETTING THE GOOD GUYS IN. Paul Deakin Federal Field Systems Engineer

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Sichere Applikations- dienste

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

The DNS of Things. A. 2001:19b8:10 1:2::f5f5:1d Q. WHERE IS Peter Silva Sr. Technical Marketing

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

Business Strategy Theatre

DDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud

Imperva Incapsula Product Overview

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Security for the Cloud Era

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

O365 Solutions. Three Phase Approach. Page 1 34

Training UNIFIED SECURITY. Signature based packet analysis

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Gladiator Incident Alert

Beyond Blind Defense: Gaining Insights from Proactive App Sec

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Pulse Secure Application Delivery

F5 Application Security. Radovan Gibala Field Systems Engineer

CS System Security 2nd-Half Semester Review

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

Check Point DDoS Protector Introduction

A10 DDOS PROTECTION CLOUD

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

Microsoft Security Management

DDoS Detection&Mitigation: Radware Solution

Advanced Techniques for DDoS Mitigation and Web Application Defense

F5 DDoS Hybrid Defender : Setup. Version

AKAMAI CLOUD SECURITY SOLUTIONS

SAS and F5 integration at F5 Networks. Updates for Version 11.6

A10 HARMONY CONTROLLER

haltdos - Web Application Firewall

Web Application Firewall Subscription on Cyberoam UTM appliances

Imma Chargin Mah Lazer

Imperva Incapsula Website Security

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Key Considerations in Choosing a Web Application Firewall

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Security Assessment Checklist

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Web Applications Security. Radovan Gibala F5 Networks

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

A10 Lightning Application Delivery Service

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Web Application Firewall

Network Security. Thierry Sans

Large FSI DDoS Protection Reference Architecture

Enabling Public Cloud Interconnect Services F5 Application Connector

Check Point DDoS Protector Simple and Easy Mitigation

Ethical Hacking and Prevention

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Security Readiness Assessment

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Corrigendum 3. Tender Number: 10/ dated

Unique Phishing Attacks (2008 vs in thousands)

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Copyright 2011 Trend Micro Inc.

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

A GUIDE TO DDoS PROTECTION

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Securing the Next Generation Data Center

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Overview. Application security - the never-ending story

IBM Security Network Protection Solutions

Network. Arcstar Universal One

Transcription:

Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM c.valencia@f5.com 2017 F5 Networks 1

- - - - - - - 2017 F5 Networks 2

2017 F5 Networks 3

The Big Picture High Performance DNS DNS DNS / DNS FW Threat Intelligence Feed/IPI Next-Generation Firewall Corporate Users Scanner DDoS Attacker (app attacks) Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Apps Router Network Protection Application Protection Customer Fraud Protection L3/L4 DDoS, DNS, SIP DDoS Application D/DoS ASM DC Apps Partner DDoS Attacker (Volumetric attacks) Cloud Silverline Cloud-Based Platform Volumetric Attacks ISP may provide rudimentary DDoS service L3/L4 Protection Local DDoS ICMP flood, UDP Flood, SYN Flood, TCP-state floods DOS detection using behavioral analysis HTTP DOS: GET Flood, Slowloris/slow POST, recursive POST/GET (DHD Only) DNS DOS: DNS amplification, query flood,dictionary attack, DNS poisoning NGFW IPS/IDS WAF L7 DDoS SSL L5-L7 Protection (CPU Intensive) GET Flood, Slowloris/slow POST, recursive POST/GET, DOS detection using behavioral analysis OWASP Top 10 SQLi/XSS/CSRF/0-day/etc Hybrid SSL DOS: SSL renegotiation, SSL Flood WAF in general 2017 F5 Networks 4

Private Cloud Consistent Policies Cloud Portability Top Security Visibility Lowest TCO F5 BIG-IP Direct Connect Cloud Interconnection / Public Cloud Traditional Data Center 2017 F5 Networks 5

2017 F5 Networks 6

2017 F5 Networks 7

90% 28% Firewalls IDS/ IPS DLP SIEM Anti Virus 28% Firewalls IDS/ IPS DLP APT Anti Virus 2017 F5 Networks 8

28 44 72 % Firewalls DLP Anti Virus IDS/ IPS SIEM 2017 F5 Networks 9

Protection against Web Application vulnerabilities CSRF Cookie manipulation OWASP top 10 Brute force attacks Forceful browsing Buffer overflows Web scraping Parameter tampering SQL injections information leakage Field manipulation Session high jacking Cross-site scripting Zero-day attacks Command injection ClickJacking Bots Business logic flaws WAF 2017 F5 Networks 10

Traditional Firewall Intrusion Prevention Systems Examines all traffic for malicious app inputs Primarily uses anomalous and signature-based detection Some stateful protocol analysis capabilities Lacks understanding of L7 protocol logic Doesn t protect against all exploitable app vulnerabilities Layer 7 security is not addressed by traditional IPS & firewall vendors 2017 F5 Networks 11

Secures, federates access to any application, anywhere Multi-factor Auth XYZ Corp. Username PW+PIN LOGIN Remote users, mobile users, contractors, etc. Hacker Private Cloud Internet Hybrid Cloud SAML SAML Office 365 Salesforce Other SaaS Apps SaaS Apps Public Cloud Identity Federation Single or Multi- Factor Auth STOP Corporate user Identity Data Center Directory Services App App User/User Group Endpoint Check VDI Network Location Connection Type Corporate (L3/L4) Apps MDM/EMM Device Posture 2017 F5 Networks 12

2017 F5 Networks 13

2017 2016 F5 Networks F5 Networks 14

SSL 2017 F5 Networks 15

2017 2016 F5 Networks F5 Networks 16

2017 F5 Networks 17

Next-Generation Firewall Corporate Users Tier 1 Tier 2 Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attacker ISPa/b Cloud Scrubbing Service DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E- Commerce Subscriber Threat Threat Feed Intelligence Feed Intelligence Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control 2017 F5 Networks 18

DDoS approach CLOUD/HOSTED SERVICE STRENGTHS Completely off-premises so DDoS attacks can t reach you Amortized defense across thousands of customers DNS anycast and multiple data centers protect you WEAKNESSES Customers pay, whether attacked or not Bound by terms of service agreement Solutions focus on specific layers (not all layers) ON-PREMISES DEFENSE STRENGTHS Direct control over infrastructure Immediate mitigation with instant response and reporting Solutions can be architected to independently scale of one another WEAKNESSES Many point solutions in market, few comprehensive DDoS solutions Can only mitigate up to max inbound connection size Deployments can be costly and complex 2017 F5 Networks 19

Hybrid DDOS Protection Combining the resilience and scale of the cloud with the granularity and alwayson capabilities of on-premise. Signaling Request for Service IP List Management Cloud On-Premise Unified Attack Command Control

DDoS Architecture Scrubbing Center Inspection Tools provide input on attacks for Traffic Actioner & SOC Traffic Actioner injects routes and steers traffic Inspection Toolsets Traffic Actioner Route Management Scrubbing Center Inspection Plane Flow Collection Flow collection aggregates attack data from all sources Visibility Portal Portal provides realtime reporting and configuration Cloud Signaling Management Legitimate Users DDoS Copied traffic for inspection BGP signaling Netflow Data Plane Netflow GRE Tunnel Proxy IP Reflection WAF Silverline Switching Routing/ACL Network Mitigation Proxy Mitigation Routing (Customer VRF) L2VPN Customer DDoS Attackers Volumetric DDoS protection, Managed Application firewall service, zero-day threat mitigation with irules Switching mirrors traffic to Inspection Toolsets and Routing layer Ingress Router applies ACLs and filters traffic Network Mitigation removes advanced L4 attacks Proxy Mitigation removes L7 Application attacks Egress Routing returns good traffic back to customer

2017 F5 Networks 22

APPLICATION LAYER ATTACKS TRADITIONAL DDOS MITIGATION 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 82% 77% 54% 25% 20% HTTP DNS HTTPS SMTP SIP/VoIP IRC Other DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host Reflection attacks against DNS infrastructure Reflect / Amplification attacks DNS Cache Poisoning attempts 6% 9% Cybercrime is a persistent threat in today s world and, despite best efforts, no business is immune. Network Solutions Of the customers that mitigate DDoS attacks, many choose a technique that inhibits the ability of DNS to do its job DNS is based on UDP DNS DDoS often uses spoofed sources Using an ACL block legitimate clients DNS attacks use massive volumes of source addresses, breaking many firewalls. 2017 F5 Networks 23 60% 50% 40% 30% 20% 10% 0%

CONVENTIONAL DNS THINKING Internet External Firewall DNS Load Balancing Array of DNS Servers Internal Firewall Hidden Master DNS Performance = Add DNS boxes Weak DoS/DDoS Protection Firewall is THE bottleneck PARADIGM SHIFT DNS DELIVERY REIMAGINED Internet DNS Master DNS Infrastructure DNS Firewall DNS DDoS Protection Protocol Validation Authoritative DNS Caching Resolver Transparent Caching High Performance DNSSEC DNSSEC Validation Scalable performance over 10M RPS! Strong DoS/DDoS protection Lower CapEx and OpEx Intelligent GSLB 2017 F5 Networks 24

Devices DMZ Data Center F5 DNS Firewall Services LDNS Internet DNS DNS Servers Apps DNS DDoS mitigation with DNS Express Protocol inspection and validation DNS record type ACL* Block access to Malicious IPs (DNS Firewall) High performance DNS cache Stateful Never accepts unsolicited responses ICSA Certified - deployment in the DMZ Scale across devices IP Anycast Secure responses DNSSEC DNSSEC responses rate limited Complete DNS control irules & Programmability DDoS threshold alerting* DNS logging and reporting Hardened DNS code 2017 F5 Networks 25

2017 F5 Networks 26

Secured Data center Customer Browser SIEM WAF HIPS Network firewall Traffic Management NIPS DLP HTTP/HTTPS Manipulating user actions: Social engineering Weak browser settings Malicious data theft Inadvertent data loss Leveraging Browser application behavior Caching content, disk cookies, history Add-ons, Plug-ins Embedding malware: Keyloggers Framegrabbers Data miners MITB / MITM Phishers / Pharmers 2017 F5 Networks 27

The malware contains code designed to This insert triggers specific the content malware, to the browser session which when injects the additional user accesses specific sites content to the browser This information is sent to the legitimate The user web requests server as the expected login page for Wells Fargo *wellsfargo* add field *bankofamerica* add button, replace text *chase* add cc#, pin, remove text Generic malware, such *telebank* as send credentials Zeus, infects a user s device *bankquepopulaire* The user enters the requested content and clicks Go This information is sent to the configured drop zone 2017 F5 Networks 28

The inclusion of this additional input field due to malware will now trigger an alert HTML Source Integrity is based on the expected number of forms, input fields, and scripts This page is expected to and and 14 six input scripts fields have only four forms 2017 F5 Networks 29

This triggers to malware to run The information is encrypted and sent to the web server The victim makes a secure connection to a web site The victim is infected with malware Password revealer icon The victim submits the web form The victim enters data into the web form This content can The be information is also sent stolen by the malware to the drop zone in clear text 2017 F5 Networks 30

How HFO Works Field Without Name HFO Obfuscation Data center Web application Sec. Appliance LTM 2017 F5 Networks 31

MY BANK.COM My Bank.com Gather client details related to the transaction Run a series of checks to identify suspicious activity Assign risk score to transaction Send alert based on score Apply L7 encryption to all communications between client and server 2017 F5 Networks 32

4. Test spoofed site 1. Copy website Web Application Internet 3. Upload copy to spoofed site 2. Save copy to computer Alert at each stage of phishing site development 2017 F5 Networks 33

2017 F5 Networks 34

MSP Native App Services SaaS Servers Servers Servers Servers Servers Servers Cloud Interconnect Corporate Datacenter(s) With Private Cloud Each Cloud Provides Siloed Native App Services: Basic, Proprietary, and Inconsistent 2017 F5 Networks 35

Your cloud strategy should be an extension of your data center strategy: app-centric Enable both network and application security Deliver high application availability; not just infrastructure availability Ensure application performance Centralize management and orchestration of the application Streamline app delivery and security services across on-premises and cloud Defend against attacks Ensure secure user access Deliver app performance Gain traffic visibility Orchestrate tasks centrally Application Application Database Analytics Letting you focus on ensuring availability, security, and performance for each application DNS Identity Website Commerce VPN Load Balancing Storage Mobile 2017 F5 Networks, F5 Inc 36

Full control Limited control App-Centric Strategy SaaS apps Packaged apps Apps Mobile apps External websites Dev & test LOB (HR, Acct.) Custom apps ERP, CRM On-premises Public cloud 2017 F5 Networks 37

Shared Responsibility in Amazon AWS The idea behind this is to educate customers that they still need to be responsible for a large proportion of the services required to deliver applications in the cloud. AWS Shared Responsibility Model 2017 F5 Networks 38

Shared Responsibility in Microsoft Azure The idea behind this is to educate customers that they still need to be responsible for a large proportion of the services required to deliver application in the cloud. Azure Shared Responsibility Model 2017 F5 Networks 39

Apps Identity Control Platform Apps Active Directory Apps 2017 F5 Networks 40

Use Case Disaster Recovery Seamless global app experience Requirements Application availability and performance L4-L7 Services DNS Orchestration DNS L4-L7 Services Location-based and contextual user access VPN Active-Active deployment for cost efficiency Insight and visibility into application traffic Compute Compute Recommended application delivery services Local and global load balancing DNS SSL VPN or IPSec tunnel Access & identity Consistent DevOps + Management Tools Storage Storage Data Center Cloud Provider Key benefits: Seamless customer experience Secured and optimized site to site connectivity Advanced application health monitoring 2017 F5 Networks 41

Traditional New On-Premises Cloud Interconnection Public/Private Cloud Servers Servers Servers Strategic Control Point Distributed Strategic Control Points Application Services Application Services Virtual Edition Hardware aas Containers 2017 F5 Networks 42

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback