BRKPAR-4000 Radware: Anatomy of an IoT Botnet and Economics of Defense Eric Grubel
Anatomy of an IoT Botnet and Economics of Defense Eric Grubel VP, Business Development January 2018
Theme of Discussion Today Time is Money
5 About Radware Financial Services Market Leader in Application Availability solutions 7/14 Top Stock Exchanges 12/22 Top Commercial Banks Awarded Best Managed Security Service 2016 Enterprise, Retail & Online Businesses 1/5 Top Brand in Every Key Vertical >$200M Revenue Carriers, Service & Cloud Providers 3/7 Top Cloud Service Providers 6/10 Top Carriers
6 Biggest Business Concern If Faced w/a Cyber-Attack Data loss followed by reputation loss were the biggest concerns related to cyber-attacks. Fewer were concerned with revenue loss this year, compared to 2016. Data Leakage/ information Availability / SLA Degradation Reputation loss Revenue loss Customer / partner loss Productivity loss 17% 13% 10% 10% 23% 28% 0% 5% 10% 15% 20% 25% 30% What is your concern if faced with a cyber-attack?
7 Vertical Highlights 40 % Of retailers report bot traffic above 75% of total 42% 31 % Of education institutes actually fear availability issues, over data theft or reputation loss Of service providers intend to invest in DDoS mitigation in 2018 24 % Of government and public sector organizations suffer attacks daily 73 % Of healthcare s express low to medium confidence in securing patient records 44 % Of financials do not track the dark web after a data security breach
8 Security Measures Following Attacks (2017) In general, customers are not holding organizations responsible for cyber-attacks Customers filing lawsuits following data breaches or DDoS downtime are more common in APAC DDoS downtime Data breach 13% 5% 12% 9% 10% 11% 70% 70% Customers asking for compensation Lawsuits Malware contamination and propogation 9% 7% 9% 75% 0% 20% 40% 60% 80% 100% Q.19b: Have any of your customers taken any measures because of any of the following attacks against your organization?
9 Modern Day Bots: IoT-Based Botnets IoT is the birthplace for new type of bots and malwares. Unsophisticated, yet very efficient and lethal. Mirai Hajime BrickerBot
10 IoT Botnets - Modus Operandi Taking advantage of factory flaws to infect Identify the device Upload the matching binary Drop the payload Remove other malware Scan for more devices Infection vectors: SSH/Telnet brute force TR-069 protocol Manufacturer backdoors
11 Failure Points in the Data Center Internet Pipe Saturation incidence grew 50% from 2016 Servers are compromised the most - as they keep the lucrative data 40% growth in complete outages over mere service degradation 37 % Internet pipe (Saturation) 17 % Firewa ll 6% 4% Load 35 The Serve Balancer % r (ADC) Unde IPS/IDS r Attac k 1% SQL Server Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Server
12 Cisco transforms security service integration Integrated Radware Virtual DefensePro (vdp) in-line DDoS mitigates attacks Available on Cisco Firepower 4100 / 9300 series Lower latency than a stand-alone DDoS solution Consolidation with simplified support and procurement Fully automated solution Data Packe t 1001 0001011 1100010 1110 URL DDoS SSL FW NGIPS AMP Filtering Maximum Protection Unified Threat Platform with Integrated Security Low Latency Scalable processing Key: Cisco Service 3 rd Party Service
13 Stay Focused. Be Prepared. Consolidate and automate Elastic, unified systems against multiple threats. Fight fire with fire AI based solutions to mitigate advanced cyberweapons. Hope for the best, Prepare for the worst Study new technologies, have an ER plan. Don t be the next Equifax. Build your protection strategy.
Thank You Eric Grubel VP, Business Development eric.grubel@radware.com
Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions BRKPAR-4000 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Thank you