Post on 08-Jun-2015
description
Cyber Attack Survival.Are You Ready?
2
Who Is At Risk?
© Radware, Inc. 2014
2013
Shift from 2013
Soph
isti
cati
on
20132010 2011 2012
• Duration: 3 Days• 4 Attack Vectors• Attack target: Visa, MasterCard
• Duration: 3 Days• 5 Attack Vectors• Attack target: HKEX
• Duration: 20 Days• More than 7 Attack vectors• Attack target: Vatican
• Duration: 10+ Months• Multiple attack vectors• Attack target: US Banks
Attack Landscape Evolution
3
• Attackers would rather keep the target busy by launching one attack at a time, rather than firing the entire arsenal at once.
• You may be successful at blocking four or five attack vectors, but it only takes one for the damage to be done.
Multi-Vector Attacks Take Aim
4
More than 50% of attack campaigns deployed five or more attack vectors during 2013.
© Radware, Inc. 2014
5
Application: 62% Network: 38%
Attack Vectors
© Radware, Inc. 2014
New Vectors, Dangerous Trends
• 50% of all Web attacks were encrypted application based attacks during 2013.
• 15% of organizations reported attacks targeting web application login pages on a daily basis.
• And DNS based volumetric floods increased from 10% to 21% in 2013, becoming the second most common attack vector. 6 © Radware, Inc. 2014
7
The Results
© Radware, Inc. 2014
Public attention 1 sec page delay
3.5% decrease in conversions
2.1% decrease in shopping cart size
9.4% decrease in page views
8.4% increase in bounce rates
Multi-Vulnerability Attack Campaigns
8
InternetPipe
Firewall IPS/IDS Load Balancer(ADC)
Server SQLServer
Internet
2011
2012
2013
5%
10%
15%
20%
25%
30%
•Volumetric
Floods
•Network Scans
•SYN Floods
•Low & Slow
•HTTP Floods
•SSL Floods
•Application Misuse
•Brute Force
•SQL Injection
•Cross Site Scripting
© Radware, Inc. 2014
Enterprise Datacenter
Problem: Single Source, Multiple IPs
• Single Attack source• Attacker dynamically changes IP• DHCP reset, Anonymous proxies
9 © Radware, Inc. 2014
Enterprise Datacenter
Problem: Multiple Sources, Single IP
Sources are behind NAT• CDN• Enterprise Internal Network• Carrier Grade NAT
10 © Radware, Inc. 2014
29%
Initial Compromise toDiscovery
0% 0% 2% 13% 56%
Seconds Minutes Hours Days Weeks Months
11
Minutes to Compromise. Months to Discover.
Initial Compromise toData Exfiltration
8% 38% 14% 25% 8% 8%
Initial Attack to InitialCompromise
10% 75% 12% 2% 0% 1%10% 75%
29% 56%
© Radware, Inc. 2014
Enterprise Data Center
Hosted Facilities
Public / Private Cloud
Outsourced Infrastructure
12 © Radware, Inc. 2014
• The demise of the perimeter• Third party security dependencies• Limited or no situational awareness• Limited threat visibility • Loss of control
Outsourcing Ramifications
13 © Radware, Inc. 2014
Application
Server
Front End
Data Center
Perimeter
• Envelope Attacks – Device Overload• Directed Attacks - Exploits• Intrusions – Mis-Configurations• Localized Volume Attacks• Low & Slow Attacks• SSL Floods
Detection: Encrypted / Non-Volumetric Attacks
14
Application
Server
Front End
Data Center
Perimeter
• Web Attacks• Application Misuse• Connection Floods• Brute Force• Directory Traversals• Injections• Scraping & API Misuse
Detection: Application Attacks
15
Application
Server
Front End
Data Center
Perimeter
Cloud
Scrubbing
• Network DDoS• SYN Floods• HTTP Floods
Detection: Volumetric Attacks
16
Bo
tn
et
E n t e r p r i s e
C l o u d S c r u b b i n g
H o s t e d D a t aC e n t e r
17
Mitigation: Encrypted, Low & Slow Attacks
Bo
tn
et
E n t e r p r i s e
C l o u d S c r u b b i n g
H o s t e d D a t aC e n t e r
Attacksignatures
18
Mitigation: Application Attacks
Bo
tn
et
E n t e r p r i s e
C l o u d S c r u b b i n g
H o s t e d D a t aC e n t e r
19
Mitigation: Volumetric Attacks
Bo
tn
et
C l o u d S c r u b b i n g
H o s t e d D a t aC e n t e r
E n t e r p r i s e
Attacksignatures
20
Mitigation: Volumetric Attacks
Bo
tn
et
C l o u d S c r u b b i n g
H o s t e d D a t aC e n t e r
E n t e r p r i s e
21
Mitigation: Volumetric Attacks
22
E n t e r p r i s e D a t a C e n t e r
Attack Mitigation Optimization
AppWallWAF
DefensePro
Cyber Attack Defense
Attack Detection
Quality of Detection (QD)
Technical Coverage
Detection Algorithms
Time to Detection (TD)
Reporting & Correlation
Triaged Response Options
Attack Mitigation
Quality of Mitigation (QM)
Over / Under Mitigating
Proper Mitigation Location
Time to Mitigation (TM)
Local / Premise
Cloud
Business Partner23
Cyber Attack Defense
Attack Detection
Attack Mitigation
Quality Of Mitigation
Time To Mitigation
Quality Of Detection
Time To Detection
Technical Coverage
Detection Algorithms
Reporting & Correlation
Triaged Response Options
Over/Under Mitigation
Mitigation Location
Local / Premise
Cloud
Business Partner
© Radware, Inc. 2014
Cyber ControlSync, Automation & Visibility
DistributedDetection
3rd Party Detection/ Mitigation Elements
SDN-enabled Network Elements
DistributedMitigation
Radware AMS Components
Current Network Elements
The Attack Mitigation Network
Selects the most effective tools and location for attack mitigation. Collect security
events and network statistics from a multitude of resources.
Synchronize traffic baselines and attack information amongst all mitigation tools.
24 © Radware, Inc. 2014
1. Don’t assume that you’re not a target.
Draw up battle plans. Learn from the mistakes of others.
Survival Checklist
25
2. Protecting your data is not the same as protecting your business.
Comprehensive information security requires data protection, system integrity and operational availability.
3. You don’t control all of your critical business systems
Understand your vulnerabilities in the distributed, outsourced world.
Work with cloud and internet service providers that provide you with visibility and control over your connectivity and hosted assets.
4. You can’t defend against attacks you can’t detect.
The battle prepared business harnesses an intelligence network.
Survival Checklist
26
5. Don’t believe the DDoS protection propaganda.
Understand the limitations of cloud-based scrubbing solutions.
Not all networking and security appliance solutions were created equal.
6. Know your limitations.
Enlist forces that have expertise to help you fight.
Cyber Security Toolkit
27 © Radware, Inc. 2014
DefensePro: Anti-DoS, Network Behavioral Analysis, IPS
AppWall: Web Application Firewall
Alteon: Application Delivery Controller, SSL Attack Decryption
Vision: SIEM, Centralized Management & Reporting
DefensePipe: Cloud-based, volumetric cyber attack scrubbing service
Emergency Response Team: Free 365x7x24 support for customers that are under cyber-attack
© Radware, Inc. 2014
Thank YouCarl.Herberger@Radware.comVP Security Solutions