Post on 15-Jan-2015
description
Arbor Networks Poland. 3rd October 2013
Simon Cartwright Director of Security Services !
Agenda
• Who is Arbor ? • What is DDoS • Evolu3on of DDoS • Trends in DDoS • A9ack Traffic Details Poland • Protec3on Op3ons • The Enterprise Ques3on • Visibility & Control • Ne3a/Arbor/NCR Partnership • Ques3ons. At Booth
4
Arbor - a Trusted & Proven Vendor Securing the World’s Largest and Most Demanding Networks
90% Percentage of world’s Tier 1 service providers who are Arbor customers 107
Number of countries with Arbor products deployed
47.1 Tbps
Amount of global traffic monitored by the ATLAS security intelligence ini3a3ve right now – 25% of global Internet traffic!
#1
Arbor market posi3on in Carrier, Enterprise and Mobile DDoS equipment market segments – 61% of total market [Infone3cs Research Dec 2011]
Number of years Arbor has been delivering innova3ve security and network visibility technologies & products
13
$16B
2011 GAAP revenues [USD] of Danaher – Arbor’s parent company providing deep financial backing
Arbor’s proud history of productizing innovation in distributed networks.#
Arbor is the mosttrusted and widelydeployed solution forDDoS & Botnets.#
Arbor sees more global traffic and threats than anyone else on the planet."
Only Arbor has a fully integrated solution to quickly detect & stop advanced threats."
• Honored as a top 10 global innovations#• Key patents in networking & security.#
• Analyzing over 48TB of data per second#• Monitoring over 110K malware families#
• Integrated to detect & stop threats anywhere#• See beyond the network through ATLAS#
• Over 90% of the world’s Tier 1 ISPs#• 9 of the top 10 largest business networks#
Arbor Networks Overview
Threat Landscape Era’s
Network Protocol Content Advanced
Threats 1999-‐2005 2006-‐2010 2010-‐Today
§ Synflood (Trinoo/TFN) § Code Red § Slammer § Zotob § Conficker (2008)
§ Web Browser § Web Applications § Doc/PDF/etc. § Flash/Shockwave § Java
§ Aurora § Operation Payback § Stuxnet/Flame/Duqu § APT § Cyber Warfare
During a Distributed Denial of Service (DDoS) attack, compromised hosts or bots coming from distributed sources
overwhelm the target with illegitimate traffic so that the servers can not respond to legitimate clients.
What is a DDoS Attack?
7
DDoS
The DDoS weapon of choice for Anonymous activists LOIC, was downloaded from the internet 1.167.305 times during 2011/12(sourceforge.net)
DDoS Motivations
9
Everyone is a Target
10
DDoS Devastating Costs
11 *Neustar Insights DDoS Survey: Q1 2012
The impact of loss of service availability goes beyond financials:
Opera@ons Help Desk Recovery Employee Output
Penal@es Lost Business Brand &
Reputa@on Damage
11
35% of those a9acked said it lasted
More than a day 67%
of retailers said outages cost
$100,000 per hour 21%
overall said outages cost
$50,000 per hour
Today’s Attacks are More Frequent
12
Today’s Attacks
13
2012 2013 (so far….)
Number of A9acks 713 986
Average Dura3on 38mins 37secs 29mins 50secs
Longest A9ack 1day 16hrs 07secs 1day 4hrs 45mins 58secs
Volu
met
ric
DDoS"
Bots & Botnets"
Mobile
Malw
are"
Availability# Confidentiality#IMPACT"
THREAT SPECTRUM"
The Next Generation of Threats
Netia’s Unique Threat Ecosystem
16
The ecosystem between smart providers & enterprises to offer comprehensive protec3on from ac3ve threats
Enterprise Networks Netia
D
Enterprise data center services are now fully available and secure from advanced threats!
Diverse end-points are accessing your network from anywhere."
Your assets are distributed everywhere."
Corporate Offices"
Broadband"Mobile"
Content" Corporate Servers &
Applications"
SaaS"A Global, Hybrid infrastructure"
Private Network"
Public Clouds"
Internet"
The Global Network is Your Business
CDNs"
Mobile Carriers"
Service Providers"
SaaS"
Cloud Providers"
Enterprise Perimeter" Mobile
WiFi"
Employees"
Corporate Servers"
Remote Offices"
InternalApps"
Never see the externalthreat traffic"
Can’twithstand a direct attack"
Never see the threat already
inside enterprise "
Existing Solutions Have Critical Gaps
Cloud"Pravail"
Availability Protection System"Pravail"
Network Security Intelligence"
See and stop the threat anywhere#
Stop the threat#
See the threat lurking inside the enterprise#
CDNs"
Mobile Carriers"
Service Providers"
SaaS"
Cloud Providers"
Enterprise Perimeter" Mobile
WiFi"
Employees"
Corporate Servers"
Remote Offices"
Threat Dashboard"
Netia’s Solution Bridges the Gaps
InternalApps"
Users
An@-‐Virus
IDS/IPS
NAC Firewall
Secure Trust Perimeter
Mobile Users
Malware BYOD
Internet
Mobile Users
Secure Trust Perimeter
Insider Misuse
Home Office(s)
Cloud Services VPN
Malware
Advanced Threats: From Outside AND Inside
Network boundaries are harder to define – Cloud based data and applications – Employee mobility / BYOD – Home Working
Threats are harder to keep out – Targeted threats – Walk-in threats (on portable devices) – Malicious insider
Challenge: Control & Security of business data, applications and services as businesses evolve.
Data Center
Attack Mitigation. In Poland
CP
TMS
Attack Mitigation. In Poland
CP
TMS
Attack Mitigation. In Poland
1. Detect (Network wide: CP using Flow)
CP
TMS
Attack Mitigation. In Poland
1. Detect (Network wide: CP using Flow)
2. Activate Mitigation (TMS)
CP
TMS
Attack Mitigation. In Poland
1. Detect (Network wide: CP using Flow)
2. Activate Mitigation (TMS)
3. Divert Traffic (Network wide: BGP OFF-Ramp announcement)
CP
TMS
Attack Mitigation. In Poland
1. Detect (Network wide: CP using Flow)
2. Activate Mitigation (TMS)
4. Clean the Traffic and forward the legitimate (Network wide: using ON-Ramp Technique [e.g. MPLS, GRE, VLAN, …])
5. Protected
3. Divert Traffic (Network wide: BGP OFF-Ramp announcement)
CP
TMS
Thank You Questions?