Slide 1

Arbor Multi-Layer Cloud DDoS Protection Nurfedin Zejnulahi, Arbor Consultant

Slide 2

Ten + Years of Innovation Trusted Experts Globally Global ATLAS Proprietary and Confidential Information of Arbor Networks, Inc. Founded from DARPA grant Over 40 networking and security patents Across all continents Service Providers, Hosters, Fortune 50 companies Largest financials and online giants Over 400 employees across all continents >50% in Engineering, Service and Support Best in class support experts, global infrastructure 290+ World-wide Sensors Analyzing over >160Tb of data per second Monitoring over 260K malware families Who is Arbor Networks? 500+ of The Worlds Most Demanding Networks

Slide 3

Enterprise Incident Response 3

Slide 4

4 DDoS attacks can be very large Largest (Gbps) / longest reported DDoS attack, Worldwide infrastructure security report, 2005 to 2014.

Slide 5

5 Targets of Application-Layer Attacks 5

Slide 6

6 DDoS Attack Types 6

Slide 7

7 Most DDoS Attacks are relatively short and small

Slide 8

8 8 DDOS : CASE OF MOROCCO ( JANVIER 2015)

Slide 9

Stopping Attacks in the Right Place 9 Firewall IPS Load Balancer Target Applications & Services DATA CENTER Peakflow SP/TMS SCRUBBING CENTER Cloud Signaling Cloud-based DDoS Protection CPE-based DDoS Protection INTERNET Pravail APS

Slide 10

Arbor Cloud: Global Availability 4 strategically placed scrubbing centers each with scrubbing capacity: East Coast West Coast Central Europe Asia

Slide 11

Customizable Service Options Enterprise Network Arbors DDoS Protection Appliance on-site ISP Network Enterprise Network Arbors DDoS Protection Appliance on-site ISP GRE DNS DNS Proxy GR E Arbor Cloud Traffic re-routing mechanisms DNS DNS A records are modified by customer to point attacked FQDN to Arbor cloud Full DNS proxy in cloud will route clean traffic to its destination Full proxy requires traffic in both directions Clean Traffic = Inbound + outbound traffic BGP Must divert a minimum of a /24 subnet Traffic returned via GRE Clean Traffic = Inbound traffic only

Slide 12

Traffic Diversion Options Enterprise Network Pravail APS ISP Enterprise Network Pravail APS ISP GRE DNS Proxy BGP

Slide 13

DNS Diversion Option DNS A records are modified to point attack FQDN to Arbor Cloud Full Proxy will route clean traffic to its original destination or customer-defined IP address Full Proxy redirects traffic in both directions Clean Traffic = Maximum of inbound or outbound traffic Pravail APS Enterprise Network ISP Network Internet Proxy

Slide 14

BGP Diversion Option May need to divert a minimum of a /24 subnet Arbor requires 3 days to register routes with Internet registry Traffic returned via GRE Clean Traffic = Inbound only Pravail APS Enterprise Network ISP Network Internet GRE

Slide 15

Reporting Customers have four ways of accessing statistics for their incidents (mitigations): Via the Service Reporting Portal Via Incident (mitigation) Reports emailed out within two business days of incident termination Via automated update reports sent hourly during an incident (mitigation) Via a two-hourly update to a mitigation ticket, done by the customer specialist team 15

Slide 16

DDoS Mitigation with Arbor Cloud When you subscribe to Arbor Cloud, you will: receive a Provisioning Questionnaire that you can use to provide all information relevant to your protected services review the questionnaire with Arbor SOC during the Orientation Call receive a Welcome Pack document with all the services details receive a welcome email with your Arbor Cloud portal access credentials

Slide 17

DDoS Mitigation with Arbor Cloud After the orientation call: a test mitigation will be scheduled purpose of the test mitigation is: make sure that traffic diversion and reinjection work as expected analyze production traffic and fine tune the mitigation policy Arbor recommends that test mitigations are performed every six months, to verify that all is working as expected even if no attacks are detected.

Slide 18

DDoS Mitigation with Arbor Cloud The portal includes the customers configuration data

Slide 19

ATLAS Global Threat Analysis and Monitoring System The ATLAS Global Threat Analysis and Monitoring System is actively monitoring more than 160 Tbps or 1/3 of all internet traffic 24/7 ATLAS is a collaborative project with more than 275 ISPs customers sharing anonymous traffic data through E-mail spam traps, Botnet reconnaissance tools, the worlds largest distributed honeypot, globally dispersed sensors and publicly shared intelligence

Slide 20

Thank You