DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
-
Upload
andris-soroka -
Category
Technology
-
view
274 -
download
2
description
Transcript of DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
DoS, DDoS and application attacks – are you ready?
Michael SoukonnikRadware [email protected]
2012 Radware Security Report: DDoS Attack Vectors
TCP - SYN Flood35%
IPv63%
ICMP4%
UDP7%TCP
Other3%
DNS10%
Web24%
SMTP9%
VoIP4%
Attack remained diversified between different attack types.This reflects attackers using multi-vector attacks.
SSL based attacks are on the rise
2
Complexity VolumeSpecific Application Resources are targeted
C/R bypass capabilities
Increased Bandwidth saturation
Usage of servers – more firepower
Volume attacks on DNS infrastructure
Network
Server
Application
Business
Attack Vectors
Volumetric network flood attacks
SSL based attacks
SYN flood attack
Application Flood attacks
Web attacks: XSS, Brute force
Port scan
“Low & Slow” attacks
Network scanIntrusion
Application vulnerability, malware
Web attacks: SQL Injection
3
On-Premises Mitigation
Cloud Mitigation
Attack Complexity
Attack Volume
Old fashion systems are volnurable
Radware Confidential Jan 2012 4
Firewall, IPS (even NG) cannot stop DDoS !
5
• Attacks become more complex (5-7 vectors)!
• Attacks become longer (days and weeks)!• More financially motivated attacks, but at
the same time more politically motivated attacks on government and private organizations ! You never know if you are on sight of future attack!
6
• It’s cheap (hundreds of $)!• Attacks become very powerful and use
server based botnets !• New attacking tools know how to
overcome not only legacy, but even newest protection systems
So – Nothing to do with that?
Radware Attack Mitigation System (AMS) and service
Mapping Security Protection Tools
Business
Network
Server
Application
Business
UDP Garbage flood on ports 80 and 443
SSL/TLS negotiation attacks
Server cracking attacks
SHUTDOWN
HTTPS flood attack
ICMP flood attacks
HTTP flood attack
9
SYN/TCP OOS flood attacks
Web attacks: XSS, SQL Injection, Brute force
DoS protectionBehavioral analysisSSL protectionIPSWAF
In the cloud DDoS protection
To fight back you need:• An integrated solution with all security technologies
• Mitigate attacks beyond the perimeter
10
Radware Attack Mitigation System (AMS)
11
AMS Deployment
DefensePro
Application Infrastructure
AppWallAlteon
• Mitigate all type of DDoS attacks
• Mitigate SSL attacks
• Mitigate web application exploits
12
Where to Detect?
Front-End
Perimeter
In the cloud
ProtectedOrganization
Alteon
Internet
Cloud mitigation services cannot detect attacks!
• Web attacks• Application misuse• Application connection
overflow
AMS provides the widest attack detection coverage!
• Network DDoS• SYN Floods• HTTP Floods• SSL Floods• Server cracking
13
Front-End
Perimeter
In the cloud
ProtectedOrganization
Alteon
Internet
Attack Mitigation System: Layers of Defense
Defense Messaging
Defense Messaging
Defense Messaging• Traffic baselines & real-time
signature information• Complete system in sync
Benefits• Detect where you can• Mitigate where you should• Optimize mitigation scalability
14
Front-End
Perimeter
In the cloud
ProtectedOrganization
Alteon
Internet
Attack Mitigation System: Scalable Defense Network
Defense Messaging
Defense Messaging
Volumetric DDoS attack that saturates
Internet pipe
ERT and the customer decide to divert the traffic
15
Front-End
Perimeter
In the cloud
ProtectedOrganization
Alteon
Internet
Attack Mitigation System: Mitigating the SSL Threat
HTTPS Floods
Encrypted web attacks
Defense Messaging
SSL Negotiation
Floods
Unique Solution Benefits• Detects all types of SSL encrypted attacks
•Non-vulnerable mitigation architecture
• Legitimate transactions go through without decryption
•Lowest latency approach
•FIPS compliant & common criteria certified solution
•Single vendor, integrated management
16
• Every governmental and business body may become an attack target• Attacks have more and more volume and complexity, covering L4-L7 simultaneously • Legacy types of security equipment cannot stop complex attacks• Cloud service and CPE cannot stop attacks working separately• Radware provides CPE (DDoS, DoS, Application attacks and WEB), Emergency Response Team 24X365 support and DefensePipe cloud service. Together it enables attack mitigation from its’ first seconds at CPE and volume network attack mitigation in cloud
Customer Success - Leading the DDoS Protection Market
18
Our Customers Select AMS
Financial Services Retail Services
Government, Healthcare & Education Carrier & Technology Services
19
We Protect Against the Top Attack Campaigns
20
Q&A