Getting out from Under attack - TechWorld Event · Revenge, corporate espionage, politics, war and...

Getting out from Under

attack DDoS Protection to defeat the Modern Threat

©2017 Neustar Inc. All Rights Reserved

The changing landscape of security

threats is driving an architectural shift:

Shifts Increased cloud adoption

Networks to applications

Disruption to data exfiltration

One-dimensional to multi-dimensional attacks

Challenges DDoS attacks continue to command attention

Application layer threats are more damaging

Threats provide little to no advance warning

before they wreak havoc

©2017 Neustar Inc. All Rights Reserved 2

WHY IT MATTERS

Volumetric Attacks

• >6.6 Gbps average size

• 41% lasted 1+ days

Multi-vector attacks

Majority of the attacks are multi-

vector. It combines volumetric and

application attacks

Motivation

Revenge, corporate espionage,

politics, war and cloaking

Attacks become

sophisticated As attacks go up the application

stack they become more and

more sophisticated.

Botnets

Infected machines & IoT devices

used for most attacks. Botnets are

becoming more and more

sophisticated.

Business Logic Attacks

Attackers attack the way

organizations do business.

THREAT TRENDS



2015

Largest

average attack

256

Gbps

Aug. 31, 2016

Attack against

Olympic

Websites

Sept. 16, 2016

Attack against

Brian Krebs

(Security Blog)

Sept. 19, 2016

Attack against

French ISP

Oct. 21, 2016

Attack impacted large

DNS Provider

500+

Gbps

650

Gbps

>1

Tbps

1.2

Tbps

Attacks driven by infected

IoT device botnets

>11 million infected IoT

devices and counting

Attacks taking down individual

organizations and service providers

4

• Sub-10Gbps attacks were down 5% but larger attacks were up 11% vs. year ago,

a clear indicator of the appearance of IoT-driven botnets as a DDoS attack vector

A NOTICEABLE SHIFT IN ATTACK SIZE


Lessthan500Mbps

500-999Mbps 1-4.9Gbps 5-9.9Gbps 10-19.9Gbps 20-49.9Gbps 50-100Gbps 100+Gbps Don'tknow

20016 7% 10% 20% 16% 16% 10% 5% 3% 13%

2017 6% 11% 15% 15% 17% 13% 10% 5% 8%

0%

2%

4%

6%

8%

10%

12%

14%

16%

18%

20%

AxisTitle

10+ Gbps Attacks

Up +11% YOY

2016

2017

5

LAST YEAR, ATTACKERS SEIZED THE INITATIVE


45% 84% 86%

Organizations attacked

Attacked more than Once

Attacked more than 5 times

23%

Reported Ransomware encountered

11% 4% - 53%

RELENTLESS: DDOS IS OFTEN A RACE AGAINST CRIME


N O R T H A M E R I C A

E U R O P E A PA C

Experienced an Attack 88% 79% 82%

Malware Activated 48% 42% 34%

Experienced Ransomware 25% 27% 15%

Reported Customer Data Theft 33% 27% 34%

Reported Loss of Customer

Trust/Damage to Brand 26% 25% 26%

overall

experienced

breach w/DDoS attacks

45%

They are more

difficult to detect



DETECTION AND RESPONSE TIMES ARE SLOWING

Learned of attacks from 3rd party*

Customers are inadvertently taking on DDoS

attack monitoring

T I M E T O D E T E C T

T I M E T O R E S P O N D

Less than 1 hour 23% -5% 23% -3%

1-2 hours 26% -4% 29% -4%

3-5 hours 30% +5% 28% +4%

6-12 hours 15% +2% 14% +2%

12-24 hours 3% - 4% -

More than 1 day 3% +2% 2% +2% were told by Customers 11%

Non-IT Sources:

Partners from 15% to 33%

Social/Other from 4% to 5%

Taking Back the Upper Hand from DDoS Attackers

Attacked 70% 13%

Attackedmorethanonce 59% 12%

FoundoutfromCustomers 8% 1%

Requiredminimum3hourstoDETECT 22% 7%

Requiredminimum3hourstoRESPOND 19% 21%

Investingmorethanprevious12months 78% 13%

Experiencedmalwarew/DDoSattack 27% 10%

Experiencedcustomerdatalossw/DDoSattack 11% 9%

Experiencedransomwarew/DDoSattack 8% 18%

EMEA Financial Services remains under siege ( May 2016-17 )

10

F I N A N C I A L Key Insights:

• Ransomware doubled

• Financial industry being hit

more often, taking longer to

detect

• Response times slower, too

• Big shift to invest more in

DDoS defense

• Higher risk for malware and

data theft


Attacked 79% 7%

Attackedmorethanonce 61% 9%

FoundoutfromCustomers 18% 12%

Requiredminimum3hourstoDETECT 24% 34%

Requiredminimum3hourstoRESPOND 30% 24%

Investingmorethanprevious12months 70% 24%

Experiencedmalwarew/DDoSattack 27% 11%

Experiencedcustomerdatalossw/DDoSattack 12% 12%

Experiencedransomwarew/DDoSattack 12% 8%

EMEA Retail profitability could take a huge hit ( May 2016-17)

11

Key Insights:

• Retailers are taking MUCH

longer to detect and

respond

• Investment up to stem

potential revenue loss and

damages

• More customers are

noticing

• Ransomware is a growing

trend

R E TA I L


© Neustar, Inc. // Proprietary and Confidential

Mirai was quiet, but not forgotten Last year was historic and eye opening, and this year’s fast start is an indication this year will be no different. Attackers are crafty and keep finding new ways The emergence of new attack vectors proves once again that attackers are always looking for new ways to subvert defenses. Attacks continue to get more complex Now is the time to assess whether your defenses are sufficient to meet the threat posed by DDoS attackers. Resources are more at hand Both electronically and economically, attackers are finding it easier to incorporate DDoS into their cyber assaults.

Important insights to remember. TAKEAWAYS


Organizations seek to regain solid ground Last year was historic and eye opening for businesses around the world. It’s often more than just DDoS Nearly half of the respondent organizations indicated some form of breach or impact in conjunction with DDoS attacks. Keep working internally with key stakeholders Assess, plan, test, and communicate within the organization because the attacks will keep coming. Invest wisely to right size DDoS defenses Not all DDoS defenses are made equally. Some of the experienced gained by attackers last year was an operational understanding of DDoS defense business models.

Important insights to remember. TAKEAWAYS

©2017 Neustar Inc. All Rights Reserved 14 ©2017 Neustar Inc. All Rights Reserved

Today

4 TB

Q3

6 TB

Q4

8 TB

Q1 ‘18

10 TB

NEUSTAR TRIPLES SIZE OF GLOBAL DDOS DEFENSE NETWORK

More than 1.7 Tbps NOW in Europe – London, Frankfurt, Amsterdam

“Innovation is in our DNA at Neustar. We’re going well beyond any of our

competitors today and even visions I had 20 years ago”

- Barrett Lyon, DDoS Security Pioneer and Head of R&D


NEUSTAR SECURITY: MONITORING, ACCELERATING, AND DEFENDING

15


…checking your task box.

…hiding behind hardware.

…hoping attacks miss you.

Because.

It’s about more

than just…


• Watch for smokescreens, performance monitoring helps

• Scan IP traffic for anomalies

• Block known botnets and suspect ports

• Use recursive to interrupt Command-and-Control communication

• Be vigilant on GRE tunnel connections

• Assume something else is going on

• Good malware and phishing user awareness

Disrupting impact before it can hurt

Getting out from Under attack - TechWorld Event · Revenge, corporate espionage, politics, war and...

Documents

Transcript of Getting out from Under attack - TechWorld Event · Revenge, corporate espionage, politics, war and...