Getting out from Under attack - TechWorld Event · Revenge, corporate espionage, politics, war and...
Transcript of Getting out from Under attack - TechWorld Event · Revenge, corporate espionage, politics, war and...
Getting out from Under
attack DDoS Protection to defeat the Modern Threat
©2017 Neustar Inc. All Rights Reserved
The changing landscape of security
threats is driving an architectural shift:
Shifts Increased cloud adoption
Networks to applications
Disruption to data exfiltration
One-dimensional to multi-dimensional attacks
Challenges DDoS attacks continue to command attention
Application layer threats are more damaging
Threats provide little to no advance warning
before they wreak havoc
©2017 Neustar Inc. All Rights Reserved 2
WHY IT MATTERS
Volumetric Attacks
• >6.6 Gbps average size
• 41% lasted 1+ days
Multi-vector attacks
Majority of the attacks are multi-
vector. It combines volumetric and
application attacks
Motivation
Revenge, corporate espionage,
politics, war and cloaking
Attacks become
sophisticated As attacks go up the application
stack they become more and
more sophisticated.
Botnets
Infected machines & IoT devices
used for most attacks. Botnets are
becoming more and more
sophisticated.
Business Logic Attacks
Attackers attack the way
organizations do business.
THREAT TRENDS
©2017 Neustar Inc. All Rights Reserved 3
©2017 Neustar Inc. All Rights Reserved
2015
Largest
average attack
256
Gbps
Aug. 31, 2016
Attack against
Olympic
Websites
Sept. 16, 2016
Attack against
Brian Krebs
(Security Blog)
Sept. 19, 2016
Attack against
French ISP
Oct. 21, 2016
Attack impacted large
DNS Provider
500+
Gbps
650
Gbps
>1
Tbps
1.2
Tbps
Attacks driven by infected
IoT device botnets
>11 million infected IoT
devices and counting
Attacks taking down individual
organizations and service providers
4
• Sub-10Gbps attacks were down 5% but larger attacks were up 11% vs. year ago,
a clear indicator of the appearance of IoT-driven botnets as a DDoS attack vector
A NOTICEABLE SHIFT IN ATTACK SIZE
©2017 Neustar Inc. All Rights Reserved
Lessthan500Mbps
500-999Mbps 1-4.9Gbps 5-9.9Gbps 10-19.9Gbps 20-49.9Gbps 50-100Gbps 100+Gbps Don'tknow
20016 7% 10% 20% 16% 16% 10% 5% 3% 13%
2017 6% 11% 15% 15% 17% 13% 10% 5% 8%
0%
2%
4%
6%
8%
10%
12%
14%
16%
18%
20%
AxisTitle
10+ Gbps Attacks
Up +11% YOY
2016
2017
5
LAST YEAR, ATTACKERS SEIZED THE INITATIVE
©2017 Neustar Inc. All Rights Reserved 6
45% 84% 86%
Organizations attacked
Attacked more than Once
Attacked more than 5 times
23%
Reported Ransomware encountered
11% 4% - 53%
RELENTLESS: DDOS IS OFTEN A RACE AGAINST CRIME
©2017 Neustar Inc. All Rights Reserved 7
N O R T H A M E R I C A
E U R O P E A PA C
Experienced an Attack 88% 79% 82%
Malware Activated 48% 42% 34%
Experienced Ransomware 25% 27% 15%
Reported Customer Data Theft 33% 27% 34%
Reported Loss of Customer
Trust/Damage to Brand 26% 25% 26%
overall
experienced
breach w/DDoS attacks
45%
They are more
difficult to detect
©2017 Neustar Inc. All Rights Reserved 8
©2017 Neustar Inc. All Rights Reserved 9
DETECTION AND RESPONSE TIMES ARE SLOWING
Learned of attacks from 3rd party*
Customers are inadvertently taking on DDoS
attack monitoring
T I M E T O D E T E C T
T I M E T O R E S P O N D
Less than 1 hour 23% -5% 23% -3%
1-2 hours 26% -4% 29% -4%
3-5 hours 30% +5% 28% +4%
6-12 hours 15% +2% 14% +2%
12-24 hours 3% - 4% -
More than 1 day 3% +2% 2% +2% were told by Customers 11%
Non-IT Sources:
Partners from 15% to 33%
Social/Other from 4% to 5%
Taking Back the Upper Hand from DDoS Attackers
Attacked 70% 13%
Attackedmorethanonce 59% 12%
FoundoutfromCustomers 8% 1%
Requiredminimum3hourstoDETECT 22% 7%
Requiredminimum3hourstoRESPOND 19% 21%
Investingmorethanprevious12months 78% 13%
Experiencedmalwarew/DDoSattack 27% 10%
Experiencedcustomerdatalossw/DDoSattack 11% 9%
Experiencedransomwarew/DDoSattack 8% 18%
EMEA Financial Services remains under siege ( May 2016-17 )
10
F I N A N C I A L Key Insights:
• Ransomware doubled
• Financial industry being hit
more often, taking longer to
detect
• Response times slower, too
• Big shift to invest more in
DDoS defense
• Higher risk for malware and
data theft
Taking Back the Upper Hand from DDoS Attackers
Attacked 79% 7%
Attackedmorethanonce 61% 9%
FoundoutfromCustomers 18% 12%
Requiredminimum3hourstoDETECT 24% 34%
Requiredminimum3hourstoRESPOND 30% 24%
Investingmorethanprevious12months 70% 24%
Experiencedmalwarew/DDoSattack 27% 11%
Experiencedcustomerdatalossw/DDoSattack 12% 12%
Experiencedransomwarew/DDoSattack 12% 8%
EMEA Retail profitability could take a huge hit ( May 2016-17)
11
Key Insights:
• Retailers are taking MUCH
longer to detect and
respond
• Investment up to stem
potential revenue loss and
damages
• More customers are
noticing
• Ransomware is a growing
trend
R E TA I L
Taking Back the Upper Hand from DDoS Attackers
© Neustar, Inc. // Proprietary and Confidential
Mirai was quiet, but not forgotten Last year was historic and eye opening, and this year’s fast start is an indication this year will be no different. Attackers are crafty and keep finding new ways The emergence of new attack vectors proves once again that attackers are always looking for new ways to subvert defenses. Attacks continue to get more complex Now is the time to assess whether your defenses are sufficient to meet the threat posed by DDoS attackers. Resources are more at hand Both electronically and economically, attackers are finding it easier to incorporate DDoS into their cyber assaults.
Important insights to remember. TAKEAWAYS
Taking Back the Upper Hand from DDoS Attackers
Organizations seek to regain solid ground Last year was historic and eye opening for businesses around the world. It’s often more than just DDoS Nearly half of the respondent organizations indicated some form of breach or impact in conjunction with DDoS attacks. Keep working internally with key stakeholders Assess, plan, test, and communicate within the organization because the attacks will keep coming. Invest wisely to right size DDoS defenses Not all DDoS defenses are made equally. Some of the experienced gained by attackers last year was an operational understanding of DDoS defense business models.
Important insights to remember. TAKEAWAYS
©2017 Neustar Inc. All Rights Reserved 14 ©2017 Neustar Inc. All Rights Reserved
Today
4 TB
Q3
6 TB
Q4
8 TB
Q1 ‘18
10 TB
NEUSTAR TRIPLES SIZE OF GLOBAL DDOS DEFENSE NETWORK
More than 1.7 Tbps NOW in Europe – London, Frankfurt, Amsterdam
“Innovation is in our DNA at Neustar. We’re going well beyond any of our
competitors today and even visions I had 20 years ago”
- Barrett Lyon, DDoS Security Pioneer and Head of R&D
©2017 Neustar Inc. All Rights Reserved
NEUSTAR SECURITY: MONITORING, ACCELERATING, AND DEFENDING
15
©2017 Neustar Inc. All Rights Reserved 16
…checking your task box.
…hiding behind hardware.
…hoping attacks miss you.
Because.
It’s about more
than just…
Taking Back the Upper Hand from DDoS Attackers
• Watch for smokescreens, performance monitoring helps
• Scan IP traffic for anomalies
• Block known botnets and suspect ports
• Use recursive to interrupt Command-and-Control communication
• Be vigilant on GRE tunnel connections
• Assume something else is going on
• Good malware and phishing user awareness
Disrupting impact before it can hurt