Pravail 2.0 Technical Overview - Jyväskylän...
Transcript of Pravail 2.0 Technical Overview - Jyväskylän...
Pravail 2.0 Technical Overview
Exclusive Networks
Page 2 - Company Confidential
Pravail Features and Benefits
‘Out-of-the-Box’ Protection § Immediate protection from
threats with more control
Advanced DDoS Blocking § Introduces new packet-based
DDoS detection & mitigation
Botnet Threat Mitigation § Block dynamic botnet-based
DDoS attacks with AIF
Simple Deployment Models § Easily fits IDC deployment
including inline
Cloud Signaling § Stop volumetric DDoS attacks
by signaling upstream MSSPs Firewall Load
Balancer
Firewall Load
Balancer
Arbor Pravail APS
Public Web Servers
Corporate Servers
DNS Servers
SMTP Servers
Data C
enter Netw
ork
Arbor Pravail APS
Arbor Pravail APS is the a CPE-based
security appliance focused on stopping availability threats
Page 3 - Company Confidential
ATLAS Intelligence Feed (AIF)
§ Continuously updated feed of botnet threats to service availability
§ Layer 7 fingerprints focused on inbound botnet attack traffic – Includes ASERT threat level and
confidence assessment
§ ASERT tracking hundreds individual botnets in the wild – More added nearly every day
Inbound HTTP Botnet Attacks ASERT Severity Levels
IP Location Data
Page 4 - Company Confidential
Cloud Signaling
§ Utilize Cloud Signaling Coalition members for volumetric protection
§ Gain Volumetric &
Application protection from a single console!
Arbor Peakflow SP / TMS-based
DDoS Service
Arbor Pravail APS
Dat
a C
ente
r Net
wor
k Firewall / IPS / WAF
Publ
ic F
acin
g Se
rver
s
Subscriber Network Subscriber Network
Internet Service Provider 1. Service Operating
Normally 2. Attack Begins and Initially Blocked by
Pravail 3. Attack Grows Exceeding
Bandwidth
4. Cloud Signal Launched
5. Customer Fully Protected!
Cloud Signaling Status
Page 5 - Company Confidential
Pravail 2.0 Availability Protection System
§ Availability Protection System § Inline layer-2 deployment (bump in the wire) § In front of Firewall, IPS, WAF, load-balancer, etc … § Including DPI (layer 7) inspection of traffic – AIF signatures for detecting complex elements
§ Detect and protect against attacks at customer edge
Pravail APS Server FW, IPS, …
Page 6 - Company Confidential
The Failure of Existing Security Devices
Today’s CPE-based security devices focus on integrity & confidentiality but not on availability
DATA CENTER
IPS Load Balancer
Information Security Triangle
Product Family Triangle Benefit
Firewalls Integrity / Confidentiality
Enforce network policy to prevent unauthorized access to data
Intrusion Prevention System Integrity Block break-in attempts causing data theft
Firewalls and IPS device do not solve the DDoS problem because they (1) are optimized for other security problems, (2) can’t detect or stop distributed attacks, and (3) can not integrate with in-cloud security solutions.
IPS and firewall vendors will not win the arms race against hackers. Stateful device will always be threatened by state-exhausting attacks.
Firewalls and IPS devices are part of the DDoS problem!
Page 7 - Company Confidential
What happens to the traffic?
Static & Dynamic Packet Filters
BOTNET Attack Filters
(AIF-Signatures)
Malformed & Behavior Filters
Client Verification
Filters
Application Level Attack Filters
Intelligent BOTNET Attacks
Protocol Attacks
TCP Stack Attacks
Generic Application
Attacks
Generic Flood Attacks
§ Each client is checked by multiple intelligent filters
Page 8 - Company Confidential
Intelligent Filters … some Examples
Page 9 - Company Confidential
Welcome to Pravail!
Page 10 - Company Confidential
Summary - Page
§ Overview: – Protection
Group(Group of Servers /Services)
– Interface Traffic – Total Traffic – Passed Traffic – Blocked Traffic – Protection Group – Cloud Signaling
Status – System Status – Change Log
Page 11 - Company Confidential
Protection Group – WebServer example - I
§ A Protection Group is a individual set of IPs of the same Server/Service Type. E.g. WebServer
§ Details: – Total Traffic – Passed Traffic – Blocked Traffic – Blocked Hosts – Details per Attack
Prevention Type
§ Options: – Time Period – BPS/PPS – PDF / EMAIL
Page 12 - Company Confidential
Protection Group – II
§ URL statistics
§ Domain statistics
§ Option to easily BLOCK Domains / URLs
Page 13 - Company Confidential
Protection Group – III
§ IP Location statistics
§ Option to easily BLOCK attacking countries
Page 14 - Company Confidential
Protection Group – IV
§ Protocol statistics
§ Service statistics
Page 15 - Company Confidential
Protection Group –V
§ Blocked Hosts statistics
§ Option to unblock hosts
Page 16 - Company Confidential
Summary – Mode, Protection Level, Cloud Help
§ Mode: – Active – Inactive
§ Protection Level: – Low – Medium – High
§ Cloud Signaling – Status – Automatic – Manually
Page 17 - Company Confidential
Prevention Types – Details I/VI
Page 18 - Company Confidential
Prevention Types – Details II/VI
Page 19 - Company Confidential
Prevention Types – Details III/VI
Page 20 - Company Confidential
Prevention Types – Details IV/VI
Page 21 - Company Confidential
Prevention Types – Details V/VI
Page 22 - Company Confidential
Prevention Types – Details VI/VI
Page 23 - Company Confidential
Pravail 2.0 APS - Cloud Signaling
Pravail APS Server FW, IPS, …
Pravail stand-alone inline protection § Detects and defends attacks at customer edge § Can ask for help to protect from volumetric attacks
larger than uplinks – mitigation must be performed upstream
Page 24 - Company Confidential
ISP - Cloud Signaling as a Managed Service
ISP uses Peakflow SP and TMS products in the cloud
DATA CENTER
IPS Load Balancer
Pravail APS
Peakflow SP and TMS
ISP DDoS protection § Block volumetric attacks before
they reach the customer infrastructure
CPE-based DDoS protection § Stop DDoS Attacks on the customer
premise § Trigger Cloud DDoS protection for
volumetric attacks with Cloud Signaling
Cloud Signaling
Thank You