Pravail 2.0 Technical Overview

Exclusive Networks

Page 2 - Company Confidential

Pravail Features and Benefits

‘Out-of-the-Box’ Protection §  Immediate protection from

threats with more control

Advanced DDoS Blocking §  Introduces new packet-based

DDoS detection & mitigation

Botnet Threat Mitigation §  Block dynamic botnet-based

DDoS attacks with AIF

Simple Deployment Models §  Easily fits IDC deployment

including inline

Cloud Signaling §  Stop volumetric DDoS attacks

by signaling upstream MSSPs Firewall Load

Balancer

Firewall Load

Balancer

Arbor Pravail APS

Public Web Servers

Corporate Servers

DNS Servers

SMTP Servers

Data C

enter Netw

ork

Arbor Pravail APS

Arbor Pravail APS is the a CPE-based

security appliance focused on stopping availability threats

Page 3 - Company Confidential

ATLAS Intelligence Feed (AIF)

§  Continuously updated feed of botnet threats to service availability

§  Layer 7 fingerprints focused on inbound botnet attack traffic –  Includes ASERT threat level and

confidence assessment

§  ASERT tracking hundreds individual botnets in the wild –  More added nearly every day

Inbound HTTP Botnet Attacks ASERT Severity Levels

IP Location Data

Page 4 - Company Confidential

Cloud Signaling

§  Utilize Cloud Signaling Coalition members for volumetric protection

§  Gain Volumetric &

Application protection from a single console!

Arbor Peakflow SP / TMS-based

DDoS Service

Arbor Pravail APS

Dat

a C

ente

r Net

wor

k Firewall / IPS / WAF

Publ

ic F

acin

g Se

rver

s

Subscriber Network Subscriber Network

Internet Service Provider 1. Service Operating

Normally 2. Attack Begins and Initially Blocked by

Pravail 3. Attack Grows Exceeding

Bandwidth

4. Cloud Signal Launched

5. Customer Fully Protected!

Cloud Signaling Status

Page 5 - Company Confidential

Pravail 2.0 Availability Protection System

§  Availability Protection System §  Inline layer-2 deployment (bump in the wire) §  In front of Firewall, IPS, WAF, load-balancer, etc … §  Including DPI (layer 7) inspection of traffic –  AIF signatures for detecting complex elements

§  Detect and protect against attacks at customer edge

Pravail APS Server FW, IPS, …

Page 6 - Company Confidential

The Failure of Existing Security Devices

Today’s CPE-based security devices focus on integrity & confidentiality but not on availability

DATA CENTER

IPS Load Balancer

Information Security Triangle

Product Family Triangle Benefit

Firewalls Integrity / Confidentiality

Enforce network policy to prevent unauthorized access to data

Intrusion Prevention System Integrity Block break-in attempts causing data theft

Firewalls and IPS device do not solve the DDoS problem because they (1) are optimized for other security problems, (2) can’t detect or stop distributed attacks, and (3) can not integrate with in-cloud security solutions.

IPS and firewall vendors will not win the arms race against hackers. Stateful device will always be threatened by state-exhausting attacks.

Firewalls and IPS devices are part of the DDoS problem!

Page 7 - Company Confidential

What happens to the traffic?

Static & Dynamic Packet Filters

BOTNET Attack Filters

(AIF-Signatures)

Malformed & Behavior Filters

Client Verification

Filters

Application Level Attack Filters

Intelligent BOTNET Attacks

Protocol Attacks

TCP Stack Attacks

Generic Application

Attacks

Generic Flood Attacks

§  Each client is checked by multiple intelligent filters

Page 8 - Company Confidential

Intelligent Filters … some Examples

Page 9 - Company Confidential

Welcome to Pravail!

Page 10 - Company Confidential

Summary - Page

§  Overview: –  Protection

Group(Group of Servers /Services)

–  Interface Traffic –  Total Traffic –  Passed Traffic –  Blocked Traffic –  Protection Group –  Cloud Signaling

Status –  System Status –  Change Log

Page 11 - Company Confidential

Protection Group – WebServer example - I

§  A Protection Group is a individual set of IPs of the same Server/Service Type. E.g. WebServer

§  Details: –  Total Traffic –  Passed Traffic –  Blocked Traffic –  Blocked Hosts –  Details per Attack

Prevention Type

§  Options: –  Time Period –  BPS/PPS –  PDF / EMAIL

Page 12 - Company Confidential

Protection Group – II

§  URL statistics

§  Domain statistics

§  Option to easily BLOCK Domains / URLs

Page 13 - Company Confidential

Protection Group – III

§  IP Location statistics

§  Option to easily BLOCK attacking countries

Page 14 - Company Confidential

Protection Group – IV

§  Protocol statistics

§  Service statistics

Page 15 - Company Confidential

Protection Group –V

§  Blocked Hosts statistics

§  Option to unblock hosts

Page 16 - Company Confidential

Summary – Mode, Protection Level, Cloud Help

§  Mode: –  Active –  Inactive

§  Protection Level: –  Low –  Medium –  High

§  Cloud Signaling –  Status –  Automatic –  Manually

Page 17 - Company Confidential

Prevention Types – Details I/VI

Page 18 - Company Confidential

Prevention Types – Details II/VI

Page 19 - Company Confidential

Prevention Types – Details III/VI

Page 20 - Company Confidential

Prevention Types – Details IV/VI

Page 21 - Company Confidential

Prevention Types – Details V/VI

Page 22 - Company Confidential

Prevention Types – Details VI/VI

Page 23 - Company Confidential

Pravail 2.0 APS - Cloud Signaling

Pravail APS Server FW, IPS, …

Pravail stand-alone inline protection §  Detects and defends attacks at customer edge §  Can ask for help to protect from volumetric attacks

larger than uplinks – mitigation must be performed upstream

Page 24 - Company Confidential

ISP - Cloud Signaling as a Managed Service

ISP uses Peakflow SP and TMS products in the cloud

DATA CENTER

IPS Load Balancer

Pravail APS

Peakflow SP and TMS

ISP DDoS protection §  Block volumetric attacks before

they reach the customer infrastructure

CPE-based DDoS protection §  Stop DDoS Attacks on the customer

premise §  Trigger Cloud DDoS protection for

volumetric attacks with Cloud Signaling

Cloud Signaling

Thank You