Rewriting the Rules for DDoS Protection in 2015
-
Upload
stephanie-weagle -
Category
Technology
-
view
237 -
download
2
Transcript of Rewriting the Rules for DDoS Protection in 2015
![Page 1: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/1.jpg)
Re-Writing the Rules for DDoS Defense On-Prem + Cloud Based Protection
Stephen Gates - Chief Security Evangelist
© 2014 Corero www.corero.com
![Page 2: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/2.jpg)
DDoS Attacks, 2013-2014
Total Attack Bandwidth GbpsData shown represents the top ~2% of reported attacks
JUN 1 JUL 1 AUG 1 SEP 1 OCT 1 NOV 1 JAN 12014
FEB 1 APR 1 MAY 1MAR 1 JUN 1 JUL 1
100
200
300
400
DEC 42013
MAR 17 2014 JUNE 23 2014HONG KONG VOTING SITES
JUNE 21 2013
AUG 92013
DEC 1
MAR 29 2014DEC 31 2013MAJOR HOSTING
SITES
Source: Network Computing/Ponemon Institute
© 2014 Corero www.corero.com2
20% of data center downtime is caused by a DDoS attack86 minutes is an average of data center
downtime due to DDoS attacks$8K per minute is the average cost of this downtime$700K per incident is the
average cost of a DDoS outage
Source: Digital Attack Map - DDoS attacks around the globe
![Page 3: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/3.jpg)
DDoS Digital Attack Map
© 2014 Corero www.corero.com
http://www.digitalattackmap.com/
Volumetric
Application
TCP Connect
Fragmented
According to a recent survey conducted by the SANS Institute…
“The most damaging DDoS attacks mix volumetric attacks with targeted, application-specific attacks.”
![Page 4: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/4.jpg)
Are the attackers getting smarter?
Researchers are finding an uptick in the number of new techniques
Attackers defeating traditional protection (Firewall, ACL, Blackhole)
Attackers are developing new methods of bypassing defenses
© 2014 Corero www.corero.com
![Page 5: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/5.jpg)
High Orbit ION Cannon
HULK SlowHTTPtest
Hping3 NMAP
Metasploit
Slowloris
Low Orbit ION Cannon
www.yoursite.com
KillApache.pl
What tools are the attackers using?
© 2014 Corero www.corero.com
![Page 6: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/6.jpg)
Can your existing security layers handle the onslaught?
Volumetric Attack Components
Bandwidth Saturation
Connection Saturation
Spoofed Connections
Reflections/Amplifications
Fragments
Partial Saturation
6 © 2014 Corero www.corero.com
![Page 7: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/7.jpg)
Concerns with partial saturation attacks
Beyond very small attacks exhausting or slowing a particular resource
Worse than traditional attacks targeted at disabling infrastructure
New attacks that are a diversion for some larger threat (data exfiltration, planting malware, etc.)
7 © 2014 Corero www.corero.com
![Page 8: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/8.jpg)
Businesses need protection from the InternetWith a first line of defense that:
network/service outages by blocking attacks in real time
PREVENTS
the effective life of your existing
security investments
EXTENDS
insight into attacks and evolving threats
PROVIDES
customers can access online
services
ASSURES
© 2014 Corero www.corero.com8
![Page 9: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/9.jpg)
Proper DDoS ProtectionThree options
© 2014 Corero www.corero.com9
On-Premises
Hybrid
Cloud/Hosted
Hybrid
![Page 10: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/10.jpg)
On-premises and in-line
• Always-on, real-time protection
• Complete, comprehensive security event visibility
• Inspection, analysis, alerting and real-time mitigation
• Protects against layer 3–7 attacks
• Do-no-harm approach
Threat mitigation benefits
10
![Page 11: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/11.jpg)
On-premise and in-line:
• Improved response time and mitigation for the vast majority of attacks
• Allows highly-trained staff to focus on more nefarious threats
• Broad protection at all layers protects critical infrastructure and optimizes its performance
• Service availability protects business integrity, and increases productivity
Operational benefits
11
![Page 12: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/12.jpg)
On-premises and in-line:
• Fraction of the cost compared to scrubbing or out of band solutions
• Protects downstream security investments
• Allows skilled (and highly-paid) staff to focus on higher-layer threats, not mundane operational tasks
Cost benefits
12
![Page 13: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/13.jpg)
Cloud/Hosted Scenario
If scrubbing is an option that your business is committed to, consider the following:• Always on, or on demand
• Cost implications
• Total event traffic captured and analyzed
• Manual/human intervention
• Duration of large scale attacks
• Application layer attacks
13
![Page 14: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/14.jpg)
What will it take to eliminate this problem?
© 2014 Corero www.corero.com14
Service Provider Defenses
L3-L4
AttackTraffic
AttackLeakage
GoodTraffic
Protected CriticalInfrastructure
Good Traffic
Attack Traffic
On-PremisesDefenses L3-L7
GoodTraffic
GoodUsers
AttackersN
Always on
RedirectionMethod
Attack Type
Size of Attack
Base Service
$
$$
$$$
$$$$
Cloud Service Pricing
30 Mins.
20Mins.
10 Mins.
Attack Begins
Attack Detected
Rerouted to Scrubbing
Center
Time to Reroute
Attack Detection to Prevention Process
![Page 15: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/15.jpg)
Conclusions: There is no one-size-fits-all solution
15
r
Plan for day-to-day protection against baseline attacks
Consider solutions that you can turn around and monetize
Think about the cost of mitigation in
a 24/7 attack environment:
human and capital
Prepare for larger sustained
attacks and massive spikes
What is Your DDoS Protection Plan?
![Page 16: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/16.jpg)
Advanced DDoS/Cyber Threat Protection
Comprehensive Visibility
© 2014 Corero www.corero.com16
Next Generation Architecture
![Page 17: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/17.jpg)
Corero SmartWall® Network Threat Defense
ADVANCED DDOS & CYBER THREAT DEFENSE TECHNOLOGY
BUILT ON NEXT GENERATION ARCHITECTURE
COMPREHENSIVE ATTACK VISIBILITY & NETWORK FORENSICS
SmartWall Threat Defense System (TDS)
Enterprises & Service/Hosting Providers
On-Premises or Cloud deployments
Protection in modular increments of 10 Gbps
In-line or scrubbing topologies
© 2014 Corero www.corero.com17 Confidential
![Page 18: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/18.jpg)
Comprehensive Visibility
SecurityEvents
ThreatIntelligence
System HealthData
ForensicsData
NetworkStatistics
Powered by
Corero First Line of Defense®
VALUABLE RAW DATA
ACTIONABLE SECURITY ANALYTICS & VISUALIZATION
Real-time Dashboards
Historical Reporting Forensic AnalysisBehavioral Analysis
Virtual SOC Portal
Powerful Analytics Engine
© 2014 Corero www.corero.com18
10:00 PM
![Page 19: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/19.jpg)
Visibility – Attack Analytics & Reporting
© 2014 Corero www.corero.com
![Page 20: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/20.jpg)
Internet
Corero SecureWatch® Analytics Portal
Corero Secure Operations Center CORERO SOC CAN REMOTELY ASSIST CUSTOMERS AND PARTNERS Corero Partner
CORERO PARTNERS CAN VIEW DASHBOARDS OF CUSTOMERS THEY MANAGE
Corero CustomerCORERO CUSTOMERS CAN VIEW DASHBOARDS OF THEIR OWN DATA
DASHBOARD 1 DASHBOARD 2
DASHBOARD 3 DASHBOARD 4
DASHBOARD 5
DASHBOARD 6
Corero SecureWatch Analytics App
Site A Site B
© 2014 Corero www.corero.com20
![Page 21: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/21.jpg)
First Line of Defense Applications
© 2014 Corero www.corero.com8
Protected CriticalInfrastructure and Services
In the CloudService providers, IT hosting and Cloud providers
On Premises Enterprises – financial services, e-commerce providers,
gaming, education
1- 10 Gbps
SLB/ADC
IPS/APT
WAF
SP
Internet
![Page 22: Rewriting the Rules for DDoS Protection in 2015](https://reader033.fdocuments.in/reader033/viewer/2022052912/55a20aa11a28aba0368b46b3/html5/thumbnails/22.jpg)
© 2014 Corero www.corero.com22
Arrange for a proof of conceptLearn more at: www.corero.com
Join the Conversation@Corero
@StephenJGates@SecurityBistro
Corero Security Blog – The Security Bistrowww.securitybistro.com
NEXT STEPS