FIRST LINE OF DEFENSE
TheSecurityConsidera2onforIoT
DaveLarsonCOO&CTO
©2016Corerowww.corero.com
FIRST LINE OF DEFENSE
TheTbpsEra?
IoTDDoS
KrebsOVHDYN…
20+YearsofDoSACacks
First Hacktivist event: Zapatista National Liberation Army
DoS for Notoriety
MafiaBoy DDoS: Yahoo!, Amazon, Dell, CNN, Ebay, Etrade
Spammers discover botnets
Organized crime: Extortion
Estonia: Parliament, banks, media, Estonia Reform Party
1993 2013 1995 1997 1999 2001 2003 2005 2007 2009 2011
Anon hits Church of Scientology
Panix.net hit with first major DDoS
2016
Coordinated US bank attacks: Grew to 200 Gbps, and continue today
ProtonMail attack
Spamhaus attack: Reported to reach 310 Gbps
500 Gbps Hong Kong attack France swarmed after terror attack PlayStation & Xbox hit at Christmas
2017
Rio Olympics 540 Gbps
FIRST LINE OF DEFENSE
Sowhatexactlyisa‘thing’?§ IntheIOTa‘thing’canbemanythings
• Securitycamera,babymonitor,thermostat,DVR,LEDlightbulb,industrialcontroldevice,refrigerator,etc.
§ Itswhattheyhaveincommonthat’stheproblem• Generalpurposeprocessor• RunsLinux• Highspeedwired/wirelesstrustedconnecXon• OYendeployedindefaultconfiguraXon• Rarely,ifever,patchedorevenmonitored• LiClethoughtgiventosecurityarchitecture
©2016Corerowww.corero.com3
FIRST LINE OF DEFENSE
AnatomyofaBotnetDDoSACack
©2016Corerowww.corero.com4
A6ackerinstallscodethatcreatesacommandandcontrolenXtythatautomaXcallyidenXfiesandcompromisesanarmyofbots.
CommandandControlServerexecutesthecommandsthatputthebotnettowork.
BotnetanetworkofmalwareinfecteddevicescontrolledremotelybytheaCacker.
FIRST LINE OF DEFENSE
AnatomyofaBotnetDDoSACack
©2016Corerowww.corero.com5
Infecteddevicessendlargeamountsofbogustraffictotargetedserver(s)orservicesconnectedtotheInternet.
FIRST LINE OF DEFENSE
DDoSalwaysevolving-“IoT”upsthechallenge§ Gartner,Inc.forecaststhatInternetconnected
thingswillreach20.8billionby2020.§ MiraicodemadeavailableinearlyOct.–malware
spreadstodeviceswithfactorydefaultorhard-codedusernamesandpasswords
§ CountlessaCackvectorsandaCacktypesoutinthewild-NewlydiscoveredCLDAPvectorwithupto55xamplificaXonfactor
§ Newtechniques,combinaXonaCacks,DDoSforhireservicescoupledwithunlimitedmoXvaXonscreateavolaXleDDoSlandscape
©2016Corerowww.corero.com6 hCp://www.gartner.com/newsroom/id/3165317
FriendorFoe?
FIRST LINE OF DEFENSE
CommunityResponsibility
©2016Corerowww.corero.com7
TheCarriersthemselvesmustdomoretoenable‘cleanpipe’totheirdownstreamsubscribers—cleaningupaCacktrafficaswellasensuringthatcompromiseddevicesontheiraccessnetworkarequicklyidenXfiedandremediated
DeviceManufacturersmustputsecuritymeasuresinplace.NodeviceshouldconnecttotheInternet‘outofthebox’
OtherwisewewillhavegovernmentlegislaXonforcingCarriersandManufacturesofIoTdevicesaliketoworktowardeliminaXngtheproblem
FIRST LINE OF DEFENSE
NewBreedofBigger‘Surgical’DDoSACacks
8 ©2016Corerowww.corero.com
84% OF ATTACKS ARE
LESS THAN 10 MINUTES
1.6% OF ATTACKS ARE
GREATER THAN 5 Gbps
FIRST LINE OF DEFENSE
SophisXcatedMulX-LayeredACacks
9 ©2016Corerowww.corero.com
§ EnoughvolumetocrippletargetinfrastructureordesXnaXon§ AdvancedDoSaCackscraYedtoavoiddetecXon§ ShortduraXonsavoidlegacyDDoSscrubbingmiXgaXontechniques(TTM)
Ongoinglow-level,backgrounda6acks
Volumerampedto68Gbforafewminutes
Ini?alA6ackphase
FIRST LINE OF DEFENSE
DDoSProtecXonRecommendaXons1. DetermineWheretoProtectfromDDoS
• DefeaXngDDoSwithanalways-ondeploymentatthenetworkedge,removesthethreatfromyourenvironment
• LegacyapproachtomiXgaXoncannotkeepupwiththeevolvingthreatlandscape–(TTM)TimeToMiXgaXonandthescaleofaCacks(needtoinspecteverypacket)
• Newapproach,protecXngyourcustomeraswellasyourinfrastructure,allowsyoutheprovider,tomoneXzetheserviceandupliYexisXngservicesrevenue
2. ChoosetherightDDoSProtec2onServiceStrategy• TestsoluXonsforXmetomiXgaXon,performancecapability,scalabilityacrossyour
network,andautomaXcsecuritycoverage.• AnalyXcstoensureyoucanshowthevaluetoyourcustomerstomeettheir
requirements
10
The image part with relationship ID rId3 was not found in the file.
FIRST LINE OF DEFENSE
ThankYou!DaveLarson [email protected]
Top Related