dss itsec 2013 conference 07.11.2013 - radware - cyber attacks survival guide

Report

Post on 08-May-2015

274 Views

Category:

Technology

2 Downloads

Preview:

Click to see full reader

DESCRIPTION

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

TRANSCRIPT

DoS, DDoS and application attacks – are you ready?

Michael SoukonnikRadware Ltdmichaels@radware.com

2012 Radware Security Report: DDoS Attack Vectors

TCP - SYN Flood35%

IPv63%

ICMP4%

UDP7%TCP

Other3%

DNS10%

Web24%

SMTP9%

VoIP4%

Attack remained diversified between different attack types.This reflects attackers using multi-vector attacks.

SSL based attacks are on the rise

2

Complexity VolumeSpecific Application Resources are targeted

C/R bypass capabilities

Increased Bandwidth saturation

Usage of servers – more firepower

Volume attacks on DNS infrastructure

Network

Server

Application

Business

Attack Vectors

Volumetric network flood attacks

SSL based attacks

SYN flood attack

Application Flood attacks

Web attacks: XSS, Brute force

Port scan

“Low & Slow” attacks

Network scanIntrusion

Application vulnerability, malware

Web attacks: SQL Injection

3

On-Premises Mitigation

Cloud Mitigation

Attack Complexity

Attack Volume

Old fashion systems are volnurable

Radware Confidential Jan 2012 4

Firewall, IPS (even NG) cannot stop DDoS !

5

• Attacks become more complex (5-7 vectors)!

• Attacks become longer (days and weeks)!• More financially motivated attacks, but at

the same time more politically motivated attacks on government and private organizations ! You never know if you are on sight of future attack!

6

• It’s cheap (hundreds of $)!• Attacks become very powerful and use

server based botnets !• New attacking tools know how to

overcome not only legacy, but even newest protection systems

So – Nothing to do with that?

Radware Attack Mitigation System (AMS) and service

Mapping Security Protection Tools

Business

Network

Server

Application

Business

UDP Garbage flood on ports 80 and 443

SSL/TLS negotiation attacks

Server cracking attacks

SHUTDOWN

HTTPS flood attack

ICMP flood attacks

HTTP flood attack

9

SYN/TCP OOS flood attacks

Web attacks: XSS, SQL Injection, Brute force

DoS protectionBehavioral analysisSSL protectionIPSWAF

In the cloud DDoS protection

To fight back you need:• An integrated solution with all security technologies

• Mitigate attacks beyond the perimeter

10

Radware Attack Mitigation System (AMS)

11

AMS Deployment

DefensePro

Application Infrastructure

AppWallAlteon

• Mitigate all type of DDoS attacks

• Mitigate SSL attacks

• Mitigate web application exploits

12

Where to Detect?

Front-End

Perimeter

In the cloud

ProtectedOrganization

Alteon

Internet

Cloud mitigation services cannot detect attacks!

• Web attacks• Application misuse• Application connection

overflow

AMS provides the widest attack detection coverage!

• Network DDoS• SYN Floods• HTTP Floods• SSL Floods• Server cracking

13

Front-End

Perimeter

In the cloud

ProtectedOrganization

Alteon

Internet

Attack Mitigation System: Layers of Defense

Defense Messaging

Defense Messaging

Defense Messaging• Traffic baselines & real-time

signature information• Complete system in sync

Benefits• Detect where you can• Mitigate where you should• Optimize mitigation scalability

14

Front-End

Perimeter

In the cloud

ProtectedOrganization

Alteon

Internet

Attack Mitigation System: Scalable Defense Network

Defense Messaging

Defense Messaging

Volumetric DDoS attack that saturates

Internet pipe

ERT and the customer decide to divert the traffic

15

Front-End

Perimeter

In the cloud

ProtectedOrganization

Alteon

Internet

Attack Mitigation System: Mitigating the SSL Threat

HTTPS Floods

Encrypted web attacks

Defense Messaging

SSL Negotiation

Floods

Unique Solution Benefits• Detects all types of SSL encrypted attacks

•Non-vulnerable mitigation architecture

• Legitimate transactions go through without decryption

•Lowest latency approach

•FIPS compliant & common criteria certified solution

•Single vendor, integrated management

16

• Every governmental and business body may become an attack target• Attacks have more and more volume and complexity, covering L4-L7 simultaneously • Legacy types of security equipment cannot stop complex attacks• Cloud service and CPE cannot stop attacks working separately• Radware provides CPE (DDoS, DoS, Application attacks and WEB), Emergency Response Team 24X365 support and DefensePipe cloud service. Together it enables attack mitigation from its’ first seconds at CPE and volume network attack mitigation in cloud

Customer Success - Leading the DDoS Protection Market

18

Our Customers Select AMS

Financial Services Retail Services

Government, Healthcare & Education Carrier & Technology Services

19

We Protect Against the Top Attack Campaigns

20

Q&A

top related

2014 handbook - radware
Documents
radware, ltd., v. a10 networks, inc. -...
Documents
dss itsec conference 2012 - radware - protection from ssl...
Technology
radware defensepro product family security...
Documents
#vmugmtl - radware breakout
Technology
dss itsec 2013 conference 07.11.2013 - samsung knox - first...
Technology
dss itsec 2013 conference 07.11.2013 - for your eyes only -...
Technology
radware appdirector
Documents
ddos mitigation - defensepro - radware
Sales
dss itsec 2013 conference 07.11.2013 - ibm security strategy
Technology
radware link loadbalancer_migration plan_v1.1
Documents
radware ddos handbook 2015
Documents
dss itsec 2013 conference 07.11.2013 -radware - protection...
Technology
informante 07.11.2013 (ed 408)
Documents
radware state of_the_union_report_winter_2013-14
Technology
dss itsec 2013 conference 07.11.2013 - searchinform
Technology
radware ltd
Documents
radware ig feb 2011
Documents
radware ams brochure
Documents
dss itsec 2013 conference 07.11.2013 - cert.lv
Technology