DoS, DDoS and application attacks – are you ready?

Michael SoukonnikRadware Ltdmichaels@radware.com

2012 Radware Security Report: DDoS Attack Vectors

TCP - SYN Flood35%

IPv63%

ICMP4%

UDP7%TCP

Other3%

DNS10%

Web24%

SMTP9%

VoIP4%

Attack remained diversified between different attack types.This reflects attackers using multi-vector attacks.

SSL based attacks are on the rise

2

Complexity VolumeSpecific Application Resources are targeted

C/R bypass capabilities

Increased Bandwidth saturation

Usage of servers – more firepower

Volume attacks on DNS infrastructure

Network

Server

Application

Business

Attack Vectors

Volumetric network flood attacks

SSL based attacks

SYN flood attack

Application Flood attacks

Web attacks: XSS, Brute force

Port scan

“Low & Slow” attacks

Network scanIntrusion

Application vulnerability, malware

Web attacks: SQL Injection

3

On-Premises Mitigation

Cloud Mitigation

Attack Complexity

Attack Volume

Old fashion systems are volnurable

Radware Confidential Jan 2012 4

Firewall, IPS (even NG) cannot stop DDoS !

5

• Attacks become more complex (5-7 vectors)!

• Attacks become longer (days and weeks)!• More financially motivated attacks, but at

the same time more politically motivated attacks on government and private organizations ! You never know if you are on sight of future attack!

6

• It’s cheap (hundreds of $)!• Attacks become very powerful and use

server based botnets !• New attacking tools know how to

overcome not only legacy, but even newest protection systems

So – Nothing to do with that?

Radware Attack Mitigation System (AMS) and service

Mapping Security Protection Tools

Business

Network

Server

Application

Business

UDP Garbage flood on ports 80 and 443

SSL/TLS negotiation attacks

Server cracking attacks

SHUTDOWN

HTTPS flood attack

ICMP flood attacks

HTTP flood attack

9

SYN/TCP OOS flood attacks

Web attacks: XSS, SQL Injection, Brute force

DoS protectionBehavioral analysisSSL protectionIPSWAF

In the cloud DDoS protection

To fight back you need:• An integrated solution with all security technologies

• Mitigate attacks beyond the perimeter

10

Radware Attack Mitigation System (AMS)

11

AMS Deployment

DefensePro

Application Infrastructure

AppWallAlteon

• Mitigate all type of DDoS attacks

• Mitigate SSL attacks

• Mitigate web application exploits

12

Where to Detect?

Front-End

Perimeter

In the cloud

ProtectedOrganization

Alteon

Internet

Cloud mitigation services cannot detect attacks!

• Web attacks• Application misuse• Application connection

overflow

AMS provides the widest attack detection coverage!

• Network DDoS• SYN Floods• HTTP Floods• SSL Floods• Server cracking

13

Front-End

Perimeter

In the cloud

ProtectedOrganization

Alteon

Internet

Attack Mitigation System: Layers of Defense

Defense Messaging

Defense Messaging

Defense Messaging• Traffic baselines & real-time

signature information• Complete system in sync

Benefits• Detect where you can• Mitigate where you should• Optimize mitigation scalability

14

Front-End

Perimeter

In the cloud

ProtectedOrganization

Alteon

Internet

Attack Mitigation System: Scalable Defense Network

Defense Messaging

Defense Messaging

Volumetric DDoS attack that saturates

Internet pipe

ERT and the customer decide to divert the traffic

15

Front-End

Perimeter

In the cloud

ProtectedOrganization

Alteon

Internet

Attack Mitigation System: Mitigating the SSL Threat

HTTPS Floods

Encrypted web attacks

Defense Messaging

SSL Negotiation

Floods

Unique Solution Benefits• Detects all types of SSL encrypted attacks

•Non-vulnerable mitigation architecture

• Legitimate transactions go through without decryption

•Lowest latency approach

•FIPS compliant & common criteria certified solution

•Single vendor, integrated management

16

• Every governmental and business body may become an attack target• Attacks have more and more volume and complexity, covering L4-L7 simultaneously • Legacy types of security equipment cannot stop complex attacks• Cloud service and CPE cannot stop attacks working separately• Radware provides CPE (DDoS, DoS, Application attacks and WEB), Emergency Response Team 24X365 support and DefensePipe cloud service. Together it enables attack mitigation from its’ first seconds at CPE and volume network attack mitigation in cloud

Customer Success - Leading the DDoS Protection Market

18

Our Customers Select AMS

Financial Services Retail Services

Government, Healthcare & Education Carrier & Technology Services

19

We Protect Against the Top Attack Campaigns

20

Q&A