ebook the imminent threat of application attacks and how to defend against them
DESCRIPTION
eBook the Imminent Threat of Application Attacks and How to Defend Against ThemTRANSCRIPT
-
How do you stop what you cant see?The Imminent Threat
of Application Attacks
and How to Defend
Against Them
-
The Unseen Threat That Targets Your Network Its that tingling sensation on the back of your neck. You dont see anything, but just know somebodys
lurking, waiting to attack.
Nothing bad has happened yet.
But the feeling casts a dark shadow over the security
of your network.
News headlines only heighten the fear. Reports of high-
profile sophisticated attacks on carrier and enterprise
networks are increasing in number and severity.
-
How do You stop wHat You caNt see? 3
What its not consistently detecting are the massive application attacks
bombarding your servers from every angle, looking for ways to sneak
in to cause harm.
And they are getting in, causing slowdowns in network speed and service
outages. Youre likely not aware that these sneaky invaders are the cause
because your current network security solution provides limited defense
against application attacks and requires manual steps to intervene.
Right now, your customers may not feel the impact or may misdiagnose
attack symptoms as network congestion. But the odds are not in your favor.
Its a matter of when not if a massive application attack will compromise
your network and the data that passes over it.
How do you stop what you cant see?
Many carriers are in the dark about the number and severity of application attacks targeting their networks every day because current network security solutions are focused only on network layer attacks. Application attacks get through by targeting servers at Layer 7.
Your current network
security solution may give
you some peace of mind,
but its likely an illusion.
-
How do You stop wHat You caNt see? 4
01 Rising out of the Darkness
-
The promise of the Internet
to revolutionize our lives is
exciting. Smartphones are
sophisticated control centers
that help manage our lives,
finances, homes and
businesses. Networks are
the central nervous systems
of enterprises, relaying
critical data that powers
how business gets done.
Soon everything will be connected. M2M connections and other Internet-
ready devices will talk to each other, eliminating the need for human intervention
to order stock, operate vehicles, regulate buildings and so much more.
But lurking in the shadows are bad actors looking for ways to infiltrate
networks to cause harm. Barely a week goes by without a news report
about a security breach at a Fortune 500 company, such as Sony, Target
or Anthem. Enterprises must be vigilant to protect their customers data
and business systems from both internal and external attackers.
Attacks at enterprises are well publicized. Most reports dont consider that
attacks were first transported on carrier networks before reaching enterprise
networks. This creates an obligation and an opportunity for carriers.
Obligation: Carriers must be vigilant in protecting both their own networks and
those of their customers while at the same time providing a high-available,
high-performance network.
Opportunity: Providing enhanced security protection services for enterprise
traffic is a potential new revenue source.
The installed base of the Internet of Things is forecast to be more than 220 billion devices by 2019, according to Business Insider.
How do You stop wHat You caNt see? 5
-
The U.S. government
recently declared a national
emergency, prompting
an executive order for
a sanctions program
designed specifically to
target foreign hackers.
TARgETIng CARRIERS
The bigger threat is the dramatic increase in sophisticated multivector attacks
on carrier networks. Carriers are on guard for DDoS attacks at the network layer
with security solutions monitoring for and mitigating volumetric attacks. But the
recent service slowdown at Rackspace illustrates that DnS attacks are still able
to cripple a network.
Managing for network layer
assaults isnt enough. As the
methods that hackers use to
attack networks grow more
sophisticated, theyre shifting
their strategies from volumetric
to application attacks. Unfortu-
nately, network security systems
deployed at most carriers are
in the dark when comes to zero-
day application attacks and
recognizing the thousands of
application attacks that hit
networks every day. Dirty traffic
gets through the solutions filters
causing network slowdowns
or worse. Verizon works closely with enterprise customers to keep them up-to-date on evolving network threat patterns. verizonenterprise.com/DBIR
US
ED
WIT
H P
ER
MIS
SIO
N F
RO
M V
ER
IZO
N.Security experts like to say that
there are now only two types of companies left in the United States: those that have been hacked and those that dont know theyve been hacked.New York Times The Year in Hacking, by the numbers
How do You stop wHat You caNt see? 6
-
ddos attacks Hit Multiple Network Layers
Network
51%Application
49%%
DNS
16%
SMTP
9%
VoIP
1%
IPv6
1%
DN
16%
S
Web(HTTP/HTTPS)
23%
Network
51%
VoIPVV
1%
6IPv6
%1%
NS
6%
SMTP
9%
S)
1TCP-SYN Flood
18%
UDP
16%
ICMP
6%
TCP -Other
10%
2014
DDoS attacks target multiple network layers,
but legacy network security solutions are
primarily focused on volumetric attacks
with very manual procedures for application
attacks. The Radware global Application &
network Security Report 20142015 finds
that attacks are evenly split between network
and application levels.
How do You stop wHat You caNt see? 7
-
Who knows what evil
lurks in the hearts of men?
The Shadow knows!Opening line from the 1930sAmerican radio show, The Shadow
How do You stop wHat You caNt see? 8
02 Shots in the dark
-
It corresponds directly to the extreme increase in general and high-value
traffic. As more critical data and services travel carrier networks, more bad
guys are taking shots in the dark, hoping to find ways in.
Theres a simple reason
why the number and
sophistication of attacks
on carrier networks is
growing dramatically.
How real is the threat of attack? See it live on Norse Corporations attack tracking website, which details in real-time attack types, their origin and targets. http://map.ipviking.com/
Globally, business-to-consumer e-commerce sales are approaching $2 trillion per year. Hackers are looking for ways to take advantage of the transactions.
Automating Defenses Against Increasingly Sophisticated DDoS Attacks, Patrick Donegan, Senior Analyst, Heavy Reading
US
ED
WIT
H P
ER
MIS
SIO
N F
RO
M N
OR
SE
CO
RP
OR
AT
ION
How do You stop wHat You caNt see? 9
-
SOPHISTICATED ATTACk ECOSYSTEMS
network security solutions can rely on a number of security
events and network statistics from multiple sources to identify
attacks. There is no single motivation when it comes to bad
actors because there are many types of attackers.
criminals seek to make money from stolen digital assets
cyberwarrior governments or organizations that seek to gain
advantage by stealing Ip (Intellectual property)
Hacktavists bad actors seeking to make political statements
Carriers face thousands of attacks every day. network breaches
can even impact carriers with massive security resources. The
trend is shifting to large encrypted attacks that are continuous and
morph over time, placing carriers in need of real-time protection.
Attacks are coordinated to take advantage of server-based
botnets to conduct well-orchestrated assaults using geographically
dispersed server infrastructures that probe networks, looking for
ways in. A recent neustar study finds that 91 percent of respondents
say DDoS attacks are a comparable or bigger threat than they
were last year, and 85 percent of companies are attacked multiple
times. new onslaughts are launched in a matter of days or even
hours after encountering a new defense.
The ecosystem of threats is complex, well funded and ready to take
advantage of the number of devices connected to networks and
the ease of launching massive attacks to find cracks in network
security. In most cases, the sandbag approach of protecting the
perimeter of the network is no longer a sound strategy.
THE SHADOW OF THE ClOUD
Reliance on Cloud Services by enterprises to store data and
business applications compounds the issue by adding new
vulnerabilities to networks. The benefits of Cloud Services are
compelling: lower cost and greater speed. But on-premises
attack mitigation tools are ineffective against attacks targeting
applications in the cloud.
Enterprises that use Cloud Services rely solely on the service
provider for security because they no longer have internal
resources to monitor and safeguard digital assets. Its an
attractive model for hackers. Cloud Services require multitier
protection to safeguard the network, applications and the cloud
tenant. The most robust solution includes a hybrid architecture
consisting of hardware both on-premise and in the cloud. In
this architecture the elements can intelligently signal each other
in real-time to form a comprehensive and coordinated attack
detection and mitigation system.
How do You stop wHat You caNt see? 10
-
lEgACY SECURITY SOlUTIOnS BlInD TO
APPlICATIOn ATTACkS
The network security solution deployed by most carriers doesnt
provide a complete picture of whats attacking their networks.
generally, volumetric attacks at the network layer and even some
well-known application attack vectors are sensed and mitigated.
Thats what the current solution is designed to handle. But the top
customer complaints are that it takes too long, requires manual
intervention and has a high rate of false positives. Theres a
troubling blind spot when it comes to new and changing
application attacks.
During application attacks, targeted commands are sent to
applications to overwhelm the central processing unit (CPU) and
memory. When the attack goes undetected, this noisy traffic
can slow traffic significantly, or even cause network outages.
If legacy network security solutions do recognize an application
attack, it can take minutes or hours to troubleshoot the unknown
signature in the application layer. Mitigation requires labor-intensive
manual intervention because theres no automated method to
handle zero-day attacks new malicious attacks that do not
have a known signature. By the time that the security team has
developed a strategy, the attackers have likely morphed to new
signatures. Carriers need a better way to protect their networks
against application attacks.
what is an application attack?
In an application attack, hackers target the application layer Layer 7
of networks. Its different from network attacks that target Layers 23, the
transport and routing layers. Application attacks hone in on specific
applications or functions by mimicking legitimate user traffic with the intent
to cripple functionality or gain access to digital assets.
The U.S. Department of Homeland Security lists the protocols that hackers use
to gain access to networks in its DDoS Quick guide (http://1.usa.gov/1DJLArf):
FTP, HTTP, POP3 and SMTP. There are a variety of types of application attacks
that seek to extract confidential information, distribute illegal content and cause
harm to networks. See next page for guide.
The 10 Most Common Application Attacks in Action
How do You stop wHat You caNt see? 11
-
types and purposes of application attacks
Types of Application Attacks
Purpose of Attacks
Confidential personal information
Social Security numbers with or without names Credit card information Personal identity information
Criminal activity/ investigation
Subpoenas, search warrants or court orders Litigation hold requests (aka e-Discovery) Online theft, fraud Threatening communications Child pornography Physical theft, break-ins
Malicious code activity Worm, virus, Trojan Botnet Keylogger Rootkit
Reconnaissance activity
Port scanning Other vulnerability scanning Unauthorized monitoring
Rogue server or service
Rogue file/FTP server for music, movies, pirated software, etc.
Phishing scam Web servers Botnet controllers
Spam source Spam relays Spam hosts
Spear Phishing Scam e-mails targeting organizations e-mail addresses to trick people into divulging private information
Unauthorized access Abuse of access privileges Unauthorized access to data Unauthorized login attempts Brute force password cracking attempts Stolen passwords
Unpatched vulnerability
Vulnerable operating systems Vulnerable applications Vulnerable websites/services Weak or no password on accounts
Web/BBS defacement Defacement of websites Redirected websites
How do You stop wHat You caNt see? 12
S O U R C E : K A N S A S S TAT E U N I V E R S I T y I N F O R M AT I O N T E C H N O L O gy S E R V I C E S
For the complete list of security incidents and source references, visit this kansas State University Information Technology Services page.
-
How do You stop wHat You caNt see? 13
03 Out of the shadows, into the network
-
Currently, carriers may be confident that their network security solution is
detecting and mitigating DDoS attacks. All the reports generated by the
solution show the number and severity of attacks as well as how they were
thwarted. Unfortunately, we know its a false sense of well-being because
dirty traffic in the form of sophisticated application attacks is getting through
security filters. no major outages or data breaches have been attributed to
application attacks yet, so why should carriers care?
MAInTAInIng A SUnnY REPUTATIOn
The impact of application attacks on carriers and their customers takes
many forms:
Service degradation
network outages
Data exposure
Consumption of bandwidth resources
Consumption of system resources
Network security is a priority
for every carrier worldwide.
Investments in human
resources and technology
solutions to combat attacks
are a significant part of
carriers network operating
budgets. The goal is to
protect their networks by
staying a few steps ahead
of hackers.
How do You stop wHat You caNt see? 14
-
persistence pays off for hackers
Recently, a leading European carrier that offers fixed, mobile, Internet and cable services was
targeted with an attack at the application layer of its network. Hackers used an attack that
carefully scanned every maintenance port on the network until an open port was detected.
Within seconds, the hackers were able to get into the network and ping every connected
device. The result: massive capacity overload that crashed network equipment and delayed
service until restoration.
An after-the-fact analysis of the attack revealed that the velocity of the assault varied between
high and medium, and spiked periodically, to avoid DDoS shield alerts.
Minutes to Compromise. Months to Discover.
DAYS
Radware has determined that
75%of application attacks take
just minutes to compromise networks.
MInUTES
legacy network security solutions take months to discover
50%of the initial compromises,
long after they have harmed the networks.
MOnTHS
Application attacks put carriers reputations at risk.
For customers, a small slowdown in services may
not be a big deal initially. But as the number and
severity of application attacks increase, clogged
pipes and slow services are not going to be accept-
able. Carriers sell services based on speed and
reliability. Bad press about service outages and
data compromises has long-lasting negative
effects. Then add the compounding power of
social networking to quickly spread the word
about service issues, and you have a recipe for
reputation disaster.
A large segment of carriers high-value customers
have zero tolerance for service interruption. There
is a direct correlation between service outages and
user churn.
Businesses with security breaches are a cautionary
tale for carriers. A recent Forbes article points to the
rise of the Chief Security Officer as the corporate
rock star of the future that protects his or her
company from cyberthreats and holds their network
partners accountable to do the same.
How do You stop wHat You caNt see? 15
-
How do You stop wHat You caNt see? 16
04 Whats hiding in the shadows?
-
In 2014, attack campaigns were primarily composed of multiple attack
vectors, according to the Radware Global Application & Network Security
Report 20142015. The report finds that multiattack vector campaigns
have become so commonplace that to have a campaign with a single
attack vector is far more exotic.
Attack vectors include:
SYn Flood
UDP Flood
DnS Flood
HTTP Application Flood
SSl Flood
Attackers prefer to keep a target busy by launching one or a few attacks at a
time rather than firing the entire arsenal all at once. Carriers may be successful
at blocking four or five attack vectors, but it only takes one failure for the
damage to be done.
Its safe for carriers to assume
that their networks are always
under attack. DDoS attack
volume is escalating as hackers
develop new and more tech-
nologically sophisticated ways
to target carriers and their
customers.
How do You stop wHat You caNt see? 17
-
SSl-EnCRYPTED ATTACkS
Attackers understand that small SSl
attacks can cause large problems
based on both the encryption tunnel,
which hides the attack itself, and an
understanding that legacy systems
require large amounts of CPU capac-
ity to decrypt and detect attacks and
therefore can be easily overwhelmed.
nEW lOW AnD SlOW ATTACkS/
ADvAnCED PERSISTEnT THREATS
very patient attacks that slowly
drain server resources over time.
Zero-day attacks of this type can
be extremely difficult to detect,
since there is low probability that
an attack is active at any point
in time.
ATTACkS FROM BEHInD CDns
Attacks launched from behind a
CDn, which is used to mask the
source IP address and target the
vulnerability of legacy systems
trying to find and block the
attackers source IP address.
HEADlESS BROWSER REQUESTS
Tools that function as a browser
but without the graphical user
interface. They can be used to
bypass third-generation HTTP
challenges. Their goal is to take
websites down.
Hackers use a variety of
advanced techniques to
target carrier networks.
BOTnET ATTACkS FROM
MUlTIPlE IP SOURCES
Attacks that target legacy DDoS
systems with malware that infects
multiple IP devices and then
uses this network of computers
to coordinate an attack from a
changing list of IP addresses.
How do You stop wHat You caNt see? 18
18
-
WHAT IS A ZERO-DAY ATTACk?
Zero-day attacks are the latest, never-before-seen generation
of attacks. They are not volumetric or detectable from a known
application signature. Security systems and experts must
react instantly to solve the new issues, that is, they have zero-
days to react. Advanced application-level attacks typically fit
into this category.
nEW ZERO-DAY ATTACkS TYPICAllY HAvE TWO DISTInCT PHASES:
1 probe and Learn: Hackers assess network defenses and probe for
vulnerabilities, looking for different weaknesses and
identifying the type of attacks that will potentially
be effective. Its like an archer who picks the best
arrows to put in his quiver before battle.
For example, a hacker may determine that a combi-
nation of encrypted attacks, attacks from a rotating
IP address source, new low and slow attacks and
headless browser attacks will be most effective.
2 optimize, Morph and attack: Hackers launch the attack and then vary the attack
vectors (or arrows from the quiver). In this case,
hackers often understand that legacy DDoS mitigators
need manual intervention to troubleshoot and mitigate
a zero-day attack. So they attack the weakness of
the legacy mitigator (multiple manual troubleshooting
cycles to stop an attack) in addition to attacking the
application vulnerabilities.
A recent attack at a North American hospital occurred over the course of about two weeks in which hackers probed the network for a few days to learn its weaknesses and then launched the assault that morphed over time to take advantage of vulnerabilities.
28
24
20
16
12
8
4
0
April 13April 11 April 15 April 17 April 19 April 21 April 23 April 25 April 27
GB
PE
R S
EC
ON
D
1
2
How do You stop wHat You caNt see? 19
-
WHO ARE THE ATTACkERS?
Richard Clarke, former special cybersecurity advisor to the
U.S. president, devised an acronym C.H.E.W. to categorize
and explain the origin of cyberattacks threatening carriers
and enterprises.
Cybercrime the notion that someone is going to attack you
with the primary motive being financial gain from the endeavor.
Hacktivism attacks motivated by ideological differences.
The primary focus of these attacks is not financial gain but
rather persuading or dissuading certain actions or voices.
Espionage straightforward motive of gaining information on
another organization in pursuit of political, financial, capitalistic,
market share or some other form of leverage.
War (Cyber) the notion of a nation-state or transnational
threat to an adversarys centers of power via a cyberattack.
Attacks could focus on nonmilitary critical infrastructure.
The attackers can range from a tech-savvy teenager to a highly
organized group that taps into huge server farms in places like
Russia and Ukraine to facilitate attacks.
The types of hackers are as varied that the methods they employ
and include:
APTs (advanced persistent threats) agents
Corporate spies
Cybercriminals
Cyberwarriors
Hacktivists
Rogue hackers
Spammers and malware spreaders
The U.S. Federal Bureau of Investigation (FBI) offers a US$3 million reward for Russian cybercriminal Evgeniy Bogachev who was charged with numerous counts, including conspiracy, wire, bank and computer fraud, and money laundering. Hes just one of the FBIs most wanted cybercriminals.
WANTEDBY THE FBI
EvgENIY BogAcHEv
How do You stop wHat You caNt see? 20
-
AnOnYMOUS CASTS A SHADOW
With a guy Fawkes mask as their symbol, Anonymous is a loosely
organized, secret hacktivist organization, which has gained notori-
ety since its formation in 2003. The group takes responsibility for
many of the major politically motivated cyberattacks that have
occurred over the last few years. Since its inception on the
image board 4chan as a joking referral to the name Anonymous
assigned to each users post, Anonymous has perpetuated its
opposition of Internet censorship through both physical and cyber-
protests as an anarchistic decentralized body.
Protests and cyberattacks are coordinated by means of image
boards, forums, wikis, IRC, YouTube and social networking
services, and any member of Anonymous can organize events as
a means of working toward a set of ones own goals parallel to
the Anonymous agenda.
In cyberspace, Anonymous attacks are often perpetuated
through the distributed use of flooding tools such as lOIC (low
Orbit Ion Cannon) and its newer cousin HOIC (High Orbit Ion
Cannon). By recruiting a large number of users to voluntarily
participate in such attacks (usually over IRC as it is a more
anonymous means of communication), Anonymous effectively
creates a voluntary botnet of hundreds or thousands of
computers. Using a vast number of machines running lOIC or
HOIC to target a fairly large server will often result in server
instability or potentially denial-of-service, making Anonymous
formidable as a cyberattacker. Despite this use of voluntary
botnets, much of Anonymous firepower in some of its most
notable attacks came from the use of large botnets owned by
high-ranking Anonymous members or their friends.
We are Anonymous. Expect us.Anonymous tagline on Facebook
How do You stop wHat You caNt see? 21
-
05 Shining a light on the problem
How do You stop wHat You caNt see? 22
-
Whats needed is an end-to-end network security system that protects the entire
network at multiple layers. Automated, real-time mitigation of application attacks
is critical. Current solutions require manual detection and intervention, which can
take hours, and is impractical in a continual morphing attack scenario.
Hackers never follow hard, fast rules when launching attacks. Neither should
carriers network security solutions. The right defense is a real-time learning
solution that leverages live data about what hackers are doing and automatically
protects against morphing attacks. The solution should employ behavioral
analysis to understand and baseline activity on the network to determine if
behaviors are Normal, Suspect or Abusive.
To fight application attacks,
carriers need to be able to
see whats targeting their
networks. Current network
security solutions detect
and mitigate attacks at the
network layer but are blind
to application layer attacks,
which slow network perfor-
mance and put customer
data at risk.
HOW DO YOU STOP WHAT YOU CAN ?EES T 23
Learn more about sophisticated DDoS attacks and how to stop
them from David Aviv, Radwares chief technology officer.
Comprehensive Cyber Defense with Radwares Attack Mitigation System (AMS)
Always-On Cyber Defense to Protect High-Value Applications and Customers
Securing the Mobile Carrier Network
NFV-Based Solutions for Carrier Networks
Radwares DDoS Scrubbing Solution
SDN-Based Cyber Security
Screenshot of video
-
PRESEnT MODE OF OPERATIOn (PMO) FOR CARRIERS: SCRUBBIng
The PMO for many carriers is a scrubbing center model where
telemetry is taken from the perimeter routers, usually using netFlow.
The netFlow collector looks at the network telemetry and based
on rate thresholds of different types of traffic (TCP, UDP, ICMP,
etc.), the collector signals large volume events to the Security
Operations Center (SOC), which then diverts traffic to the scrubbing
center, usually using BgP or MPlS. At this point, the mitigator
examines the traffic, blocking via signature or rate limits via
threshold for known attack vectors.
This process can take on the order of 30 minutes, from attack to
the start of mitigation. If this attack is a zero-day attack, the SOC
must now assign an engineer to analyze the attack and create a
manual signature to mitigate. In this case, the time to mitigation
can stretch into hours.
Real-time behavioral analysis can eliminate the SOC trouble-
shooting time and effort to quickly create a zero-day or new
signature in under 20 seconds to speed time to mitigation.
However, this model is still constrained by the typical five minutes
for netflow to determine the attacks.
This is one reason why deploying
in always-on mode here an
attack mitigation device (Radware
DefensePro) is used inline at the
customer premise edge of the net-
work is a faster mode of operation
(see next section on Future Mode
of Operation) for carriers to protect
high-value enterprise customers.
Carriers use multiple architectures to detect and mitigate attacks:
How do You stop wHat You caNt see? 24
-
FUTURE MODE OF OPERATIOn (FMO) FOR CARRIERS: AlWAYS-On AS A SERvICE
For high-value customers such as financial institutions and govern-
ment, carriers need to be able to offer always-on attack mitigation
service to be able to detect and mitigate an attack faster and more
efficiently than with a scrubbing center model. Its a single inline
appliance (hardware or virtual) that protects against attacks. Its
a new way to generate revenue with end-to-end service protection
against DDoS, either at the customer site with customer premise
equipment (CPE) or in the Service Provider Cloud.
Increasingly, DDoS detection must be always-on because attacks
are dynamic, morphing over time in both volume and attack
vectors. DDoS systems must be able to learn of the changes,
morph the application signature to mitigate and pass clean traffic
for the observed new attack vectors. Always-on technology
can remedy for very complicated attacks in layer 7 the
application layer and interoperate with the scrubbing center
for added mitigation capacity when needed.
In this detection model, time to mitigation can be reduced to
2030 seconds, even for advanced attacks.
How do You stop wHat You caNt see? 25
-
BEST MODE OF OPERATIOn FOR CARRIERS: HYBRID SCRUBBIng WITH CPE
This architecture combines the best attributes of scrubbing and
always-on. Detection and mitigation start immediately and auto-
matically using the always-on attack mitigation device that stops
various attacks from diminishing the availability of the online
services. All attacks are mitigated with the always-on device,
unless they threaten to block the overall connection. In this
case, the CPE or the cloud always-on device signals the attack
parameters and baseline traffic information to the scrubbing
center. The scrubbing center then has all the information needed
to immediately clean the traffic without having to characterize
the attack. This is a quick, efficient and excellent way to leverage
the DDoS infrastructure as a greater value security service.
How do You stop wHat You caNt see? 26
-
InTO THE FUTURE WITH SDn
Its also important to prepare carrier networks for the future with
support for netFlowTM and the eventual deployment of Software
Defined networks (SDn). The right solution should fully integrate
with existing netFlow-based traffic monitoring and attack
detection tools, and offer seamless transition to SDn technologies
by supporting standard and proprietary SDn controllers and the
OpenFlow protocol for attack detection and traffic diversion.
Download report
assessing the threat
Annually, Radwares Emergency Response Team (ERT) surveys enterprise
and carrier security experts and publishes the Radware global Application
& network Security Report 2014-2015.
The most recent report paints a bleak picture, finding [c]yberattacks reached
a tipping point in terms of quantity, length, complexity and targets. Media
coverage has kept pace, with plenty of coverage about the latest high-profile
cyberattack. But this report provides a big-picture view that is far more
frightening than even the most ominous nightly newscast. Cyberthreats are
growing and expanding to new targets. The technical bag of tricks is bigger
than ever, and hackers are combining tricks in new (and terrifying) ways.
A telecommunications executive articulated his fears about the growing volume
and frequency of attacks. An attack [of] 30 to 40 Gbs per second, or larger,
would cause an immediate impact on our business.
1GLOBAL APPLICATION & NETWORK SECURITY REPORT 2014-2015
Global Application & Network SecurityReport 2014-2015
How do You stop wHat You caNt see? 27
-
06 See what youve been missing
How do You stop wHat You caNt see? 28
-
Its easy to do. Simply add the Radware AMS system to the network with no
interruption to existing network security solutions. After an attack is detected,
simply divert the attack to the Radware device for real-time diagnosis and
mitigation. Most carriers are surprised by the lack of manual effort and what
they find when they turn up the light on network traffic.
Among all this bad news
about the frequency of
undetected application
attacks is some good news.
Radware offers a seamless
implementation of Radwares
Attack Mitigation System for
Carriers to expose whats
really going on with network
security that interoperates
with legacy security solutions.
a Better way to see whats Happening
Radware often works with service providers to show them what theyve been missing by relying solely
on their legacy network security solution. By passing network traffic that has already been cleaned
by their existing solutions through a Radware AMS, its possible to see what application-level attacks
would still be transported in supposedly clean traffic.
Typical results reveal a mixture of:
HTTP floods
Numerous HTTP requests for same
big objects
Numerous HTTP connections per second
SIP attacks
Low and slow attacks
C&C traffic to Trojans
C&C from Trojans
Server cracking
Anti-scanning
Limited scale SSL protection and latency
SYN floods multisource
How do You stop wHat You caNt see? 29
-
ABOUT RADWARES ATTACk MITIgATIOn
SYSTEM FOR CARRIERS
By protecting enterprises against known and emerging network
and application threats in real-time, Radwares layered approach
is designed to help organizations mitigate attacks that can be
detected and offer a security solution that combines detection
and mitigation tools from a single vendor. Radwares solution
provides maximum coverage, accurate detection and the shortest
time to protection.
Radwares Attack Mitigation System (AMS)
offers a multivector attack detection
and mitigation solution, handling
network layer and server-based
attacks, malware propagation
and intrusion activities.
Complete with anti-DoS,
network behavioral analysis,
DefenseSSl, IPS, WAF and
in-the-cloud DDoS mitigation
in one integrated system,
the solution is supported on
dedicated hardware designed
to fight multiple attack vectors
simultaneously.
To mitigate network attacks that threaten to saturate the Internet
pipe, Radwares AMS includes a cloud-based DDoS scrubbing
service, which works in sync with on-premise attack mitigation
devices. Enhanced with a central monitoring and reporting system,
the solution provides ongoing unified situational awareness
of the network and applications using a single security
event information management (SEIM) engine for
all components.
Get more information here.
Six of the top carriers use Radware AMS.
Figure 1: Radwares Attack Mitigation System How do You stop wHat You caNt see? 30
-
About RadwareRadware (nASDAQ: RDWR), is a global leader of application delivery and
application security solutions for carriers, virtual and cloud data centers. Its
award-winning solutions portfolio delivers full resilience for business-critical
applications, maximum IT efficiency, and complete business agility. Radwares
solutions empower more than 10,000 enterprise and carrier customers
worldwide to adapt to market challenges quickly, maintain business continuity
and achieve maximum productivity while keeping costs down.
For more information, please visit www.radware.com.
Radware encourages you to join our community and follow us on: Facebook,
google+, linkedIn, Radware Blog, SlideShare, Twitter, YouTube, Radware
Connect app for iPhone and our security center DDoSWarriors.com that
provides a comprehensive analysis of DDoS attack tools, trends and threats.
2015 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners.
How do You stop wHat You caNt see? 31