October 28, 2015

Team Director

External attacks on IT: News and cases Michael Soukonnik

Trends (Radware ERT report and Gartner based) and cases

Key Findings (Radware ERT Report) – radware.com

The Rise of the Continuous Attack

No One is Immune - Unexpected Targets

Internet Pipe – 2014’s #1 Failure Point

Reflective Attacks – the Largest DDoS Headache

Top Concerns - Not Only DDoS

Hybrid Solutions are Gaining Ground

Cloud, IoT & SDN are Changing the Rules of the Game

3

The Rise of the Continuous Attack

Longer, larger and more sophisticated attacks. Constant attacks on the rise.

In previous years - attacks that were considered “constant” never exceeded 6%

In 2014 - 19% were considered “constant”

52% of respondents felt they could fight a campaign for only one day or less

%

5%

10%

15%

20%

25%

30%

35%

40%

Less than a day 1 hour-1 day 1 day-1 week over a week Constantly

2011 2012 2013 2014

In 2014, 19% of attacks were considered “constant”

No One is Immune – Unexpected Targets

Threats in new industries, organizational sizes and technology deployments

Healthcare and Education – unexpected targets now at risk

Gaming, Hosting and ISP companies – increased likelihood

Financial Services – the only industry to have a reduced risk

2014 Change from 2013

5

Internet Pipe – 2014’s #1 Failure Point Internet pipe is the bottleneck of DDoS attacks – for the 1st time in recent years

Services and network elements that are the bottleneck of DDoS

6

Last week – Baltic States

Attack Stopped by

DOSS-DNS-Ref-L4-Above-3000

DOS

network flood IPv4 ICMP Behavioral DoS

network flood IPv4 UDP Behavioral DoS

network flood IPv4 UDP-FRAG

Behavioral DoS

Internet Pipe – 2014’s #1 Failure Point

Extra-large attacks seen on a daily basis

All types of organizations are targeted

Enabled by “better” technology via reflective attacks

Bandwidth of server attacks

39%

32%

16%

13% 10 Mbps orLess10Mbps-1Gbps

1Gbps-10bps

10Gbps andabove

8

Reflective Attacks – the Largest DDoS Headache

Attacks evenly split across network and application layers

Web-based attacks remain the single most common attack vector

– 1 in every 4 are HTTPS

Increase reflective attacks cause UDP attacks to increase

– From 7% in 2013 to 16% in 2014

Reflective attacks represent 2014’s single largest DDoS “headache”

10%

16%

6%

18%

Network 51%

TCP- Other UDP

IPv6 1% TCP-SYN Flood

ICMP

9%

23%

16%

Application 49%

VoIP 1% Web (HTTP/HTTPS)

SMTP DNS

Real attack (Russia) – September – CPE – NTP reflection + HTTP

Real attack (Russia) – September – ISP SC

Top Concerns - Not Only DDoS

DDoS continues to lead, all the others - fairly well represented

DDoS was the most-cited threat type (46%) with a narrow lead Closely next are unauthorized access (41%) and advanced persistent threats (39%)

39%

41%

46%

15%

21%

31%

37%

37%

38%

% 10% 20% 30% 40% 50%

Criminal SPAM

Corp./Geo-political Sabotage

Fraud

Worm/Virus

Phishing

Intellectual Theft

Advanced Persistent Threat

Unauthorized Access

DDoS

12

Attack Vectors Involved and Identified

Infrastructure UDP Fragmented Flood

DNS Reflection

UDP Flood (PPS)

IPS/IDS Internet Pipe Firewall Load Balancer/ADC Server Under Attack SQL Server

State TCP Out Of State Flood

UDP Scan

Zero Payload attacks

Zero sequence number attacks

Invalid ACK number attacks

ICMP Flood

Application Slowloris

SQL-Injection

XSS

Worm infection - Mydoom

SIPVicious - Scanning tool

Web-etc/passwd-Dir-Traversal

13

Closing blind area with SSL Security Solution

WAN Perimeter LAN

DLP

Anti- Malware Firewall

SSL offloading (owning the private key) for inbound traffic

Transparent SSL inspection for outbound traffic

Momentum increases – in market and in the analyst community

– More than a third (36%) already using a hybrid solution

– By 2015, nearly half (48%) will employ hybrid protection

Both on-premises & in-the-cloud mitigations are a must

%

10%

20%

30%

40%

50%

2014 2015

Organizations currently using and planning to use a hybrid security solution

Hybrid Solutions are Gaining Ground

15

Distributed denial of service attacks have risen in complexity, bandwidth and number of occurrences targeting enterprises. Organizations must architect their defenses with both cloud and on-premises defenses along with integrating DDoS responses into the current incident response process. Gartner 11‘2014 DDoS: A Comparison of Defense Approaches

Cloud, IoT & SDN are Changing the Rules of the Game

Organizations ignoring these trends risk becoming obsolete

Cloud migration continues while Enterprise IT dissolves

Internet of Things (IoT): – Brings an end to controlled endpoints – Introduces incredible new threats

47%

59%

16%

36%

42%

% 10% 20% 30% 40% 50% 60%

No effect

Increases Attack’s Sophistication

Complicates Mitigation Requirements

Increases Detection Requirements

Increases Attack's Surface

IoT in the cyber-attack landscape

18

Cloud, IoT & SDN are Changing the Rules of the Game

Organizations ignoring these trends risk becoming obsolete

Cloud migration continues while Enterprise IT dissolves

Internet of Things (IoT): – Brings an end to controlled endpoints – Introduces incredible new threats

SDN requires protection across unique and dynamic traffic routes

SDN security threats

48%

49%

25%

37%

37%

40%

% 10% 20% 30% 40% 50%

Southbound Interface

Proprietary Customization per implementation

‘Security Sprawl’ via automated provisioning

No Native net service against DDoS

Centralized Controller

Immature Vulnerable Technology

19

October 28, 2015

Introducing Radware Attack Mitigation System

Radware’s Security Solution Elements DefensePro

APSolute Vision AppWall

21

Important things to know about Radware Attack Mitigation System (AMS)

• The system first of all fights for stability of legitimate users under attack ! • Special HW&SW solution (CPE) plus Cloud Services (for volume attacks) • Automatic protection from all types of DoS/DDoS attacks and WEB based attacks • Doesn’t require manual intervention under attack • Fastest reaction to attack (18 sec) ! • Lowest false positive (close to 0) • Unique solution for SSL based attacks • Network, Application, low&slow, SSL, WEB and behavior attacks in 1 solution • Unique Fingerprint technology enables fighting attack w/o usage of IP

Market Leading Attack Mitigation Solution

7 of Top 14 World’s Stock Exchanges

12 of Top 22 World’s Commercial Banks

6 of Top 20 World’s Retailers

NBA, NHL, MLB & Nascar

6 of Top 10 World’s Telcos

2 of Top 5 Cloud Service Providers

23