pushed to the limit! network and application security ... appwall, cloud waf service attack...
TRANSCRIPT
Pushed to the Limit! Network and Application Security
Threat Landscape 2017-8
January 2018
Lior Zamir Technical Account Manager
2
About Radware
3 About Radware
Market Leader in Application Availability solutions
OVER 12,500 ENTERPRISE & CARRIER CUSTOMERS
>$200M Revenue
INDUSTRY WIDE RECOGNITION
GLOBAL TECHNOLOGY PARTNERS
DDoS Wave Leader ADC MQ Leader WAF MQ Visionary
4 Market Leading Attack Mitigation Solutions
8/12 Top Stock Exchanges
Enterprise, Retail & Online Businesses
10/10 Top Telecom
Chosen OEM partner for Cisco Firepower NGFW and Check Point NGFW
11/20 Top Commercial Banks
5/10 SaaS Providers
Carriers, Service & Cloud Providers Financial Services
Top Brands in Every Key Vertical
5
• Global Trends
• Changes in the Attack Vector Landscape
• Business Concerns
• What’s Around the Corner?
• Example Attacks in Adriatics
• Summary and Predictions
Agenda
6
Radware Annual Security Reports
2017 real-life attack data, security alerts and threat research
Team of security experts for fast mitigation experts under attack
WannaCry | OpIcarus | XMR Squad Mirai botnet | BrickerBot OpKillingBay | CodeFork group
SOURCE #1 Radware Industry Survey 1,250
Number of Employees
10,000+ 25%
<100 22%
100-499 17%
550- 999 8%
1,000- 2,999
5%
3,000-9,999 13%
25%
Europe
48% North America
18%
APAC
6% Central / South America
4%
Africa & Middle-East
Retail and Ecommerce
Technology Products & Services
Financial Services
Education
Govt & Civil Service
Healthcare
SOURCE #2 ERT Threat Research Center
7
Global Trends
8
IoTs integration complicates security
management
Global Trends in Threats & Attacks
Cyber-security pushed to the limit
BTC value and cybercrime climb
to new heights
Data protection is the top business concern
Bots challenge defense systems, generating
fictitious demand
9 Slovenia Trends: Shift Towards Application Layer
Attacks: Volume & Non Volume Network Volume
Large Increase
Application Attacks
22%
6%
41% 3%
27%
1%
Attack Vectors
SYN HTTP
DNS
UDP
NTP
TCP HandshakeViolation
22%
47%
17%
13%
1%
Attack Category
Anomalies
Network DDoS
Apolication DDoS (DNS)
Intrusions
SYN Flood
Average Duration
63%
37%
Attack Duration
Less than 1 min(Burst)
Steady Flood(more than 1 hour)
10 Cryptocurrency Prosperity Drives Cybercrime
• Ransom is the motivation behind 50% of the attacks
• Incidence has grown by 40% Year-over-Year
• One in eight organizations suffered a DDoS Extortion
• Ransom is the top concern of security professionals in 2018 16%
25%
41%
50%
0%
10%
20%
30%
40%
50%
60%
2014 2015 2016 2017
Ransom as Motivation Tripled
11 Protecting Sensitive Data is the #1 Concern
45% Have suffered a data breach
30% Of customers will ask for compensation, leave, Or file a suit following a data breach
28% Name data theft as the #1 security challenge
72% Are not fully prepared for GDPR
26% See data protection as the top concern in 2018
16% Intend to invest more in data protection in 2018
13
For some organizations, bots represent more than 75% of their total traffic 79% organizations cannot distinguish between ‘good’ bots and ‘bad’ ones What can bots do? 1. DDoS attacks 2. Web scraping - steal data and
intellectual property 3. Manipulate pricing 4. Hold inventory
The Rise of the Botnets - Is Your Data in Good Hands?
14 APIs – the Next Weak Link
Common API vulnerabilities
• Access violations
• Protocol attacks
• Invalidated redirects
• Parameter manipulations
• Irregular JSON/XML expressions
API security is often overlooked – data transferred is not subject to inspection or validation
51%
60%
52%
0%
20%
40%
60%
80%
Don’t analyze API vulnerabilities
prior to integration
Share and consume
sensitive data via APIs
Don't inspect data transferred
via APIs
15
Changes in the Attack Vector Landscape
16
37%
28%
33%
23%
7%
35%
23%
18%
12% 10%
4%
0%
10%
20%
30%
40%
50%
HTTP HTTPS DNS SMTP VOIP TCP SYNflood
UDP ICMP TCP-Other IPv6 Other
DDoS Attacks: Shift Towards Application Layer • Application attacks become the preferred DDoS vector
• Network attacks declined significantly
• HTTP/S and TCP-SYN Floods are causing the most damage
• 1 in every 5 attacks exceed 1Gbps
Application Network
+ 10% DDoS
Attacks
18 DNS Attack Vectors 2017
• 41% suffered a DoS attack against their DNS server
• Brute Force attack and Basic Query Floods are the most common vectors
49%
42%
34%
26% 20%
0%
10%
20%
30%
40%
50%
60%
Brute Force
Basic Query Flood
Recursive Flood
Reflective Amplification
Attack
Cache Poisoning
Which of these attack vectors did you experience?
20 Bot Attacks
• Web scraping is the main plague
• Two of five report bot traffic exceeds 75%
• 44% still can’t distinguish between bots and a flash mob
32%
45%
39%
56%
0%
10%
20%
30%
40%
50%
60%
Inventory depleted (e.g., sold out within
minutes)
Inventory held (customers
cannot complete purchase)
Website copied (screen-captured
or content)
Intellectual Property
stolen (such as pricing)
Web Scraping Impact
22 Failure Points in the Data Center
• Internet Pipe Saturation incidence grew 50% from 2016
• Servers are compromised the most - as they keep the lucrative data
• 40% growth in complete outages over mere service degradation
Internet Pipe (Saturation)
37%
Firewall
17%
IPS/IDS
6% Load Balancer (ADC)
4% The Server Under Attack
35% SQL Server
1%
Internet Pipe Firewall IPS/IDS
Load Balancer/ADC
Server Under Attack
SQL Server
23 Vertical Highlights
40% Of retailers report bot traffic above 75% of total
42% Of education institutes actually fear availability issues, over data theft or reputation loss
31% Of service providers intend to invest in DDoS mitigation in 2018
24% Of government and public sector organizations suffer attacks daily
73% Of healthcare’s express low to medium confidence in securing patient records
44% Of financials do not track the dark web after a data security breach
24
Business Concerns of Cyber-Attacks
25 Biggest Business Concern When Attacked
• Data loss followed by reputation loss were the biggest concerns
• Fewer were concerned with revenue loss this year
What is your concern if faced with a cyber-attack?
10%
10%
13%
17%
23%
28%
0% 5% 10% 15% 20% 25% 30%
Productivity loss
Customer / partner loss
Revenue loss
Reputation loss
Availability / SLA Degradation
Data Leakage/ information loss
28 Multiple Touchpoints = Higher Risk
• Organizations do not take all the
necessary measures when their
application services communicate
with 3rd party services
• 47% do not use encryption
72%
50%
42%
32%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Username/password
Paymentdetails
Personallyidentifiableinformation
User behavior/ preferences
/ analytics
Which data types do you share with 3rd parties?
29 Application Security Concerns
1. Application layer DDoS
2. Encrypted / SSL-based attacks
3. API manipulations
4. Data breach
Most organizations feel they can handle the OWASP top 10 pretty well. They fear:
Which attacks against applications are most difficult to prevent, detect and contain?
13%
13%
13%
15%
25%
44%
48%
57%
62%
0% 10% 20% 30% 40% 50% 60% 70%
Cross-site request forgery
SQL injection
Web Scraping
Cross-site scripting
Brute force
Data security breach
API manipulations
Encrypted web attacks (SSL/TLS-based)
Layer 7 DDoS
31
What’s Around the Corner?
32 Biggest Threats in 2018
Ransom and data theft are seen as the two biggest threats in the coming year
Which of the following attacks against applications and/or web servers are most difficult to prevent, detect and contain?
2%
3%
8%
13%
22%
26%
26%
0% 10% 20% 30% 40% 50%
Other
API Integration
Permanent Denial of Service
IoT Botnets
Application vulnerabilities
Data Theft
Ransom
33 Projected investments in 2018
The most popular investment areas are guarding sensitive data, endpoint protection, and SIEM/analytics.
In-house expertise and application
infrastructure, 28%
Endpoint and Malware Protection,
26%
Security Management & Analytics, 20%
DDoS Protection, 10%
Data Leakage Prevention, 16%
MY 2018 INVESTMENT WILL BE IN…
34
Adopting Artificial Intelligence / Machine Learning
Better Security - #1 motivation for exploring AI solutions
Already rely on, 20%
Plan to integrate, 28%
Neither, 52%
8%
25%
25%
27%
27%
63%
0% 20% 40% 60% 80% 100%
Other
Cost reduction
Gaining a competitiveadvantage
Filling in the skill gap
Simpler manageability
Better security
20% already rely on Machine Learning/AI based protections
35
Examples of Risk to Financial Institutions such as in
Adriatic Region
36 Ransom
• Ransom Denial of Service (RDoS)
• Objective: Cryptocurrencies
• Threatens use of latest techniques
• Increase in extortions
• Decrease in attacks
• South Korea – 2017
• 7 Banks
• $315,000 USD
• 5Gbps sample attack
• Result of Nayana Ransomware extortion
37 Local Heists
• Jackpotting ATMs
• 2010 Barnaby Jack @ BlackHat
– Vector 1: Remote attack
– Vector 2: Key + USB Malware
• Tennessee - 2014
– 18 months spree
– Over $400,000
– Keypad attack
• Romania - 2016
– 31 Machines in one day
– 3.8 Million Slopes (860,000 Euros)
– Raiffeisen Bank
o Spear-phising
o Malicious payload
o Gained access of ATM’s
39
Introducing Radware’s Hybrid Attack Mitigation
40 The Rise of the Multi-Vector Attack
Internet Pipe
Firewall IPS/IDS Load Balancer/ADC
Server Under Attack
SQL Server
Network Scan
SYN Floods
“Low & Slow” DoS attacks
(e.g. Slowloris)
SSL Floods
App Misuse
Large volume network flood
attacks
IPS WAF Cloud DDoS Protection DoS protection Behavioral analysis SSL protection
HTTP Floods
SQL Injections XSS, CSRF
Brute Force
41 An Integrated Hybrid Attack Mitigation is Needed
On-Premise | Cloud Cloud
Cloud DDoS protection SSL protection DoS protection Behavioral analysis IPS WAF
Complete and integrated solution with all security technologies
Radware provides complete hybrid protection
On-Demand Always-On
Always-On DDoS on-premise or on cloud with DDoS cloud scrubbing activated on-demand
42 Radware’s Security Solution Elements
DoS protection Behavioral analysis IPS WAF SSL protection Cloud DDoS Protection
Centralized Management & Reporting APSolute Vision
Radware Emergency Response Team 24x7 Security Experts
Cloud DDoS Protection Services Hybrid, Always-On, On-Demand
3.5Tbps mitigation capacity
Web Application Firewall AppWall, Cloud WAF Service
Attack Mitigation Device DefensePro Physical and Virtual Appliance
Throughput up to 400Gbps
43 Real-Time Attack Mitigation with DefensePro
Real-time attack prevention device that protects your application infrastructure against network and application downtime,
application vulnerability exploitation and network anomalies
43
44 Protecting a Dynamic Network at Scale
Real Time Signature Creation
Block 0-day attacks in up to 18 seconds
Beyond Source IP Blocking
Blocking Dynamic IP & behind-the-CDN
attacks
Behavioral-based Detection
Patented algorithm with limited false
positives
Dedicated Attack Hardware
With no impact on legitimate
traffic
45 Built to Protect from Next Generation Attacks
New IoT-based threats introduce sophisticated vectors and require a more automated, more accurate protection solution
Sophisticated DNS Vectors
Growth in Encrypted Attacks
Dynamic, Burst Attacks
Integrated 0-latency multi-layer SSL-flood protection
Burst attack protection
Automated behavioral DNS protection for
Authoritative and Recursive DNS
46
Summary and Predictions
47 Looking ahead to 2018
Build your protection strategy. Develop an incident response plan.
Weaponized Artificial Intelligence
Bots and automated attack tools can mimic human behavior. Can
they mimic human learning?
Attack via Proxies
Attackers target 3rd parties who accommodate a variety of businesses – CDNs, applications,
analytics services or download sites
APIs are a double-edged sword
APIs connect all platforms and services together. Businesses must audit
APIs prior to integration.
Automated Social Engineering
Bots already collect and analyze personal data. Next step is to add a component
that deceives and infects the victim
48 Stay Focused. Be Prepared.
Build your protection strategy. Develop an incident response plan.
Consolidate and automate
Elastic, unified systems against multiple threats. Manageability, flexibility and scalability
are key for a seamless security experience
Fight fire with fire
AI based solutions to mitigate advanced cyber-weapons. Understand who is a bot and who isn’t to optimize your resources
and maximize your security
Versatile application protection
Cross platform API and Application security protect your data assets.
Evaluate before integrating 3rd party services
Hope for the best, Prepare for the worst
Reduce Cyber-Attacks’ Business Impact by getting ready
Study new technologies, have an ER plan, patch systems on time, get a hybrid DDoS mitigation solution, hire
hackers for clever forensics, rely on experts
https://www.radware.com/ert-report-2017