Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

agenda

advertisement 
Radware DoS / DDoS Attack Mitigation
System
Orly Sorokin
January 2013
AGENDA
DDoS attacks & Cyber security Statistics
About 2012 Global Security Report
Key Findings & Trends
Recommendations
DoS – How does it Look
• Simple Way
– Excessive or specially crafted traffic causing network/server/application
resources misuse, thus preventing legitimate traffic to reach its destination
and limits the service providing, generated by tools, humans or both.
Can be based on Volume / Rate / Vulnerability Exploitation
• Detailed
– Layer 3 Floods –
targeting the network equipment, and the actual pipe capacity
– Layer 4 Floods –
targeting the servers (physical or virtual), their stack resources
– Layer 7 Floods –
targeting real applications and services
3
Network and Data Security Attacks: from the News
4
Cyber Security Study
•
•
•
•
A research study by Ponemon & Radware
Surveyed 700 IT & IT Security Practitioners
Non Radware customers
Release date: Q4/2012
5
DDoS Attacks Frequency
How many DDoS attacks experienced in the
past 12 months?
65%
of organizations had an
average of 3 DDoS
attacks in the past 12
months
6
Average downtime during one DDoS attack
25%
22%
20%
16%
15%
10%
13%
10%
54
Minutes average
11%
downtime
during
one DDoS9%attack
5%
5%
10%
4%
0%
Less than 1
minute
11 to 20 minutes
31 to 60 minutes
3 to 5
hours
Cannot
determine
7
AGENDA
Cyber security Statistics
About 2012 Global Security Report
Key Findings & Trends
Recommendations
Information Resources
• Industry Security Survey
– External survey
– 179 companies
– Most are not using
Radware DoS mitigation
solution
• ERT Cases
– Internal survey
– Unique visibility into attacks
behavior
– 95 selected cases
• Customer identity remains
undisclosed
ERT gets to see attacks in
real-time on daily basis
9
AGENDA
Cyber security Statistics
About 2012 Global Security Report
Key Findings & Trends
Recommendations
Organizations Bring a Knife to a Gunfight
• ”Someone who brings a knife to a gun fight”
– Is someone who does prepare himself for the fight, but does not
understand its true nature
• Organizations today are like that
– They do invest before the attack starts, and conduct excellent
forensics after it is over,
– however, they have one critical blind-spot – they don't have
the capabilities or resources to sustain a long, complicated
attack campaign.
• Attackers target this blind spot!
11
Attacked in 2012
They had the budget
They made the investment
And yet they went offline
12
But Attacks Today Have 3 Phases
13
ERT Cases – Attack Duration Trend
21%
23%
14
21%
12%
12
10
2011
2012
8
6
11%
4
12%
2
2012
0
1-2 days
2011
Half a week
1 week
Attacks last longer: The number of DoS attacks lasting over a week had doubled in 2012
14
ERT Cases – Attack Vectors Trend
ERT Cases – Attack Vectors
29%
29%
16%
30%
25%
20%
15%
16%
10%
4%
5%
7%
0%
5-6
7-8
2011
2012
Complexity
9-10
Attacks are more complex: 2012 DoS/DDoS attacks have become more sophisticated, using
more complex attack vectors. Note the number of attacks using a complexity level of 7-10.
15
Attack Vectors Trends
Industry Security Survey – Attack Count by Type
Attack remained diversified between different attack types.
This reflects attackers using multi-vector attacks.
16
Entities That Are The Bottlenecks in DoS Attacks
Industry Security Survey
Which services or network elements are (or have been) the bottleneck of DoS?
30%
30%
27% 26%
24%
25%
25%
22%
20%
15%
2011
2012
11%
8% 8%
8%
10%
5%
4%
5%
0%
Internet pipe
(saturation)
Firewall
IPS/IDS
Load
Balancer
(ADC)
The server
under attack
SQL Server
The three entities that are consistently the bottlenecks in DoS/DDoS attacks
are the server under attack, the firewall and the Internet pipe.
17
Solutions Used Against DoS Attacks
Industry Security Survey
Which solutions do you use against DoS attacks?
45%
40%
40%
32%
32%
35%
27%
30%
25%
20%
12%
8%
5% 5%
15%
10%
8%
5%
5%
1%
3%
5%
2%
10%
5%
2012
0%
2011
18
Attackers Motivation Trend
60.0%
50.0%
40.0%
2011
30.0%
2012
20.0%
10.0%
0.0%
Motivation is
unknown
Political/Hacktivism
Angry users
Competition
Ransoms
DoS motivation did not change in 2012 compared to last year.
19
Who’s On The Target List?
Low
Medium
ISP
High
Financial
Government
eCommerce
eGaming
Mobile
2012
2011
Prior to 2011
20
AGENDA
Cyber security Statistics
About 2012 Global Security Report
Key Findings & Trends
Recommendations
AMS Protection Set
DoS Protection
• Prevent all type of
network DDoS attacks
Reputation Engine
• Financial fraud
protection
• Anti Trojan & Phishing
IPS
• Prevent application
vulnerability exploits
WAF
• Mitigating Web
application threats
and zero-day attacks
NBA
• Prevent application
resource misuse
• Prevent zero-minute
malware
22
Radware Security Event Management (SEM)
• Correlated reports
• Trend analysis
• Compliance management
• RT monitoring
• Advanced alerts
• Forensics
3rd Party SEM
23
Radware AMS & ERT/SOC
24
Thank You
www.radware.com
Related documents
dos_nanog
dos_nanog
Protection of Different Agent with Improved Ids Detection Abstract
Protection of Different Agent with Improved Ids Detection Abstract
DoS Attacks
DoS Attacks
presentation “Attackers vs. Defenders
presentation “Attackers vs. Defenders
slides - Stanley Bak
slides - Stanley Bak
Password Breaches - OWASP Appsec USA 2013
Password Breaches - OWASP Appsec USA 2013
Slides
Slides
DDoS-Presentation
DDoS-Presentation
DDoS - Department of Computer Engineering
DDoS - Department of Computer Engineering
CH07-CompSec2e - MCST-CS
CH07-CompSec2e - MCST-CS
Evolution of DDoS
Evolution of DDoS
Managing Threats in a Changing World
Managing Threats in a Changing World
Download
advertisement