©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY1 Rob Pollock - Sr. Channel Sales Manager Bilal Javaid - Manager, Consulting Engineering, Central U.S. Data Connectors – San Antonio, TX May 5, 2016 MISCONCEPTIONS and FACTS ABOUT MODERN DAY DDoS ATTACKS and ADVANCED THREATS

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY2 WHO IS ARBOR NETWORKS? 100% Percentage of world’s Tier 1 service providers who are Arbor customers 107 Number of countries with Arbor products deployed 120 Tbps Amount of global traffic monitored by the ATLAS security intelligence initiative right now! #1 Arbor market position in Carrier, Enterprise and Mobile DDoS equipment market segments – [Infonetics Research June, 2015] Number of years Arbor has been delivering innovative security and network visibility technologies & products 15

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY3 COMMON MISCONCEPTIONS ABOUT DDOS ATTACKS (AND ADVANCED THREATS) I have adequate DDoS protection solutions in place. (my firewall, IPS, ISP) I have adequate DDoS protection solutions in place. (my firewall, IPS, ISP) Impact does not justify the cost of protection Impact does not justify the cost of protection DDoS is old news … I’m more concerned with Advanced Threats DDoS is old news … I’m more concerned with Advanced Threats The odds are we will NOT be attacked. The odds are we will NOT be attacked.

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY4 The odds are we will NOT be attacked. The odds are we will NOT be attacked. COMMON MISCONCEPTIONS ABOUT DDOS ATTACKS (AND ADVANCED THREATS)

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY5 DDoS Attacks Increasing in Size, Frequency and Complexity Fact: DDOS ATTACK TRENDS *Source: Arbor Networks 11 th Annual Worldwide Infrastructure Security Report (per month)

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY6 Cost of DDoS Service Impact to Victim It’s never been easier to launch a DDoS attack Many motivations behinds DDoS attacks Fact: ABILITY & MOTIVATIONS Source: Arbor Networks 11 th Annual Worldwide Infrastructure Security Report

THE GAZA STRIP CONFLICT  July 27 th : [Reuters] “UN Security Council Calls For Cease-Fire As Muslims Start Celebrating Eid al-Fitr” – there is a noticeable reduction in physical and DDoS attacks.  July 29 th : [Jewish Daily Forward] “The Palestinian Authority announced that it had brokered a 24-hour humanitarian cease-fire with all Palestinian factions with the possibility of extending it an additional 48 hours.”  August 1 st : [NY Times] “Gaza fighting intensifies as cease fire falls apart”  August 3 rd : Notice that the number of attacks rises again sharply. From July 28th through August 2nd, there were a total of 192 attacks. On August 3rd there were 268. Number of DDoS attacks launched per day where destination country is Israel Aug 3, 2014 Start of Conflict

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY8 FIFA WORLD CUP BRAZIL Over 60 World Cup related websites were attacked. Also threatened to take down sponsor sites.

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY9 FLINT MICHIGAN WATER CONTAMINATION  Michigan.gov website was attacked on Saturday, Jan. 16  Hurley Medical Center confirmed on Thursday, Jan 21 it was the victim of a "cyber attack" a day after Anonymous hacktivists threatened action over Flint's water crisis.

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY10 Cost of DDoS Service Impact to Victim It’s never been easier to launch a DDoS attack Many motivations behinds DDoS attacks Fact: ABILITY & MOTIVATIONS Source: Arbor Networks 11 th Annual Worldwide Infrastructure Security Report

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY11 I have adequate DDoS protection solutions in place. (my firewall, IPS, ISP) I have adequate DDoS protection solutions in place. (my firewall, IPS, ISP) COMMON MISCONCEPTIONS ABOUT DDOS ATTACKS (AND ADVANCED THREATS)

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY12 MISCONCEPTION: FIREWALL / IPS WILL STOP DDOS ATTACKS  DDoS attacks use legitimate packets and do not violate protocols rules – thus many go undetected by firewalls and IPS.  Because firewalls and IPS (load balancers, WAF) are required to track state, they are vulnerable to some DDoS attacks (e.g. HTTP/TCP SYN floods) – and routinely fail during attacks. Confidentiality Integrity Availability? Firewalls and IPS (load balancers, WAF etc.) are not designed to stop DDoS attacks.  Completing The Security Triad: Firewalls and IPS are designed for protecting Confidentiality and Integrity. You need purpose built DDoS protection products to protect Availability. Fact:

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY13 MISCONCEPTION: DDOS ATTACKS ARE NOT COMPLEX Dynamic combination of multi-vector attacks Legit Traffic Your (ISP’s) Network Your Data Centers The Internet Botnet State Exhaustion/ Application Attack State Exhaustion State Exhaustion Volumetric Attack Saturation Case Study: “Operation Ababil”  Lesson Learned: Targets who only had on- premises protection realized they also needed in-cloud protection …and Vice Versa. Fact:

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY14 STOPPING MODERN DAY DDoS ATTACKS Layered DDoS Attack Protection Stop application layer DDoS attacks & other advanced threats; detect abnormal outbound activity 2 2 Your Data Centers/Internal Networks The Internet Application Attack Scrubbing Center Your (ISP’s) Network or Cloud MSSP Stop volumetric attacks In-Cloud 1 1 Intelligent communication between both environments Backed by continuous threat intelligence Backed by Continuous Threat Intelligence Volumetric Attack A Recommended Industry Best Practice:

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY15 Impact does not justify cost of protection Impact does not justify cost of protection COMMON MISCONCEPTIONS ABOUT DDOS ATTACKS (AND ADVANCED THREATS)

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY16 INCREASING EXPOSURE DDoS is a world wide problem and any organization can be a target. Fact:

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY17 Over 230,000 cyber professional jobs unfilled TODAY in the US*… 1.5 million cyber jobs worldwide will be unfilled by INCREASED PRESSURE ON SECURITY TEAMS Fact: Source: Arbor Networks 10 th Annual Worldwide Infrastructure Security Report * NIST (National Institute of Standards and Technology)

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY18 Source: Arbor Networks 11 th Annual WISR Note: Most respondents didn’t answer this question because they didn’t know ! UNDER ESTIMATED IMPACT Bottom Line: These numbers must be customized for your environment Fact:  Lost Revenue  Operational Costs to Mitigate Attack  Brand repair  Regulatory Fees  Customer Credits  Lost productivity  Lost future business  Others? Dunn & Bradstreet Impact can be immediate & severe

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY19 DDoS is old news … I’m more concerned with Advanced Threats DDoS is old news … I’m more concerned with Advanced Threats COMMON MISCONCEPTIONS ABOUT DDOS ATTACKS (AND ADVANCED THREATS)

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY20 Cost of DDoS Service Impact to Victim It’s never been easier to launch a DDoS attack Many motivations behinds DDoS attacks Fact: ABILITY & MOTIVATIONS Source: Arbor Networks 11 th Annual Worldwide Infrastructure Security Report

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY21 DDOS AS SMOKESCREEN

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY22 THE GAME HAS CHANGED Advanced threats have evolved from advanced malware to attack campaigns. Attack campaigns are organized human to human campaigns, using multiple tools and techniques. Fact:

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY23 Did You Know? THINGS YOU SHOULD KNOW ABOUT ADVANCED THREATS Advanced attacks in 2015 used 7 or more toolkits, less than half exploited a critical vulnerability. …of advanced attacks in 2015 did not involve malware. Average dwell time of breaches is greater than 200 days. …of enterprises take longer than 3 days to investigate a critical security event Days 60% 40% 7+ Toolkits 20% …of all Advanced threat attacks involved DDoS

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY24 ARBOR’S DDOS & ADVANCED THREAT PROTECTION SOLUTION Target / Compromised Hosts Arbor Spectrum Comprehensive Protection, Proactive Investigation and Proof Armed with Global Visibility & Actionable Threat Intelligence

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY25 PREVENT/DETECTINVESTIGATE/PROVEFORENSICS SOLUTION COST TIME $$$$$$$$$$ SANDBOXFIREWALLENDPOINTIDS/IPSSIEM INTELLIGENCE END-POINT FORENSICS PACKET FORENSICS Recon Network Installation/Delivery Sandbox Command/Control Network Mission Complete Forensics Exploitation Network Lateral Movement Network Exfiltration Network STAGE 1STAGE 3STAGE 5STAGE 7 STAGE 2STAGE 4STAGE 6 ORCHESTRATED CAMPAIGN STAGES TRADITIONAL “DETECT AND RESPOND” STRATEGIES Security operations and incident response spend 80% of their time trying to determine if indicators created by “detect and prevent” security tools are real attacks. Fact:

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY26 INVESTIGATE/PROVE FORENSICS SOLUTION COST MANHOURS REQUIRED RISK IMPACT $ Improved $$ Limited END-POINT FORENSICS PACKET FORENSICS TO “PROACTIVE INVESTIGATION AND PROVE” STRATEGY Recon Network Installation/Delivery Sandbox Command/Control Network Mission Complete Forensics Exploitation Network Lateral Movement Network Exfiltration Network STAGE 1STAGE 3STAGE 5STAGE 7 STAGE 2STAGE 4STAGE 6 ATTACK CAMPAIGN STAGES With Arbor Spectrum Threat Intel Traffic Analysis Intuitive Workflows Arbor Spectrum PREVENT/DETECT SANDBOXFIREWALL ENDPOINTIDS/IPS SIEM INTELLIGENCE Limited $$$ $ $

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY27 THE INTERNET: ATLAS & ASERT IF 15 years of deployment in a majority of world’s ISPs offer unique visibility into global threats Over 300 ISPs participating in ATLAS; providing Global Visibility and Threat Intelligence ASERT is a team of industry experts who conduct threat research, help customer mitigate DDoS attacks and create ATLAS Intelligence Feeds ATLAS & ASERT continuously arm all Arbor products and services with global threat intelligence called ATLAS Intelligence Feed allowing customers to stay abreast of DDoS and advanced threats

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY