Fakty i mity o cybersecurity 27 kwiecień 2017 Fakty i mity o cybersecurity Andrzej Kroczek, Systems Engineer Manager © 2017 F5 Networks
80% of the Internet © 2017 F5 Networks
Source: Sandvine, Global Internet Phenomena Spotlight, 2016 70% SSL is growing, and that presents a challenge for our customers. Privacy and security concerns are driving encrypted traffic growth, which is expected to represent 70 percent of all Internet traffic this year. Source: Sandvine, Global Internet Phenomena Spotlight, 2016 © 2017 F5 Networks © 2017 F5 Networks
Encryption Creates Blind Spots in Your Network making the security tools you trust and rely on less effective DLP Fire- walls Anti Virus APT IDS/ IPS With more and more information being encrypted, customers are having a difficult time detecting and assessing threats in encrypted traffic. Organizations are effectively blind to potential threats; existing security architectures and security solutions are inadequate. This ultimately forces administrators to make a choice: let the traffic go uninspected, or suffer extreme application performance losses. © 2017 F5 Networks © 2017 F5 Networks
Encryption Creates Blind Spots in Your Network making the security tools you trust and rely on less effective DLP Fire- walls Anti Virus With more and more information being encrypted, customers are having a difficult time detecting and assessing threats in encrypted traffic. Organizations are effectively blind to potential threats; existing security architectures and security solutions are inadequate. This ultimately forces administrators to make a choice: let the traffic go uninspected, or suffer extreme application performance losses. IDS/ IPS APT © 2017 F5 Networks © 2017 F5 Networks
no performance impact © 2017 F5 Networks
Visiblity – Outbound Traffic Decrypt and re-encrypt on each device Decrypt, Inspect, Re-encrypt Decrypt, Inspect, Re-encrypt Decrypt, Inspect, Re-encrypt Users / Devices User Internet Firewall Firewall Web Gateway DLP Anti-Malware IPS Decrypt, Inspect, Re-encrypt Decrypt, Inspect, Re-encrypt © 2017 F5 Networks © 2017 F5 Networks
What we know about SSL/TLS SSL is a Significant Performance Hit on Security SSL % 79 % 75 % 100 Security architectures are not built for SSL encryption. Not handling SSL traffic creates blind spots and enables SSL on next-gen security products to impact their performance, sometimes by over 80%! Next-Gen Firewall Performance Impact Next-Gen IPS Performance Impact Sandbox/Anti-Malware No SSL Support Additional performance loss when multiple security devices each decrypt, inspect and re-encrypt But, it’s not just performance: Latest cipher support is often missing from security devices Source: NSS Labs and vendor data © 2017 F5 Networks © 2017 F5 Networks
ECC SSL Hardware Offload First ADC vendor to provide Elliptic Curve Cryptography (ECC) SSL TPS in hardware across all platforms TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 © 2017 F5 Networks © 2017 F5 Networks
F5 SSL Orchestrator Solution Highlights Gain visibility into SSL traffic with centralized SSL decryption across multiple security tools Flexible deployment options provide ease of integration with unique network topologies Dynamically chain services based on context-based policy to efficiently deploy security © 2017 F5 Networks © 2017 F5 Networks
F5 SSL Orchestrator – Key Benefits SSL decrypt / encrypt at high performance Policy-based decrypt / handoff / encrypt of traffic flows Dynamic service chaining of security solutions Load balancing of SSL traffic flows across security devices Flexible deployment for seamless fit into networks Proxy architecture allows support for DHE/ECDHE and Forward Secrecy Purpose-built, all-in-one SSL appliance, providing security solutions with visibility into SSL/ TLS-encrypted outbound traffic © 2017 F5 Networks © 2017 F5 Networks
½ of web traffic © 2017 F5 Networks
Control Bots – F5 Application Security Manager 52% of all Internet traffic is non-human 1 of every 10 requests is hostile © 2017 F5 Networks © 2017 F5 Networks
© 2017 F5 Networks © 2017 F5 Networks
BOT Impact Internet traffic that is non-human. % 52 52% of your businesses power was consumed by another business Website traffic from malicious bots % 29 29% of the time your business received a visitor, they tried to rob you. 41 Malicious bots enter a website network disguised as a human. % 82% of the time a malicious bot talked to your website, they were impersonating a human or a good bot. Source: Incapsula, CheckPoint, ANA/White Ops, Dell SecureWorks. © 2017 F5 Networks © 2017 F5 Networks
Layers of Bot Protection Threat Intelligence Profiling Behavioral Device Fingerprinting Geo-location Proactive classification Intelligence Feeds BOT signatures Inline Fingerprinting Identity Session Anomaly Transaction Anomaly Brute Force © 2017 F5 Networks © 2017 F5 Networks
How unique are you? https://panopticlick.eff.org https://amiunique.org © 2017 F5 Networks © 2017 F5 Networks
Mitigations URL randomization Code integrity Code obfuscation Backend APP Code integrity URL randomization Code obfuscation Turing Tests Data APP Data Backend Public app API APP ASM injects a JS challenge with obfuscated cookie Legitimate browsers resend the request with cookie ASM checks and validates the cookie Requests with valid signed cookie are then passed through to the server Invalidated requests are dropped or terminated Cookie expiration and client IP address are enforced – no replay attacks Prevented attacks will be reported and logged w/o detected attack + BOT © 2017 F5 Networks © 2017 F5 Networks
1,2 Tbps Ddos – iot © 2017 F5 Networks
World Record Volumetric DDoS Attacks IoT – Mirai Botnet © 2017 F5 Networks © 2017 F5 Networks
News on DDoS threats isn’t going away ARS TECHNICA “Major DNS Provider Hit by Mysterious, Focused DDoS Attack” “Rent-a-Botnet Services Making Massive DDoS Attacks More Common than Ever Before” PC WORLD News on DDoS threats isn’t going away “DDoS Attacks: Getting Bigger and More Dangerous All the Time” ZD NET “DDoS Attacks Continue to Rise in Power and Sophistication” SECURITY WEEK Source: https://www.nsslabs.com/linkservid/13C7BD87-5056-9046-93FB736663C0B07A/ THE HACKER NEWS “New Botnet Hunts for Linux – Launching 20 DDoS Attacks/Day” © 2017 F5 Networks © 2017 F5 Networks
Protecting Against DDoS is Challenging Good vs. Bad Traffic All traffic/connections look the same – hard to distinguish the good from the bad Multiple Vulnerable Points Attacks target weakest link network, WAN bandwidth, authentication, and applications Multi vector attacks leveraging TLS connections, with malware planted on botnets Sophisticated and Targeted DDoS Attacks are Easy to Launch Attacks can be crowd- sourced and monetized, launched by simple apps © 2017 F5 Networks © 2017 F5 Networks
Today’s Solutions Fall Short Good vs. Bad Traffic Rate limiting or black holing techniques impact legitimate traffic (and the business) DDoS Attacks are Easy to Launch Blind to SSL and easily overwhelmed, contributing to the DDoS Sophisticated and Targeted Too little too late due to out-of-band deployment against short, bursty traffic Multiple Vulnerable Points Partially effective depending on type of solution and placement in the network © 2017 F5 Networks © 2017 F5 Networks
DDoS Hybrid Defender Quickly Detect Attack Behavior Behavioral-based attack detection with ability to sustain DDoS due to the high performance proxy solution Block DDoS with Real-Time Decryption SSL visibility with real-time traffic decryption and inspection of malicious data Ultra-Fast Attack Detection Sub-second attack detection with hardware assist inline or in out-of-band mode Full Protection on All Fronts Holistic DDoS protection for network, application, and bandwidth with hybrid DDoS approach © 2017 F5 Networks © 2017 F5 Networks
Application Protection F5 DDOS Hybrid Defender Network Protection Multiple techniques - statistical method to baseline 3000+ L3/4 metrics & auto thresholds IP reputation feeds Application Protection Leverages SSL inspection to defend against L7 DDoS with behavioral analysis WAN Bandwidth Saturation DDoS Hybrid Defender to send Layer 3, 4, and 7 DDoS attack info via a JSON blob to Silverline DDoS Hybrid Defender seamlessly integrates on-premises protection with cloud-based scrubbing service for the most complete DDoS threat coverage. DDoS Hybrid Defender offers simplified user interface and “out-of-the-box” experience with new licensing, targeted for DDoS use case and security buyer. © 2017 F5 Networks © 2017 F5 Networks
DDoS Hybrid Defender – Key Benefits Protects against attacks on the network through to the application Only vendor with native, seamlessly integrated on-premises and cloud-based scrubbing services Leverages industry-leading application protections to defend against L7 DDoS Unsurpassed SSL performance with SSL termination and outbound SSL interception protection Ensures app availability and performance with leading datacenter scalability and up to 2 Tbps of cloud-based scrubbing capacity F5 delivers comprehensive protection in a single box © 2017 F5 Networks © 2017 F5 Networks
2,697,631,690 accounts © 2017 F5 Networks
https://haveibeenpwned.com/ User Credentials LinkedIn: 164M Dropbox: 68M Yahoo: 500M Adobe: 152M https://haveibeenpwned.com/ © 2017 F5 Networks © 2017 F5 Networks
14,766 PayPal Phishing © 2017 F5 Networks
Let's Encrypt SSL Certificates During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity Let's Encrypt expected to issue ~35,000 SSL certs for rogue domains https://www.bleepingcomputer.com/news/security/14-766-lets-encrypt-ssl-certificates-issued-to-paypal-phishing-sites/ © 2017 F5 Networks © 2017 F5 Networks
Protect User Credentials with F5 Transaction Execution Site Log In User Navigation Transactions Site Visit Device Fingerprinting Geo-location Brute Force Detection Behavioral Analysis Behavioral and Click Analysis Abnormal Money Movement Analysis Customer Fraud Alerts Phishing Threats Credential Grabbing & Remote Access Trojans Malware Injections Transaction manipulation Automated Transactions © 2017 F5 Networks © 2017 F5 Networks
Thank You © 2017 F5 Networks
© 2017 F5 Networks