Terabit Scale Edge DDoS Protection

Slides:

Advertisements

Similar presentations

NETFLOW & NETWORK-BASED APPLICATION RECOGNITION

Advertisements

NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

Arbor Multi-Layer Cloud DDoS Protection

Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.

Data Communications and Networking

Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

Network management Reinhard Laroy BIPT European Parliament - 27 February 2012.

Web Application Firewall (WAF) RSA ® Conference 2013.

Department of Information Engineering The Chinese University of Hong Kong A Framework for Monitoring and Measuring a Large-Scale Distributed System in.

Chapter 5: Implementing Intrusion Prevention

FOR INTERNAL USE ONLY [Your business] exceeds with COLT Network Response to DDoS attacks – TNC 2006 Nicolas FISCHBACH Senior Manager, Network Engineering.

Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

CellSDN: Software-Defined Cellular Core networks Xin Jin Princeton University Joint work with Li Erran Li, Laurent Vanbever, and Jennifer Rexford.

DoS Threat Landscape Sean Newman Director Product Management Q © 2016 Corero

Corero DDoS Protection for your Network and Services Bipin Mistry VP Product Management.

Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.

Re-writing the Playbook for DDoS Mitigation Strategies

DDoS Protection

Technical Update Christian Wheeler Network Planning Engineer

DISA Cyclops Program.

Denial of Service Mitigation with OpenFlow using SciPass

Advanced Network Tap application for

Market Engagement – security update

IoT Security Part 2, The Malware

Barracuda Link Balancer

IoT as an Attack Vector The DDoS Game Changer!

Barracuda Firewall The Next-Generation Firewall for Everyone

A lustrum of malware network communication: Evolution & insights

OptiView™ XG Network Analysis Tablet

DDoS Defense for a Community of Peers

Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.

IoT devices as an attack vector

Microsoft Operations Management Suite Insight and Analytics

Real-time protection for web sites and web apps against ATTACKS

A10 Networks vThunder Leverages the Powerful Microsoft Azure Cloud Platform to Offer Advanced Layer 4-7 Networking, Security on a Global Scale MICROSOFT.

State of the Internet Security – Q2 2017

Sub-Saturating DDoS Attacks The Silent Bandwidth Thief

How Smart Networks are Changing Corporate Networks

Track and measure Social Media and Darknet through

Using Microsoft Azure, Crowdnetic Launches Innovative Lending Gateway Platform That Connects Borrowers to Alternative Lenders MICROSOFT AZURE SOLUTION.

Who should be responsible for risks to basic Internet infrastructure?

Network Packet Broker Market

Is Your Online Security Intelligent? Internet Performance Management

Consulting Services for IoT

The Multi-Terabit DDoS Era - Memcached

A Must to Know - Testing IoT

Sizing …today. T: Here’s how. .

Logsign All-In-One Security Information and Event Management (SIEM) Solution Built on Azure Improves Security & Business Continuity MICROSOFT AZURE APP.

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

IoT Pulse Wave DDoS Attacks

AKAMAI INTELLIGENT PLATFORM™

Utilizing the Capabilities of Microsoft Azure, Skipper Offers a Results-Based Platform That Helps Digital Advertisers with the Marketing of Their Mobile.

Software-Defined Secure Networks in Action

Datacastle RED Delivers a Proven, Enterprise-Class Endpoint Data Protection Solution that Is Scalable to Millions of Devices on the Microsoft Azure Platform.

Data collection methodology and NM paradigms

Software-Defined Secure Networks in Action

Nenad Stefanovic and Danijela Milosevic

AT&T/Cisco Partnership…Enabling Customer Success

Dynamic WAN Selection Optimize Your Business & Cloud Networks

Large-Scale Edge DDoS Protection

Reinhard Laroy BIPT European Parliament - 27 February 2012

Modelli di Controllo e Mitigazione per Attacchi DDoS

Introduction to the 3rd Gen Fortinet Security Fabric

Utilizing the Network Edge

Tokyo OpenStack® Summit

Presentation transcript:

Terabit Scale Edge DDoS Protection Peter Cutler Senior Systems Engineer

Is DDoS Still on the increase? 500 Gbps Hong Kong attack France swarmed after terror attack PlayStation & Xbox hit at Christmas Mirai Botnet OVH / Krebs / DYN 600 Gbps -> 1Tbps Memcached GitHub 1.35-1.7Tbps Anon hits Church of Scientology Spamhaus attack: Reported to reach 310 Gbps Rio Olympics 540 Gbps Spammers discover botnets Reaper Botnet 2M Devices First Hacktivists: Zapatista National Liberation Army ProtonMail attack Estonia: Parliament, banks, media, Estonia Reform Party Coordinated US bank attacks: Grew to 200 Gbps, and continue today DoS for Notoriety 2019 ?? 1993 … 2005 2007 2009 2011 2013 2015 2016 2017 2018

DDoS Evolution in 2018 High Bandwidth Botnets Multivector memcached exceeds 1Tbps, routinely > 100Gbps Botnets Mirai (and its many known variants) IoT (100s of Millions of easy to recruit devices) Multivector 10+ vectors, Additive + Variation + Spray/Subnet Booter/Stresser Services the “10 minute” attack and pulsed attacks

DDoS is an evolving and increasing threat Key Trends Statistically: Frequent, Low Volume, Short Duration Attacks dominate DDoS is an evolving and increasing threat Example statistics across Corero customer networks Corero Full Year 2018 Trends Report: https://www.corero.com/resources/reports/corero-full-year-2018-ddos-trends-report-/

SP/Telco DDoS Scrubbing Protection DDoS attacks arriving from transit/peering Good traffic destined for subscribers SP SP SP ingress from transit/peering Service Provider egress to subscribers DDoS victims DDoS victims

SP/Telco DDoS Scrubbing Redirect DDoS attacks arriving from transit/peering Good traffic destined for subscribers SP SP SP ingress from transit/peering Netflow Detect (out-of-band) Service Provider egress to subscribers DDoS victims DDoS victims

SP/Telco Large DDoS Attack Blackhole DDoS Attacks arriving from transit/peering SP SP SP ingress from transit/peering BGP redirect Netflow Detect (out-of-band) Scrubbing Capacity (<10% edge capacity) note: Some Providers will have multiple scrubbing centers for Geos, redundancy, backhaul reasons. Service Provider egress to subscribers Good traffic tunneled to edge or customer Good traffic tunneled to edge or cust

Scrubbing Approach Increasingly Challenged Size of Attack Blackhole Zone (some FlowSpec) Provider Edge Capacity 100s of Gbps to multiple Terabits/sec Provider RTBH Mitigation Manual instantiation of blackholes with target offline for duration of attack Attacks Partial Protection (needs to be > 10%) Scrubbing Zone Number of Attacks

How to Improve? Enhanced Accuracy + Speed of DDoS Detection/Mitigation DDoS Attack Over Scrubbing Capacity Succeed! Flow Monitoring Aggregation delay Attack overload Header only BGP/RTBH/FlowSpec BGP propagation Limited visibility Sampled Mirror Immediate forwarding Scales with attack Header and payload ACL Filters Rapid configuration Streaming telemetry

New Opportunity for Edge Mitigation NOC/SOC Network Edge Monitor Inspect Detect Report / Signal Mitigate Sampled Mirror (1:N) Seconds Sampled Mirror (tuple + payload) Streaming Telemetry Ingress Traffic Egress Traffic Filter Generation (tuple + payload) Dynamic Filter (tuple + payload) Detection Mitigation

Full Edge Capacity Mitigation Size of Attack Blackhole Zone Provider Edge Capacity 100s of Gbps to multiple Terabits/sec <1% of attacks need to be blackholed 100% Edge Protection Provider Edge Mitigation Zone Provider Edge Mitigation Leverage real-time data and analytics to deliver intelligent automation Scales to Tens of Terabits of DDoS Protection Attacks Provider Scrubbing Capacity >90% attacks mitigated at Provider Edge <10% redirected to scrubbing Scrubbing Zone Number of Attacks

Total Provider Edge DDoS Protection DDoS Attacks arriving from transit/peering Internet SP SP SP ingress from transit/peering netconf Service Provider egress to subscribers Good traffic to edge or cust Good traffic to edge or cust

Example Edge Filtering with Juniper MX Matching Firewall-type rules with defined actions Filters entered manually, or programmatically via netconf API Unique ID for each filter provides statistics via remote telemetry

Summary DDoS as a whole still on the Increase Attack Methods/Vectors more Sophisticated Emerging trend for increase in proportion of larger attacks Traditional Scrubbing/RTBH Protection. Industry is moving on Typically too slow to react to avoid damage, or completes attack Wastes core network bandwidth backhauling junk DDoS traffic New Opportunity for Protection on Network Edge Devices Leverage built-in power of latest infrastructure devices No need to insert new devices at every ingress point Deliver always-on protection at edge capacity up to unprecedented scale Can operate as an overlay to existing scrubbing centers Deploy filters automatically from DDoS protection solution

Questions?

Thank You!