Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.

Slides:



Advertisements
Similar presentations
Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.
Advertisements

Palo Alto Networks Jay Flanyak Channel Business Manager
1 © Aberdeen Group 2013 – Not For Distribution ™ Meeting the Rising Challenge of Modern Networks.
Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
1 BIG-IP Global Traffic Manager Presented by: your name, your title.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
System and Network Security Practices COEN 351 E-Commerce Security.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
Inbound Statistics Slides Attract. 1 Blogging There are 31% more bloggers today than there were three years ago 46% of people read blogs more than once.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Inbound Statistics Slides Template Resources for Partners.
SiteLock Internet Security: Big Threats for Small Business.
Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.
Website Hardening HUIT IT Security | Sep
Norman SecureSurf Protect your users when surfing the Internet.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
VS Anywhere. Visual Studio Industry Partner VS Anywhere NEXT STEPS Contact us at: Websitehttps://vsanywhere.com Blog- Facebook.
Study Results Advanced Persistent Threat Awareness.
November 8, Global Competitive Internet Usage Forecasting Across Countries and Languages June Wei Department of Management/MIS College of Business.
Virtual Connectivity Network Virtual Connectivity Networks – Improving Usability and Enhancing Security for Remote Access Jim Kokal Wavetrix President/CEO.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Web Application Firewall (WAF) RSA ® Conference 2013.
It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
--Harish Reddy Vemula Distributed Denial of Service.
The benefits of externalizing Web DMZ-as-a-Service in the Cloud James Smith, Sr. Security Sentrix
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle.
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Internet Security Trends LACNOG 2011 Julio Arruda LATAM Engineering Manager.
Protecting your site from DDoS and data breach attacks Ronan Lavelle LeaseWeb Web Application Security Group.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
DoS/DDoS attack and defense
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
DDoS Readiness Program. About Red Button Red Button A Leader in DDoS Consulting Founded in 2014 Service based Self funded Found by Ziv Gadot – Formerly.
By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)
Centre of Expertise - Security Securing your business against cybercrime Or surely we do not have anything to worry about...do we?
Page 2 Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps 'Biggest cyber-attack in history' slows down internet worldwide after.
©2014 Cleo. All rights reserved. Company confidential. Managing Chaos: Andy Moir Director, Product Marketing 2 Data Movement in 2015.
Improve the Performance, Scalability, and Reliability of Applications in the Cloud with jetNEXUS Load Balancer for Microsoft Azure MICROSOFT AZURE ISV.
KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.
IS&T Project Reviews September 9, Project Review Overview Facilitative approach that actively engages a number of key project staff and senior IS&T.
Richard Bible Security Solution Architect, F5 Networks DDOS EQUALS PAIN.
DDoS Attacks on Financial Institutions Presentation
Real-time protection for web sites and web apps against ATTACKS
CAS-002 Dumps PDF CompTIA Advanced Security Practitioner (CASP) CAS-002 Dumps CompTIA.
Beyond Today’s Perimeter Defense: Radware Attack Mitigation System (AMS) Benjamin Radtke Senior SE Radware North/East Germany September 2011.
IS&T Project Reviews September 9, 2004.
Crypteron is a Developer-Friendly Data Breach Solution that Allows Organizations to Secure Applications on Microsoft Azure in Just Minutes MICROSOFT AZURE.
DATA BREACHES 6 4 , 9 3 There were…
Figuring out CyberSecurity Return On Investment
Presentation transcript:

Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013

AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

Cyber Security Study A research study by Ponemon & Radware Surveyed 700 IT & IT Security Practitioners Non Radware customers Release date: November 12 th

Ranking of cyber security objectives in terms of a business priority objective 5 = Highest Priority to 1 = Lowest Priority Cyber Security Business Priorities 4

DDoS Attacks Frequency of organizations had an average of 3 DDoS attacks in the past 12 months 65% How many DDoS attacks experienced in the past 12 months? 5

Minutes average downtime during one DDoS attack 54 Average downtime during one DDoS attack 6

Cost per minute of downtime $22,000 Average cost per minute of downtime $3,000,000 Average annual Cost of DDoS Attacks Cost of Downtime 7

AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

Information Resources Radware Security Survey –External survey –179 participant –95.5% are not using Radware DoS mitigation solution ERT Survey –Internal survey –Unique visibility into attacks behaviour –95 selected cases Customer identity remains undisclosed 9 ERT gets to see attacks in real-time on daily basis

AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

Organizations Bring a Knife to a Gunfight ”Someone who brings a knife to a gun fight” –Is someone who does prepare himself for the fight, but does not understand its true nature Organizations today are like that –They do invest before the attack starts, and conduct excellent forensics after it is over, –however, they have one critical blind-spot – they don't have the capabilities or resources to sustain a long, complicated attack campaign. Attackers target this blind spot! 11

Attacked in They had the budget They made the investment And yet they went offline They had the budget They made the investment And yet they went offline

Organizations Deploy Two-phase Security Approach 13 Industry Security Survey How much did your organization invest in each of the following security aspects in the last year? Only 21% of company efforts are invested during the attack itself, while 79% is spent during the pre-attack and post-attack phase.

But attacks today have 3 phases 14

Attacks last longer 15 Attacks last longer: The number of DoS attacks lasting over a week had doubled in %11% 12% 21% 12% 23%

And become more complex 16 ERT Cases – Attack Vectors Attacks are more complex: 2012 DoS/DDoS attacks have become more sophisticated, using morecomplex attack vectors. Note the number of attacks using a complexity level of 7-10.

Content Delivery Network (CDN) 17 Do you consider Content Delivery Networks (CDNs) a solution for a DoS/DDoS attack? 70% of the companies who use CDN believe the CDN is a solution for DoS\DDoS attacks. 30% 70%

Attacks Evade CDN service Internet Legitimate users CDN service Botnet GET Backend Webserver GET Legitimate requests are refused In recent cyber attacks the CDN was easily bypassed –By changing the page request in every Web transaction These random request techniques force CDNs to “raise the curtain” –All the attacks traffic is disembarked directly to the customer premise –More complex to mitigate attacks masked by CDN 18

Attackers are well prepared By definition the defenders loose the battle Equilibrium has been disrupted 19

The good news (1) 20 Industry Security Survey How likely is it that your organization will be attacked by cyber warfare? Over half of the organizations believe their organization is likely to be attacked by cyber warfare. Organizations start understanding the risk of DDoS

The good news (2) 21 Industry Security Survey Which solutions do you use against DoS attacks? Organizations start understanding Firewall and IPS cannot fight DDoS attacks

Conclusions Today’s attacks are different –Carefully planned –Last days or weeks –Switching between attack vectors Organizations are ready to fight yesterdays’ attacks –Deploy security solutions that can absorb the first strike –But when attacks prolong - they have very limited gunfire –By the time they succeed blocking the first two attack vectors, attackers switch to a third, more powerful one 22

A different approach is needed A team of security experts –Acquire capabilities to sustain long attacks –Train a team that is ready to respond to persistent attacks –Deploy the most up-to-date methodologies and tools –24 x 7 availability to respond to attacks –Deploy counterattack techniques to cripple an attack 23

AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

US Banks Under Attack: from the news 25

US Banks Under Attack: Operation Ababil Publication of the ‘Innocence of Muslim’ film on YouTube invokes demonstrations throughout the Muslim world September 18 th - ‘Cyber Fighters of Izz ad-din Al Qassam’ announced an upcoming cyber attack campaign against ‘American and Zionist’ targets. 26

Attack Summary Attack targets –Bank of America –New York Stock Exchange (NYSE) –Chase –Wells Fargo Attacks lasted Sep 18-21, 2012 Multiple attacks’ waves on each target, each wave lasted 4 to 9 hours Victims suffered from temporary outages and network slowness ERT was actively involved in protecting the attacked organizations 27

Why it was so challenging? Business UDP Garbage flood on ports 80 and 443 SSL Client Hello flood Large volume SYN flood SHUT DOWN HTTP flood attack Multi-vulnerability attack campaign Mitigation nearly impossible Attackers look for the blind spot Multi-vulnerability attack campaign Mitigation nearly impossible Attackers look for the blind spot 28

Recent updates HTTP flood was carried from compromised hosting servers –Highly distributed attacks 29

AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

ERT recommendations for 2013 Acquire capabilities to sustain a long sophisticated cyber attack Attack tools are known. Test yourself Carefully plan the position of DoS/DDoS mitigation within network architecture –On premise capabilities –In the cloud capabilities 31 Restore the equilibrium

Thank You Ron Meyran