Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rob Pollock, Sr. Channel Sales Manager

Published byMarcus Wood Modified over 6 years ago

Similar presentations

Presentation on theme: "Rob Pollock, Sr. Channel Sales Manager"— Presentation transcript:

1 Misconceptions and FACTS ABOUT MODERN DAY DDoS ATTACKS and ADVANCED THREATS
Rob Pollock, Sr. Channel Sales Manager Data Connectors November 9, 2016

2 Agenda Arbor Networks – Who Are We Misconceptions About DDoS
The Changing World Of Advanced Threats Arbor Spectrum – A New Approach To Handle Advanced Threats

3 16 107 100% Who is Arbor networks? #1 140 Tbps
Number of years Arbor has been delivering innovative security and network visibility technologies & products Arbor market position in Carrier, Enterprise and Mobile DDoS equipment market segments – [Infonetics Research June, 2015] 107 100% Percentage of world’s Tier 1 service providers who are Arbor customers Number of countries with Arbor products deployed 140 Tbps Amount of global traffic monitored by the ATLAS security intelligence initiative right now!

4 Arbor: Protecting the World’s Networks for 16 Years
Unrivalled Network Traffic Expertise For Security Deployed everywhere on the planet See more Internet traffic than any other provider Access to Netscout technology World’s Most Powerful Traffic Intelligence Platform ATLAS monitors one-third of World’s Internet traffic World class security research team analyzing traffic patterns and reverse engineering malware and its infrastructure Proven Scale Across Blue Chip Installed Base 3/5 Top Global Banks 9/10 of largest online brands and hosting providers 100% Tier 1 Service providers We are the leader in DDoS protection, deployed everywhere in the world. Very global, all tier oneservice providers, emerging markets Have protected biggest events in Internet history olymic games, elections, and see more traffic than anyone else. Traffic- world best kept secret in enterprise security Our ATLAS/ ASERT team is unrivalled and our data set and how we look and then understand how infrastrcture is being used to carry out attaCks against targets. At the heart of the new threats customers face to their business, as brian said- its all about the network. All the techniques blasted are against the network, and clues to finding are with in it. And why us? We know about traffic and protecting networks from attacks. Live Digital Attack Map Powered by: Arbor Networks

5 Common Misconceptions About DDoS Attacks (And Advanced Threats)
I have adequate DDoS protection solutions in place. (my firewall, IPS, ISP) Impact does not justify the cost of protection DDoS is old news … I’m more concerned with Advanced Threats Arbor has been researching and selling DDoS protection solutions for 14 years…Our experience has shown that the reason why DDoS attacks still impact organizations is due to 5 common misconceptions. <this is your opportunity to “teach” and “lead” to our solution…> They fall into 3 main categories: The check box syndrome…This is a solved problem for me…or I have adequate protection. Normal but Improper Risk Analysis …It won’t happen to me or the risk don’t justify cost. DDoS is not related to Advanced Threats There are backup slides in which you can go into details of each misconception if desired now or later. The odds are we will NOT be attacked.

6 Common Misconceptions About DDoS Attacks (And Advanced Threats)
Arbor has been researching and selling DDoS protection solutions for 14 years…Our experience has shown that the reason why DDoS attacks still impact organizations is due to 5 common misconceptions. <this is your opportunity to “teach” and “lead” to our solution…> They fall into 3 main categories: The check box syndrome…This is a solved problem for me…or I have adequate protection. Normal but Improper Risk Analysis …It won’t happen to me or the risk don’t justify cost. DDoS is not related to Advanced Threats There are backup slides in which you can go into details of each misconception if desired now or later. The odds are we will NOT be attacked.

7 ddos Attack trends Fact: DDoS Attacks Increasing in Size, Frequency and Complexity (per month) The rise in DDoS attack size, frequency and complexity. Mention the source for most of this information comes from our 10th Annual WISR Size: Talk about how DDoS attacks are growing in size. Most are around 1G range, seeing an increase in those over 20G and some as large as 500G (11th WISR) Frequency: 100% of organization have experienced a DDoS attack. 12% experience 500 multiple per month! ***Relate to persona: As you probably know, financial services organizations such as yourself are prime targets for DDoS attacks. 11th WISR Looking at attack frequency, the number of attacks experienced per month has increased again (Figure 23), revealing a trend of very rapid attack frequency growth. Two years ago, only 25 percent reported seeing more than 21 attacks per month. Last year, that proportion increased to 38 percent, and this year it has risen to 44 percent. This trend backs up anecdotal feedback from Arbor customers, who indicate they have seen significantly more and larger attacks during this survey period. Complexity: Modern day DDoS attacks are dynamic combination of volumetric, TCP state exhaustion and application layer attacks. As you can see from our study 56% have experienced multi-vector attacks, up from 42% last year (11th WISR) And finally…we are starting to see DDoS used as a smoke screen for more nefarious activity – in other words being used in advanced threat campaigns as a smoke screen to hide the stealing of confidential data or Intellectual Property. This is something that I’m sure your upper management team is concerned about. 11th WISR: In line with other surveys, a growing proportion of respondents are seeing DDoS attacks being used as a distraction for either malware infiltration or data exfiltration. Last year, 19 percent saw this as a common or very common motivation; this has increased to 26 percent — backing up other surveys and reports that have shown growth in this area. *Source: Arbor Networks 11th Annual Worldwide Infrastructure Security Report

8 $5:$100sK ability & motivations
Fact: It’s never been easier to launch a DDoS attack $5:$100sK Cost of DDoS Service Impact to Victim Fact: Many motivations behinds DDoS attacks Over one-quarter of respondents are now seeing ore than 21 attacks per month. Source: Arbor Networks 11th Annual Worldwide Infrastructure Security Report

9 FIFA World Cup Brazil Also threatened to take down sponsor sites.
Over 60 World Cup related websites were attacked. Also threatened to take down sponsor sites. everal government and sponsor websites have been targeted by hackers.

10 The Stakes Are Raised to Protect the Internet
Huge botnets built with IoT Past 6 months we have seen some different types of attacks strike at the heart of every day life and headlines in a new way. Just over a week ago, attack against Dyn using mirai botnet and explouting ioT, Krebs same thing, We also saw Rio olympics . Cooordinated, Lizard squad, anoymous, Custom tools using TOR others for volumetric, application attacks Lots of coordination needed. Highly targeted; Krebs, rio went after a set of targets to take it todown, Dyn- not at liberty to talk too much but against Stealthy Campaigns Hidden in Networks

11 $5:$100sK ability & motivations
Fact: It’s never been easier to launch a DDoS attack $5:$100sK Cost of DDoS Service Impact to Victim Fact: Many motivations behinds DDoS attacks Over one-quarter of respondents are now seeing ore than 21 attacks per month. Source: Arbor Networks 11th Annual Worldwide Infrastructure Security Report

12 Common Misconceptions About DDoS Attacks (And Advanced Threats)
I have adequate DDoS protection solutions in place. (my firewall, IPS, ISP) Arbor has been researching and selling DDoS protection solutions for 14 years…Our experience has shown that the reason why DDoS attacks still impact organizations is due to 5 common misconceptions. <this is your opportunity to “teach” and “lead” to our solution…> They fall into 3 main categories: The check box syndrome…This is a solved problem for me…or I have adequate protection. Normal but Improper Risk Analysis …It won’t happen to me or the risk don’t justify cost. DDoS is not related to Advanced Threats There are backup slides in which you can go into details of each misconception if desired now or later.

13 Misconception: Firewall / IPS will Stop DDoS Attacks
Firewalls and IPS (load balancers, WAF etc.) are not designed to stop DDoS attacks. Fact: DDoS attacks use legitimate packets and do not violate protocols rules – thus many go undetected by firewalls and IPS. Because firewalls and IPS (load balancers, WAF) are required to track state, they are vulnerable to some DDoS attacks (e.g. HTTP/TCP SYN floods) – and routinely fail during attacks. Dispel the notion that firewalls and IPS (load balancers WAFs) can stop all DDoS attacks. Use the WISR stats to show data points and refer to numerous documents we have written on this subject. Leave with the message that DDoS requires a purposes built solution…complementary to other security products…which each fulfill different aspects of the Security Triad. Click on icon in lower left hand corner to return to misconceptions slide. Completing The Security Triad: Firewalls and IPS are designed for protecting Confidentiality and Integrity. You need purpose built DDoS protection products to protect Availability. Confidentiality Integrity Availability?

14 Stopping modern day DDoS Attacks – Hybrid approach Is the key
Layered DDoS Attack Protection Stop volumetric attacks In-Cloud 1 Intelligent communication between both environments 3 Scrubbing Center Volumetric Attack Application Attack Your Data Centers/Internal Networks Your (ISP’s) Network The Internet Stop application layer DDoS attacks & other advanced threats; detect abnormal outbound activity 2 To stop modern day DDoS attacks you need to take a Layered approach DDoS Attack protection – backed by continuous threat intelligence. What do we mean by this? 1. Stop volumetric attacks in the cloud (yours or your ISPs) before the attacks saturate circuits and overwhelm on-prem security devices. 2. Stop application layer attacks on premises where you have more control over protection of services that matter most. 3. There needs to be Intelligent communications between two environments to stop dynamic, multi-vector attacks. Last but not least… 4) These solutions need to be back by continuous threat intelligence to stay abreast of the latest threats. In fact its not just Arbor saying this…the analyst community is also recommending this to their clients. 4 Backed by continuous threat intelligence Backed by Continuous Threat Intelligence A Recommended Industry Best Practice:

15 Common Misconceptions About DDoS Attacks (And Advanced Threats)
Impact does not justify cost of protection Arbor has been researching and selling DDoS protection solutions for 14 years…Our experience has shown that the reason why DDoS attacks still impact organizations is due to 5 common misconceptions. <this is your opportunity to “teach” and “lead” to our solution…> They fall into 3 main categories: The check box syndrome…This is a solved problem for me…or I have adequate protection. Normal but Improper Risk Analysis …It won’t happen to me or the risk don’t justify cost. DDoS is not related to Advanced Threats There are backup slides in which you can go into details of each misconception if desired now or later.

16 Increasing exposure Fact: DDoS is a world wide problem and any organization can be a target. DDoS is a world wide problem and any organization can be a target. It doesn’t matter who you are, as long as you have an Internet presence, you could be the target of a DDoS attack. ** Again reiterate that Financial Institutions like yourself are prime targets. Arbor 11th Annual WISR: Similar to last year, end-user subscribers take the top spot as the most common type of customer targeted. Finance, which was in fifth place last year, has moved up into a three-way tie for second place with government and hosting (Figure 17). Meanwhile, e-commerce, which garnered second place last year, was pushed down to third place in a near tie with gaming. Other significant targets include education and gambling organizations, both of which were reported by about one-quarter of respondents. Objection: I know what you’re thinking…”We are rarely attacked, which makes it hard for me to justify the cost of DDoS protection” Have you considered all the costs associated with DDoS attacks? There are many direct and indirect costs associated with a DDoS attack that many organizations overlook. For example… (next slide)

17 Increased pressure on security teams
Fact: Over 230,000 cyber professional jobs unfilled TODAY in the US*… 1.5 million cyber jobs worldwide will be unfilled by 2020. per NIST Source: Arbor Networks 10th Annual Worldwide Infrastructure Security Report

18 Under estimated impact
Fact: Impact can be immediate & severe Dunn & Bradstreet Lost Revenue Operational Costs to Mitigate Attack Brand repair Regulatory Fees Customer Credits Lost productivity Lost future business Others? Source: Arbor Networks 11th Annual WISR Note: Most respondents didn’t answer this question because they didn’t know! Many people under estimate the impact of a DDoS attack. There are direct costs that are easy to calculate such as Lost Revenue. But there are also many indirect costs such as that are not considered: Operational Costs to Mitigate Attack Brand repair Regulatory Fees Customer Credits Lost productivity Lost future business Others? The cost of downtime is very company dependent… Below is some good websites that has some industry analyst stats: We have a customers that track downtime by the minute. For example Comcast (or add your own)… They know exactly how much downtime costs them per minute. This is what allows them to justify their DDoS protection solution. Since the cost of downtime is so specific to each organization, the question to you is… “How much does a minute of downtime really cost your organization? This is not such an easy questions to answer…In fact, according to our 11th Annual WISR, most organizations don’t know exactly how much a minute of downtime would cost them. Of those that did, the numbers are staggering..21% $500-$1000/minute…29% $1000-$5000/min! Note: We have calculators to assist with DDoS risk analysis. Bottom Line: These numbers must be customized for your environment

19 Common Misconceptions About DDoS Attacks (And Advanced Threats)
DDoS is old news … I’m more concerned with Advanced Threats Arbor has been researching and selling DDoS protection solutions for 14 years…Our experience has shown that the reason why DDoS attacks still impact organizations is due to 5 common misconceptions. <this is your opportunity to “teach” and “lead” to our solution…> They fall into 3 main categories: The check box syndrome…This is a solved problem for me…or I have adequate protection. Normal but Improper Risk Analysis …It won’t happen to me or the risk don’t justify cost. DDoS is not related to Advanced Threats There are backup slides in which you can go into details of each misconception if desired now or later.

20 $5:$100sK ability & motivations
Fact: It’s never been easier to launch a DDoS attack $5:$100sK Cost of DDoS Service Impact to Victim Fact: Many motivations behinds DDoS attacks Over one-quarter of respondents are now seeing ore than 21 attacks per month. Source: Arbor Networks 11th Annual Worldwide Infrastructure Security Report

21 The Changing World Of Cyber Threats

22 Global Crime Statistics
GLOBAL CYBERCRIME MARKET $114B STOLEN CREDIT CARD MARKET $85B COCAINE MARKET $56B STOLEN VEHICLE MARKET Cybersecurity is a household issue but also has become big businesses. Criminals have been focusing more on cyber as way to make money. Its easy, lucative and getting more and more skill sets. Seen pouring in of investment from governments and investors in cybersecurity and the reasons are that cyber crime itself have because the biggest criminal market, and that does not account for national security and other concerns. Criminals make money in cyber crime And people are spending to defend themselves JP Morgan spend $500 million on security in 2015! B of A $400M Gartner worldwide IT security was $75B, in 2004 was just $3.4B. Grew well over 30% $30B STOLEN SMART PHONE Source: World Economic Forum

23 IT’S ABOUT THE HUMAN BEHIND THE THREATS
Sabotage Man-in-the-X Online Fraud State Exhaustion Application Layer System / Network Pawn Targeted Volumetric Insider / Corruption Retry Storms / Volumetric Kleptography Its all about the huma attacker and a set f tools for their goals Tsunami Versus knife fight Availability Integrity Confidentiality Loud / Noisy Quiet / Patient

24 Hidden Threats, Lateral movements, Insider Misuse
©2016 ARBOR® CONFIDENTIAL & PROPRIETARY The Hidden Threats Threats detected with Perimeter and Alert-based Security Solutions, at the Defense and Infrastructure level And the big shift since past 20 years taking us from fences to detectives The next era of cyber security is all about changing the approach to identifying hidden threats before great damage occurs. Industry has organized around detecting threats with Perimeters and SIEMs; look at more obvious single threats that are exploited well known vulns. Most damaging attacks are non obvious- hard to see the signs and link together until too late. Hidden Threats, Lateral movements, Insider Misuse

25 Compromise is Inevitable, DATA Loss is not or “I hate to Fail before I start”
Attackers only Need to Win ONCE, We Need to Win EVERY TIME Value Proactive Advanced Detection Prevention Proactive Advanced Detection Prevention Hunting Toolkit Threat Intelligence Network Behavioral Analysis Network Forensics Sandbox Payload Analysis Transition Transition Legacy Controls SIEM Vulnerability Patching Network (FW, IDS) Endpoint (AV) Comfort Zone With new technologies appearing almost daily, attackers have a constant stream of potential new tools, tactics and practices to evaluate as offensive weapons. This constantly expanding attack surface forces defenders to assess each as well in an ever-escalating arms race. We have to be right ever time! As human defenders realize this, they shift strategies to proactive approaches, to focus on fundamentals that truly uncover meaningful threats, and force multipliers that dramatically accelerate threat investigation and disruption. I hate failing before I start! Majority of Organizations (Detect and Respond Strategy) Leading Organizations (Seek and Contain Strategy)

26 Attack Campaigns: The Real Advanced Threat
Did You Know? Not a single threat such as advanced malware. Specific targets. Well-resourced human attackers orchestrating ongoing, persistent campaigns. Sneak past current defenses. Teams built to defend, not to find and contain. New processes and solutions needed. 7+ Advanced attacks in 2015 used 7 or more toolkits, less than half exploited a critical vulnerability. Toolkits 40% …of advanced attacks in 2015 did not involve malware. 20% …of all Advanced threat attacks involved DDoS Not just a single malware All about the attack campaign, How do you find the most sophisticated jewel thief when you have architected processes, training and expertise on stopping intruders getting through the front door? Human to human. DNC campaign Many toolkits used chained together 20 years spent on skills processes on prevention stopping them get in. now need to change and find and contain the ones that are already inside Companies need a new approach Detect and response, security guards looking at alerts coming in. Watch towerprocesses to stop as much as possible, and have perimeter guards watching. Instead of being a guard need to go on the offensive, look at what's happening on key assets, policy violations before the crime occurs. To finding and containing, prioritizing high priority and relevant intel, key assets, users, what's off from normal. 60% …of enterprises take longer than 3 days to investigate a critical security event. 200+ Average dwell time of breaches is greater than 200 days. Days

27 Time is the Currency That Matters…
DWELL TIME Mean Time To Identify (MTTI) CONTAINMENT Mean Time To Contain (MTTC) 198 Days 39 Days 21 Days 98 Days All about time 3 months for FI who often have a lot of experts/$, 2X for retail Dwell Time/ MTTI MTTC Key metrics security teams often measuring against in Fortune 1000 Lets look at how security teams typically deal with a security event. Use logs, firewall approach to gather events and parse through them one by one. Firewall wall; about stopping thretas get in; and how quickly processed events. THIS IS HOW MOST SECURITY TEAMS MEASURED THEIR PROGRESS Attack campaigns require new metrics; MTTI, MTTV etc that network world been using for years. Financial1 Services Retail2 Companies Financial1 Services Retail2 Companies Source: Ponemon Institute LLC Sponsored by Arbor Networks ©2016 ARBOR® CONFIDENTIAL & PROPRIETARY

28 $2B on Advanced Threat in 2015
Fences Detectives Firewalls & IDS / IPS Endpoint Security SIEM Internal Network Analysis Boundary Endpoint Advanced Threat 10 billion on fences, continuing to spend, need for compliance but no longer growth markets. In single digits and declining. The processes and technology expertise required are so different that brand new markets for advanced threat have emerged. Idc and a couple of other analyst firms sized it around 2 billion in 2015 and growth rates over 20%. New high growth markets. Like firewall, siems and endpoints need different categories of advanced threat protections. Need new endpoints, new firewalls- sandboxes that detonate Advanced Threat Markets Have Emerged to Meet the Gap in Current Security Protections

29 Arbor Spectrum for Advanced Threats
Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate, & Confirm Threats So Brian showef this image. earlier today. Spectrum is a new solution built from grounf up over past 2 yearrs, some of same Eng and architects that built SP, our visibility solution for proiders. To bring that same umatched visibility to internal traffic WITHIN the network. That’s what we mean by Epic RANGe; we have built a platform to give security teams unmatched visibility- including leveraging our ATLAS data to every part of the network, at scale and speed not seen before. Whats really different is emhasis on visulaizations and UI designed for security teams to use network traffic to find and prove AT in their networks more effectively than ever before. Just like in our DDoS solutions where we weave our traffic expertise into our policies and capabilities, we have done this for sec teams. If you look closely at this image that tells the story of EP and FP, we bsed te image on left, fingerprint from the icon of our investigations module in 2.2. This is our traffic fingerprint and tells the story ogf how traffic can be used to find the most stealthy attack.

30 Arbor Spectrum Product Principles
A complete view of your network traffic provides the most effective means to identify and stop advanced threats. Arbor provides unique automated threat identification, accelerated threat validation and response for security teams. Focus on What Matters Organizations have too many generic alerts. ATLAS threat indicators and Arbor generated behavior indicators represent threats that matter to security teams. So this is Spectrum principle; buily with Eng team that built SP but for security team to do theit jobs better. ALL ABOUT USING THE NEWORK to find and STOP ATs We heard sec teams have too many events. Spectrum events are designed to mean something. Empower security teams to make decisions faster. Easy access to the preserved artifacts of an incident. Workflows to link disparate artifacts into a single investigation

31 Benefits of Campaign Focus
Unmatched Visibility Global Data Collection Better picture of overall risk See attacks occurring at all stage of the kill chain DDoS Analysis Accuracy Cross-checking attacks and hosts improves validity of threats – decreasing or eliminating false positives BotNet Analysis Relevance Malware Analysis See and understand the threats with the highest risk to the business Malware doesn’t happen in a vacuum. It is bought, sold and used in a variety of attacks. Sometimes it’s custom designed for a specific organization or task, but it still shares infrastructure and attributes that can be instrumental in understanding the depth of the threat. By focusing on the entire campaign – with malware at the heart of the campaign – ATLAS intelligence offers a much deeper context to threats. Is the malware being used in a particular botnet – how does that botnet perpetuate? What can you look for in addition to the malware to stop the spread. Is the malware being used as part of a known DoS attempt? Is it associated with any known DDoS campaigns for any distraction, diversion or research? And finally where has it been, what hosts are using it and what other attacks those hosts carry in their arsenal. Events are reflective of active malware, botnets, & campaigns in real-time Not based on one time analysis of a threat with the only outcome being a signature Events prioritized by confidence of ‘badness’ & age Map it back to a specific threat…. Have the data behind it. Actionable Get a clear path of action – whether that is further investigation or traffic enforcement Reveal the Entire Campaign

32 Online Provider Use Case: Detection & Proof of an Attack Campaign in Minutes
Challenge ! Small Security Operations function responsible for managing events and incidents across a large, distributed network with global data centers. Deployed SIEM, Security forensics and used 3 open source and other tools to detect and investigate incidents. “The best thing about Hunting Intel is that you really don’t even need a novice skill level of network forensics to use it. The interface is straightforward, and it’s simple to extract important information relevant to an investigation.” Result Deployed within a day and received one hour of training. Within the same day the team was using the solution to find and investigate potential threats. Almost immediately a threat indicator was detected using Intelligence. Further analysis of the traffic and subsequent hosts implicated. Investigation took minutes whereas the team would normally take 3-4 days to perform a similiar analysis. Their SIEM and existing threat infrastructure had not identified the initial threat indicator. – Security Operations Lead F500 Multinational

33 How ATLAS & ASERT Work Unique Sources of Data
Global Ddos visibility Bgp & IP-TRANSIT V& ASN TRACKING ASERT SENSORS FOR DARKNET MONITORING MALWARE PROCESSING BOtNet Infiltration BOTNET / CAMPAIGN REVERSING Unique Sources of Data INTERNET VISIBILITY MALWARE DETECTION BOTNET MONITORING Internet Health DDoS Attacks Threat Tracking Real-time Behavior Family Focus Sinkhole Infiltration/Activity Monitoring Unique Approach to Analyzing the Data Different sour. ASERT SECURITY RESEARCH (Human Intelligence, Specialized Research Team)

34 Service Provider Networks
Arbor Portfolio ADVANCED THREAT VISIBILITY SP SPECTRUM Service Provider Networks Enterprise Networks Enterprise Assets To sum, We see traffic data acroos the spectrum. We get it from our providers , and other sensors, we get itnto the form of indicators acroos our solutions, portal acces, threat reports Experts- see TMS ARBOR CLOUD APS External Attacks Internal Attacks DDoS Attack Traffic Legit Traffic ©2016 ARBOR® CONFIDENTIAL & PROPRIETARY

35 QUESTIONS

36 ATLAS: Unique Traffic-Based Security Intelligence Platform
COLLECT Telemetry for 1/3 of Internet Traffic Per Hour CORRELATE Bot Net & DarkNet Activity ATLAS has most extensive data set of internet traffic real data on the planet; model the internet health and ebbs and flows activity patterns acroos the entire globe. One third of all Internet traffic hourly From this we can dig into where we see , botnet infiltration – what pathways they are using to carry out attacks . Looking at botnets, sinkhole and other, Further dissect to look at from those pathways, what are trying to do, who are the victims, and how they carry out the attacks, Build into Confirmed INDICATORS hourly ANALYZE Campaign Indicators ACT Confirmed Traffic & Threat Profile ATLAS Indicators (Hourly)

37 Spectrum: Using the Network to Detect & Confirm Hidden Threats Smarter & Faster
High confidence campaign indicators with ATLAS Intelligence Unique investigation workflows that make every team member more effective Unprecedented visibility Intuitive workflows that connect host, conversation and threat data together Unprecedented scale. Access to forensics data at your finger tips Search and pivot months of network data in seconds So we use lot only our unique vantage point of what is happening on the network from intelligence standpoint, but Spectrum is all about allowing customers to use their network to detect and confirm attacks. We SIT BEHIND the FW, SANDBOX and EP> New view into the ENTIRE NETWORK Testmonials from customers; new view into business. Sanki diagram. Way of visualizing the traffic. From the indicators, to workflows to make everyone more effective, search and pivot months of data in seconds. Deployed in a day. See for yourselves! This new vantage point is new to many users. Please go and see demo and hear about the use cases Testimonials and quotes from customers. Never had view into their nwtwork before. “Within an hour of deploying Arbor Spectrum, it became a “go-to console” each day to quickly confirm a threat inside our network. The detail from the hosts & connections pages became a view into our network we have never seen before.” - Security Analyst

38 Scale Your Security Team Shift to Find and Contain Is Possible
What To Take Away 1 2 Reduce risk to the business and scale security teams by detecting and confirming security incidents across the entire network 10x faster. Scale Your Security Team Arbor Spectrum is a new internal traffic analysis platform engineered from the ground up to deliver unmatched network visibility combined with scale & speed of analysis of security threats. 3 What are the three things to take away: Major investment in Spectrum; architecture and platform for finding, investigating suspicious threat activity in your entire network that is speed and scale not seen in industry, 500K FPS months of data, can search any connection That means how long it typically takes a security team to find investigate threats is vastly reduced. One large account says take 3 days to investigate a moderate to severe incident. We take seconds. Easy to POC with virtual and seen high deal sizes with early wins $200K Shift to Find and Contain Is Possible Team, Skill Sets, Process, Tools

39 ARBOR NETWORKS SOLUTION PORTFOLIO
Arbor Cloud® An ISP Agnostic, Managed DDoS Protection Service. Combination of in-cloud and on-prem DDoS attack protection. Terabytes of mitigation capacity, backed by DDoS protection experts. Arbor Spectrum® Empowers teams to investigate and prove advanced threats 10x faster. Complete visibility into both past and present network activity enabling your team to search and surface any advanced threats within the network Arbor Cloud Cloud Signal The Internet Arbor TMS Botnet, DDoS, Malware In-Cloud On-Prem Volumetric Attack Application Attack Arbor APS Arbor Spectrum IF For more complex networks and experienced security teams. Automated detection, Out of Band, customizable mitigation. Used by many MSSPs for in-cloud DDoS protection services. Arbor SP® For data centers and customer premises. Always on, protection from (in-bound and outbound ) DDoS attacks and advanced threats. Cloud Signaling for large attacks. Managed Arbor APS Arbor APS®

40 To “Proactive Investigation and Prove” Strategy
With Arbor Spectrum Threat Intel Traffic Analysis Intuitive Workflows Arbor Spectrum MANHOURS REQUIRED PREVENT/DETECT sandbox firewall endpoint Ids/ips siem intelligence SOLUTION COST $$$ $ $ $ $$ RISK IMPACT Limited Improved Limited INVESTIGATE/PROVE FORENSICS End-point forensics Packet forensics Recon Network Installation/Delivery Sandbox Command/Control Mission Complete Forensics Exploitation Lateral Movement Exfiltration Stage 1 Stage 3 Stage 5 Stage 7 Stage 2 Stage 4 Stage 6 attack CAMPAIGN stages - Not

41 Arbor’s DDoS & advanced threat Protection Solution
Comprehensive Protection , Proactive Investigation and Proof Arbor Spectrum Target / Compromised Hosts Use this diagram to briefly explain the integrated solution and how it works and is continuously backed by ATLAS/ASERT. Arbor’s proven, industry leading, comprehensive set of products and managed services provide a fully integrated, in-cloud and on-premises DDoS (and advanced threat) protection solution – that is continuously armed with the actionable, threat intelligence from ATLAS and ASERT. We have On-prem products (appliances or virtual version ) that can stop in-bound ddos attacks and other threats. These products can also stop outbound activity from compromised hosts. In the event that these on-prem products sense that they are going to become overwhelmed with a large volumetric ddos attack, they can “call for help” using a feature called “cloud signaling”. In which case volumetric attack traffic is handled by our fully managed in-cloud DDoS protection service called Arbor Cloud. What’s unique about our solution is how how we (ASERT) leverage our 15 year, worldwide deployment of product used by majority of the world’s service providers to gain unmatched experience and visibility into global threat activity (we call this ATLAS). The global insight derived from ATLAS/ASERT continuously arm all of our products and services in the form of features, integrated workflow and actionable, threat intelligence. No one in the industry offers such a comprehensive DDoS protection solution. Let’s talk about the right combination of products and services for your organization. Armed with Global Visibility & Actionable Threat Intelligence

42 Why Internal Network Analysis for Advanced Threats?
Organization’s network Headquarters Sensitive assets Unsupervised Consultant Desktop of CFO Remote Subsidiary ******* PASSWORD: We just the process the Defenders have to go through to find, Declare and prove an incident. The attackers follow their own process- what is called the Kill Chain- a sequenced set of steps to get in, and then ladder their way through the ntwork onto users machines , servers and assets , and use the network to communicatie with their team outside, and to get it out. AL THE CLUES AND SIGNS ARE IN THE NETWORK. Using network traffic analysis. Network teams have grown up and have a lot of experience and expectations regarding using network traffic to understand what is happening with network and applications, what are the trouble spots and blips they need to investigate and troubleshoot? This is not the NORM for most security teams. They are schooled in using logs for analysis of what happened and analyzing binaries for malware Many teams rely on their NETWORK teams for getting access to flow or packet data for investigations. They do not regularly use- or always know- how network traffic can be used to give unique clues on suspicious activity- NSI example of why where there unusual traffic spikes to an embargoed country? User and group policies. Packet data can be used to reveal what happened, how it the incident happened, and sometimes who was behind it or at the very least whose machines were used or hijacked as part of the incident This is where Spectrum – as an Internal Network Traffic Analysis Solution- purpose built for security Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Stage 6 Stage 7 Network Traffic gives unique clues to suspicious or malicious activity Answers the who, where, why and what of an attack Superior location to see all nodes, users fast, everywhere

43 Financial Services Use Case: Automatic Confirmation of Threats
Challenge ! Small Security function responsible for managing events and incidents across a high performance network with an outsourced SOC. Deployed next gen firewalls and sandboxing but were unable to determine if threats meant anything significant. The CISO wanted automatic confirmation of threats. “Within an hour of deploying hunting Intel, it became a “go-to console” each day to quickly confirm a threat inside our network. Host and Connections pages became a view into our network we have never seen before.” Result Deployed within the morning Were able to confirm threats detected with perimeter security tools with full details on what happened within their networks Uncovered attack campaigns using Intelligence feed and found new paths that could be explited in their netwoeks. Hunting has become an integral new layer to confirm what perimeter and sandbox tools trigger as initial single events. – Security Lead

Download ppt "Rob Pollock, Sr. Channel Sales Manager"

Similar presentations

The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Network security policy: best practices

Network security policy: best practices
Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 120309_.

Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission _.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Role Of Network IDS in Network Perimeter Defense.

Role Of Network IDS in Network Perimeter Defense.
©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY1 Rob Pollock - Sr. Channel Sales Manager Bilal Javaid - Manager, Consulting Engineering, Central U.S. Data Connectors.

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY1 Rob Pollock - Sr. Channel Sales Manager Bilal Javaid - Manager, Consulting Engineering, Central U.S. Data Connectors.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Why SIEM – Why Security Intelligence??

Why SIEM – Why Security Intelligence??
SDN & NFV Driving Additional Value into Managed Services.

SDN & NFV Driving Additional Value into Managed Services.
Protect your Digital Enterprise

Protect your Digital Enterprise
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Stop Cyber Threats With Adaptive Micro-Segmentation

Stop Cyber Threats With Adaptive Micro-Segmentation

Similar presentations

Ads by Google