1. Beyond Today’s Perimeter Defense: Radware Attack Mitigation System (AMS)
Benjamin Radtke
Senior SE Radware North/East Germany
September 2011

2. About Radware Over 10,000 Customers Company Growth
Recognized Security Vendor
Global Technology Partners

3. Online Business Security Threats

4. Security Threat Vectors
Network
Server
Application
Business
Large volume network flood attacks
Network scan
Intrusion
Port scan
SYN flood attack
“Low & Slow” DoS attacks (e.g., Sockstress)
Brute force attack
DATA
BREACH
WEB
DEFACEMENT
SHUT
DOWN
Intrusion, malware
High and slow Application DoS attacks
Web application attacks (e.g. XSS, Injections, CSRF)

5. Network and Data Security Attacks: from the News

6. Multi-Vulnerability Attack Campaigns
Network
Server
Application
Business
Large volume network flood attacks
Network scan
Large volume SYN flood
Conclusions
Attackers use multi-vulnerability attack campaigns making mitigation nearly impossible
DoS & DDoS tools are preferred weapon of mass disruption
Low & Slow connection DoS attacks
Business
Web application vulnerability scan
Application flood attack (Slowloris, Port 443 data flood,…)
Web application attacks (e.g. XSS, Injections, CSRF)

7. Mapping Security Protection Tools
DoS Protection
Network
Server
Application
Business
Behavioral Analysis
IPS
Large volume network flood attacks
IP Reputation
WAF
Network scan
Intrusion
SYN flood
“Low & Slow” DoS attacks
Port scan
Brute force attack
Intrusion, Malware
SHUT
DOWN
High & Low rate application DoS attacks
Web application attacks (e.g. XSS, Injections, CSRF)

8. Introducing Radware Attack Mitigation System

9. Radware Attack Mitigation System (AMS)

10. AMS Protection Set DoS Protection
Prevent all type of network DDoS attacks
Reputation Engine
Financial fraud protection
Anti Trojan & Phishing
IPS
Prevent application vulnerability exploits
NBA
Prevent application resource misuse
Prevent zero-minute malware
WAF
Mitigating Web application threats and zero-day attacks

11. OnDemand Switch: Designed for Attacks Mitigation
DoS Mitigation Engine
ASIC based
Prevent high volume attacks
Up to 12 Million PPS of attack protection
IPS & Reputation Engine
ASIC based String Match & RegEx Engine
Performs deep packet inspection
NBA Protections & WAF
OnDemand Switch
Platform Capacity up to 14Gbps

12. Radware Security Event Management (SEM)
3rd Party SEM
Correlated reports
Trend analysis
Compliance management
RT monitoring
Advanced alerts
Forensics
NB / API
The circle line that connect all the modules should be on the SEM layers – see my change here
The screen shots should be somehow presented in a better way, see my change as an example.

13. AMS Synergy Web intrusion attack detected from source A
Advanced configuration
Role-based access control
Black list source A
Web application scanning activity detected from source A

14. Radware AMS & ERT/SOC Security Operations Center (SOC)
Provides weekly and emergency signature updates
Maintains on-going application vulnerability protection
Emergency Response Team (ERT)
Provide 24x7 service for customers under attack
Neutralize DoS/DDoS attacks and malware outbreaks

15. Compliance and Standardization with AMS
Compliance Reports
PCI DSS
FISMA
GLBA
HIPPA
FISMA
PCI-DSS 2.0
GLBA/BASEL II
HIPPA

16. Radware Intellectual Property
Eight Patents Secure Radware’s Attack Mitigation Solution
Network RTS (7,836,496)
Dynamic Network Protection (7,681,235)
Signature Propagation Network (11/869,067)
Application RTS (7,624,084 )
Application Path Security (7,882,555)
SIP Behavioral Protection (11/835,503)
HTTP Flood Protection (7,617,170)
Stateful Attack Protection (7,607,170)

17. Radware Security Products Portfolio
DefensePro
Network & Server attack prevention device
AppWall
Web Application Firewall (WAF)
APSolute Vision
Management and security reporting & compliance

18. Customer Success

19. Radware Security Expertise : ERT Cases (1 of 2)
Radware ERT helped High Council for Telecommunications (TIB) to achieve full protection against Anonymous attacks
Anonymous group published a poster calling its fans to attack Turkish government agency
Target: High Council for Telecommunications (TIB)
When: June 9th (Thursday) 2011 at 6PM
Attack tool: Low Orbit Ion Canon (LOIC)
Type of attack - Multi-vulnerability campaign
HTTP Get flood attack
TCP connection flood on port 80
SYN flood attack
UDP flood attack

20. Radware Security Expertise : ERT Cases (2 of 2)
Radware ERT helped Istanbul police to achieve full protection against Anonymous attacks
“We just watched the attacks and DefensePro easily eliminated the attacks. We didn’t even see any latency during the attacks. Istanbul Police is thankful to us and to you. While most of the state websites gets unresponsive during the attacks, they didn’t feel anything.”
Istanbul police integrator
Anonymous group attacks Istanbul police as revenge of the arrest
Target: Istanbul police site
When: June 13th 2011
Attack tool: Low Orbit Ion Canon (LOIC)
Type of attack - Multi-vulnerability campaign

21. Summary

22. Summary: Radware AMS Differentiators
Best security solution for online businesses:
DoS protection
Network behavioral analysis (NBA)
Intrusion prevention (IPS)
Reputation Engine service
Web application firewall (WAF)
Built-in SEM engine
Emergency Response Team (ERT)
24x7 Service for immediate response
Neutralize DoS/DDoS attacks and malware outbreaks
Lowest CapEx & OpEx
Multitude of security tools in a single solution
Unified management and reporting
“Radware offers low product and maintenance cost, as compared with most competitors.”
Greg Young & John Pescatore, Gartner, December 2010