Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modelli di Controllo e Mitigazione per Attacchi DDoS

Published byLilli Falk Modified over 5 years ago

Similar presentations

Presentation on theme: "Modelli di Controllo e Mitigazione per Attacchi DDoS"— Presentation transcript:

1 Modelli di Controllo e Mitigazione per Attacchi DDoS
Filippo Farina EMEA Carrier Solution Architect ITNOG5 - May 10th, 2019

2 DDoS Security Trends Anti-DDoS Solution Pillars Reference Architecture

3 CENTRAL/SOUTH AMERICA
Radware Annual Security Reports 1,100 SOURCE #1 Radware Industry Survey Retail & eCommerce 1,000- 2,999 5% APAC 18% EMEA 31% NORTH AMERICA 33% CENTRAL/SOUTH AMERICA % 10, % Technology, SP & Carriers Financial Services 3,000-9,999 13% Education <100 22% Govt & Civil Service % This threat landscape analysis is based on Radware global industry studies – its newly launched annual Global Application and Network Security Report as well as a recent Web Application Security Study. Both include insights from nearly 1100 network security professionals from the hands-on engineers to CISO, CIOs and CTOs The participant population is diverse and include organizations from all around the globe, all industries and all company sizes. Another primary source is real experiences of actual attacks our ERT experts have fought for our customers throughout the year, and the product of Radware’s threat intelligence arm, collecting and studying new threats, vulnerabilities and attack campaigns as they emerge. Healthcare Number of Employees SOURCE #2 ERT Threat Research Center Radware security researchers, threat hunters and malware analysts Global Threat Deception infrastructure detecting and qualifying active attacks 2018 real-life attack data from Radware ERT experts and cloud customer network

4 93% 62% 54% 52% 15% + ATTACKS ARE BECOMING MORE FREQUENT AND IMPACTFUL
WERE ATTACKED INCREASE IN DAILY ATTACKS REPORT LOSS OF PRODUCTIVITY INCREASE IN THE AVG. COST OF CYBER-ATTACK IN COMPLETE OUTAGES

5 64% 20% 15% 15% 10% + + + HOW ATTACKERS DISRUPT SERVICE
ATTACKERS CONSTANTLY DEVELOP EFFECTIVE TECHNIQUES TO CAUSE HARM 20% 15% ATTACKS SHIFT TO THE APPLICATION LAYER + + 64% HTTPS FLOODS BURST ATTACKS 15% 10% The primary goal of cyber-attacks is service disruption, followed by data theft. Service disruption obviously equals bad customer experience, and perpetrators know that and use a broad set of techniques to cause harm. Few such commons include bursts of high traffic volumes which do not leave time for mitigation teams to get a grip, usage of encrypted traffic to overwhelm security solutions resource consumption, and crypto-jacking that reduces the productivity of servers and endpoints by enslaving their CPUs for the sake of mining cryptocurrencies. + HIT BY APPLICATION LAYER ATTACK DNS ATTACKS MALWARE & BOTS Source: Radware Global Application and Network Security Report

6 HIGH VOLUME COMPLEX ATTACKS HIGH COMPLEXITY ATTACKS
IoT BOTNETS CHANGE DDoS ECONOMICS Reflection Amplification NTP DNS SSDP HIGH VOLUME ATTACKS HIGH VOLUME COMPLEX ATTACKS Encryption Low & Slow Headless Browsers Web HTTP2 DNS Encryption Low & Slow Headless Browsers Web HTTP2 HIGH COMPLEXITY ATTACKS The third trend is the rise of IoT-based botnets. These have really changed the attack vector landscape. If in the pre-IoT era we had high volume attacks and separately high complexity attacks that targeted the application layer…. In the post IoT era, we now have high volume complex attacks – IoT opens up the opportunity for hackers to launch very high volume and also very complex attacks at the same time. We have seen the Mirai botnet that was introduced 2 years ago with some very unique and specific DNS attack vectors as well as additional vectors. This level of sophistication and automation in attacks requires solutions that can accurately detect and mitigate – with the ability to deal with both volume and complexity without false positives. More traditional solutions that are rate-based or signature based alone, will not be able to deal with these attacks. Pre IoT High complexity attacks are more expensive -> volume is lower (less available infected end points ) In the IoT Era Vulnerable IoT devices form huge botnets running high complexity attacks

7 Bot Traffic Requires Investments
52% Bot traffic INTERNET TRAFFIC 48% Source: “TechRadar™: Application Security, Q2 2017” Non-bot traffic Copyright © 2019 Radware BotManager / Radware BotManager / ShieldSquare. All Rights Reserved.

8 DDoS Security Trends Anti-DDoS Solution Pillars Reference Architecture

9 The Rise of the Multi-Vector Attack
“Low & Slow” DoS attacks (e.g. Slowloris) ATO Web Scraping Denial of Inventory XSS, CSRF SQL Injections Large volume network flood attacks Brute Force HTTP Floods Network Scan SYN Floods App Misuse SSL Floods Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Cloud DDoS Protection DoS protection Behavioral analysis IPS SSL protection WAF Anti-Bot

10 DDoS Mitigation Pillars
Workflow Activation Detection Mitigation Reporting External Triggers Automation Escalation Mechanism Real-time mitigation Volumetric/ Low&Slow vectors Polymorphic attacks Real-time Dashboards Long-Term Reporting Forensics Analysis MSSP Flow Sampling Out-of-Path In-line

11 Network Based Mitigation: BGP-Flowspec
Dissemination of Flow Specification Rules – RFC 5577 (updated by RFC 7664) Automate inter-domain coordination of traffic filtering, such as what is required in order to mitigate (distributed) denial-of-service attacks Flow Classification Actions

12 Multi-Layer Escalation Mitigation
Security Orchestrator Border Routers 3 3PP Detection BGP Flowspec rules enforcement (mitigation actions) BGP Flowspec Attack Diversion Attack Footprint 2 Core Routers L4/L7 Surgical mitigation 1 Distributer Detection & Mitigation Access Routers

13 DDoS Protection Deployment Options
Always-on Traffic always routed through Radware Real-time detection & mitigation On-Demand DDoS detection based on: netFlow statistics Arbor TMS messages AWS and Azure telemetry Traffic diverted only for volumetric attacks Hybrid Integrates on-premise + cloud Real-time detection & mitigation Traffic diverted to cloud upon pipe saturation DefenseMessaging: unified signaling for on-premise appliances and cloud

14 DDoS Security Trends Anti-DDoS Solution Pillars Reference Architecture

15 Multi Layer Protection Solution

16 Use-Case 1: Selective SmartTap Protection
BGP-FS Mitigation Per Protected Entity Workflow definition and activation Selective per /32 diversion Escalation Mechanism using BGP-FS BGP Diversion L4-L7 Traffic Inspection Always-on Detection and Real-Time traffic characterization Real-Time attack footprint generation Mirrored Traffic Dirty Traffic CleanTraffic Enterprise Customer Data Center

17 Use-Case 2: Scrubbing Center and 3PP Detection
Peering Point y MSSP Portal Peering Point x Peering Point z Flow-Based Detection Netflow Sampling 1 Network Backbone Scrubbing Center

18 RADWARE ATTACK MITIGATION SOLUTION
Security Features for E2E Protection Security Services  WAF Visibility & Analytics DDoS Protection RADWARE ATTACK MITIGATION SOLUTION Threat Intelligence SSL Protection Anti Bot

19 Combining On-Prem and Cloud Protection
FULL COVERAGE of attacks across network & application layers SINGLE TECHNOLOGY across premise & cloud for unified protection & visibility DEFENSE MESSAGING between security elements for increased accuracy FLEXIBLE DEPLOYMENT – premise, on-demand, always-on & hybrid Integrated Multi-Layered Solution to Secure Data Centers & Applications

20

Download ppt "Modelli di Controllo e Mitigazione per Attacchi DDoS"

Similar presentations

Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.

Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.

ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Web Application Firewall (WAF) RSA ® Conference 2013.

Web Application Firewall (WAF) RSA ® Conference 2013.
It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security.

It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
FOR INTERNAL USE ONLY [Your business] exceeds with COLT Network Response to DDoS attacks – TNC 2006 Nicolas FISCHBACH Senior Manager, Network Engineering.

FOR INTERNAL USE ONLY [Your business] exceeds with COLT Network Response to DDoS attacks – TNC 2006 Nicolas FISCHBACH Senior Manager, Network Engineering.

Similar presentations

Ads by Google