Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.

Published byAllen Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013."— Presentation transcript:

1 Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013

2 AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

3 Cyber Security Study A research study by Ponemon & Radware Surveyed 700 IT & IT Security Practitioners Non Radware customers Release date: November 12 th 2012 3

4 Ranking of cyber security objectives in terms of a business priority objective 5 = Highest Priority to 1 = Lowest Priority Cyber Security Business Priorities 4

5 DDoS Attacks Frequency of organizations had an average of 3 DDoS attacks in the past 12 months 65% How many DDoS attacks experienced in the past 12 months? 5

6 Minutes average downtime during one DDoS attack 54 Average downtime during one DDoS attack 6

7 Cost per minute of downtime $22,000 Average cost per minute of downtime $3,000,000 Average annual Cost of DDoS Attacks Cost of Downtime 7

8 AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

9 Information Resources Radware Security Survey –External survey –179 participant –95.5% are not using Radware DoS mitigation solution ERT Survey –Internal survey –Unique visibility into attacks behaviour –95 selected cases Customer identity remains undisclosed 9 ERT gets to see attacks in real-time on daily basis

10 AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

11 Organizations Bring a Knife to a Gunfight ”Someone who brings a knife to a gun fight” –Is someone who does prepare himself for the fight, but does not understand its true nature Organizations today are like that –They do invest before the attack starts, and conduct excellent forensics after it is over, –however, they have one critical blind-spot – they don't have the capabilities or resources to sustain a long, complicated attack campaign. Attackers target this blind spot! 11

12 Attacked in 2012 12 They had the budget They made the investment And yet they went offline They had the budget They made the investment And yet they went offline

13 Organizations Deploy Two-phase Security Approach 13 Industry Security Survey How much did your organization invest in each of the following security aspects in the last year? Only 21% of company efforts are invested during the attack itself, while 79% is spent during the pre-attack and post-attack phase.

14 But attacks today have 3 phases 14

15 Attacks last longer 15 Attacks last longer: The number of DoS attacks lasting over a week had doubled in 201221%11% 12% 21% 12% 23%

16 And become more complex 16 ERT Cases – Attack Vectors Attacks are more complex: 2012 DoS/DDoS attacks have become more sophisticated, using morecomplex attack vectors. Note the number of attacks using a complexity level of 7-10.

17 Content Delivery Network (CDN) 17 Do you consider Content Delivery Networks (CDNs) a solution for a DoS/DDoS attack? 70% of the companies who use CDN believe the CDN is a solution for DoS\DDoS attacks. 30% 70%

18 Attacks Evade CDN service Internet Legitimate users CDN service Botnet GET www.exmaple.com Backend Webserver GET www.exmaple.com/?[Random] Legitimate requests are refused In recent cyber attacks the CDN was easily bypassed –By changing the page request in every Web transaction These random request techniques force CDNs to “raise the curtain” –All the attacks traffic is disembarked directly to the customer premise –More complex to mitigate attacks masked by CDN 18

19 Attackers are well prepared By definition the defenders loose the battle Equilibrium has been disrupted 19

20 The good news (1) 20 Industry Security Survey How likely is it that your organization will be attacked by cyber warfare? Over half of the organizations believe their organization is likely to be attacked by cyber warfare. Organizations start understanding the risk of DDoS

21 The good news (2) 21 Industry Security Survey Which solutions do you use against DoS attacks? Organizations start understanding Firewall and IPS cannot fight DDoS attacks

22 Conclusions Today’s attacks are different –Carefully planned –Last days or weeks –Switching between attack vectors Organizations are ready to fight yesterdays’ attacks –Deploy security solutions that can absorb the first strike –But when attacks prolong - they have very limited gunfire –By the time they succeed blocking the first two attack vectors, attackers switch to a third, more powerful one 22

23 A different approach is needed A team of security experts –Acquire capabilities to sustain long attacks –Train a team that is ready to respond to persistent attacks –Deploy the most up-to-date methodologies and tools –24 x 7 availability to respond to attacks –Deploy counterattack techniques to cripple an attack 23

24 AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

25 US Banks Under Attack: from the news 25

26 US Banks Under Attack: Operation Ababil Publication of the ‘Innocence of Muslim’ film on YouTube invokes demonstrations throughout the Muslim world September 18 th - ‘Cyber Fighters of Izz ad-din Al Qassam’ announced an upcoming cyber attack campaign against ‘American and Zionist’ targets. 26

27 Attack Summary Attack targets –Bank of America –New York Stock Exchange (NYSE) –Chase –Wells Fargo Attacks lasted Sep 18-21, 2012 Multiple attacks’ waves on each target, each wave lasted 4 to 9 hours Victims suffered from temporary outages and network slowness ERT was actively involved in protecting the attacked organizations 27

28 Why it was so challenging? Business UDP Garbage flood on ports 80 and 443 SSL Client Hello flood Large volume SYN flood SHUT DOWN HTTP flood attack Multi-vulnerability attack campaign Mitigation nearly impossible Attackers look for the blind spot Multi-vulnerability attack campaign Mitigation nearly impossible Attackers look for the blind spot 28

29 Recent updates HTTP flood was carried from compromised hosting servers –Highly distributed attacks 29

30 AGENDA Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations

31 ERT recommendations for 2013 Acquire capabilities to sustain a long sophisticated cyber attack Attack tools are known. Test yourself Carefully plan the position of DoS/DDoS mitigation within network architecture –On premise capabilities –In the cloud capabilities 31 Restore the equilibrium

32 Thank You Ron Meyran ronm@radware.com

Download ppt "Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013."

Similar presentations

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
1 © Aberdeen Group 2013 – Not For Distribution ™ Meeting the Rising Challenge of Modern Networks.

1 © Aberdeen Group 2013 – Not For Distribution ™ Meeting the Rising Challenge of Modern Networks.
Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.

Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
1 BIG-IP Global Traffic Manager Presented by: your name, your title.

1 BIG-IP Global Traffic Manager Presented by: your name, your title.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
Inbound Statistics Slides Attract. 1 Blogging There are 31% more bloggers today than there were three years ago 46% of people read blogs more than once.

Inbound Statistics Slides Attract. 1 Blogging There are 31% more bloggers today than there were three years ago 46% of people read blogs more than once.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
------ An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Inbound Statistics Slides Template Resources for Partners.

Inbound Statistics Slides Template Resources for Partners.
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.

Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.

Similar presentations

Ads by Google