Presentation is loading. Please wait.

Presentation is loading. Please wait.

Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle.

Published byDelphia Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle."— Presentation transcript:

1 Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle

2 ©2014 AKAMAI | FASTER FORWARD TM THREAT LANDSCAPE

3 ©2014 AKAMAI | FASTER FORWARD TM Daily Attack Size 150 Gbps Source: Akamai 2011201220082010201420132009

4 ©2014 AKAMAI | FASTER FORWARD TM 2014e 2013 2012 2011 2010 2009 2008 2007 2006 2005 Attacks Are Growing in Size Modern attacks harness the scale of growing botnets Gbps Mpps 11 2 18 8 22 11 39 15 48 29 68 38 79 45 82 69 160 144 275 270

5 ©2014 AKAMAI | FASTER FORWARD TM Attack Types – Last 30 Days Source: Akamai

6 ©2014 AKAMAI | FASTER FORWARD TM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Targeting Applications for Data Theft Increasing number of attacks focused on data and financial theft SQL injection is the primary culprit in 30% of data breaches Source: Veracode 3 out of 4 will be targeted by Web application exploits Web applications are responsible for 54% of hacking-based data breaches

7 ©2014 AKAMAI | FASTER FORWARD TM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Cost of Data Breach Cost per Record Breached ~$188-199 Brand and Loyalty Impact is Significant Breaches Impact Business Operations Remediation Activity is Costly Top Executives have been Replaced Data Breach Risk Can’t be Transferred Ponemon Institute: http://www.ponemon.org/library/2013-cost-of-data-breach-global-analysishttp://www.ponemon.org/library/2013-cost-of-data-breach-global-analysis ABCNews: http://abcnews.go.com/Business/video/big-number-target-ceo-loses-job-security-breach-23588889http://abcnews.go.com/Business/video/big-number-target-ceo-loses-job-security-breach-23588889 Cost per Record * Number of Records = Cost of Breach

8 ©2014 AKAMAI | FASTER FORWARD TM Attackers Using Old and New Techniques Recent Techniques Application Attack, Reconnaissance - Prolific Vulnerability Scanning Application Attack - Skipfish RFI/LFI to Compromise Host Application Attack - Injection Attacks Capacity Attack – Targeting DNS Capacity Attack - DNS Reflection & Amplification Capacity Attack – Request Floods (DirtJumper) Capacity Attack - NTP Amplification (366x amplification factor) Capacity Attack - Resource Intensive Requests (Search, Login, etc.) Extortion – DDoS Pay and Stop, for a while Fraud - Account Checkers and Harvesters Defense MUST Adapt to Evolving Landscape

9 ©2014 AKAMAI | FASTER FORWARD TM MULTI PERIMETER

10 ©2014 AKAMAI | FASTER FORWARD TM Application Defense

11 ©2014 AKAMAI | FASTER FORWARD TM Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Multiple Perimeters for Internet-facing Applications Internet Web Retrieving content and data Origin Supporting infrastructure and other applications User DNS Finding the application

12 ©2014 AKAMAI | FASTER FORWARD TM Layered Defense

13 ©2014 AKAMAI | FASTER FORWARD TM Nine Layers of Cloud Security 1. Cloud security platform with massive scale 2. Reverse proxy automatically drops network-layer attacks 3. Geo-based blocking 4. Validating attackers against known lists 5. Adaptive rate controls provide rapid and automated response 6. Web application firewall with an Evolving Rule Set 7. Natural resiliency through caching 8. Leverage visibility of evolving attack vectors 9. Require cloud service providers to meet FedRAMP requirements

14 ©2014 AKAMAI | FASTER FORWARD TM There are no rules of architecture for castles in the clouds. -Gilbert K. Chesterton-Gilbert K. Chesterton

15

Download ppt "Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle."

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Akamai DNS Offerings RSA © Conference 2013. ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.
Protecting Commercial and Government Web Sites: The Role of Content Delivery Networks Bruce Maggs VP for Research, Akamai Technologies.

Protecting Commercial and Government Web Sites: The Role of Content Delivery Networks Bruce Maggs VP for Research, Akamai Technologies.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.

The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Registrars and Security Greg Rattray Chief Internet Security Advisor.

Registrars and Security Greg Rattray Chief Internet Security Advisor.
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
© 2013 Imperva, Inc. All rights reserved. Imperva Incapsula Confidential1 Doug Smith, Region Sales Mgr 416.574.2799.

© 2013 Imperva, Inc. All rights reserved. Imperva Incapsula Confidential1 Doug Smith, Region Sales Mgr
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Similar presentations

Ads by Google