Presentation is loading. Please wait.

Presentation is loading. Please wait.

Matt Torrisi Customer Success Operations Data Connectors: Is Your Online Security Intelligent?

Similar presentations


Presentation on theme: "Matt Torrisi Customer Success Operations Data Connectors: Is Your Online Security Intelligent?"— Presentation transcript:

1 Matt Torrisi Customer Success Operations Data Connectors: Is Your Online Security Intelligent?

2 DYN @dyn

3 SCENARIOS THAT MATTER TO YOU THE INTERNET, IN 60 SECONDS… ish INTERNET_HIGH_FIVE @dyn

4

5 Application Security Monitoring @dyn

6 Network Security Monitoring @dyn

7 Is that the whole picture? 7

8 Reachability Availability 8 Is that the whole picture?

9 Scenario 1 Traffic between two floors of the same office building in Singapore takes over 350ms round trip, traveling via San Jose, California Scenario 2 Traffic from Western Europe to the US takes around 70ms round trip, traveling via Iceland’s incumbent provider Is either scenario unusual? Source: Dyn Research @dyn

10 Scenario 1 – TYPICAL NTT won’t peer with Tinet in Singapore; Tinet must drag traffic to San Jose to hand it off to NTT, who drags it home again to Singapore. Scenario 2 – UNUSUAL Iceland’s Siminn hijacked routes of major firms for weeks and passed the traffic along. In general, traffic never flows via Iceland (cost, geo). Is either scenario unusual? Source: Dyn Research @dyn

11 Scenario 1 Latency for traffic from the American Southwest to a major travel website suddenly doubles, traveling through Atlanta on Destination to Denver. Scenario 2 Traffic from Montevideo, Uruguay to AWS Brazil takes around 290 ms round trip, traveling through Miami. Is either scenario unusual? Source: Dyn Research @dyn 1 2

12 Is either scenario unusual? Source: Dyn Research @dyn 1 2 Scenario 1- TYPICAL While adding a data center in Denver to join Atlanta, the same ISP was used, despite only allowing peering Atlanta. Traffic will still peer there, before being dragged to the new DC in Denver. New Peering provider likely needed. Scenario 2- VERY TYPICAL Despite being only 2000 km from São Paulo, traffic on Telstar will pass through Miami, then Dallas(!?), before reaching Brazil. Welcome to South America. Actually...

13 Scenario 1 Latencies to Google’s public DNS servers increase dramatically from S. America Scenario 2 Latencies to a Microsoft network (hosting important domains) decrease momentarily from E. Europe Source: Dyn Research Is either scenario unusual? @dyn

14 Scenario 1 – UNUSUAL Google departs Brazil for unexplained reasons. DNS queries answered from California. No route hijacking involved. (See our 10/30 blog post) Scenario 2 – UNUSUAL (MALICIOUS!) Microsoft network (more specific of routed prefix) is hijacked, misdirection limited to immediate vicinity. Not Man-in-the-Middle! Traces terminated at the hijacker. Source: Dyn Research @dyn Is either scenario unusual?

15 THE INTERNET: IT’S NOT THE HIGHWAY SYSTEM @dyn

16 IT’S NOT YOUR CIRCULATORY SYSTEM @dyn THE INTERNET:

17 IT’S NOT A TELEPHONE SWITCHBOARD @dyn THE INTERNET:

18 IT’S A HUMAN MARKETPLACE @dyn THE INTERNET:

19 ● Internet exchange points can form around critical landing sites, if local conditions are right. 1. Submarine Cables Tie Continents Together 19

20 ● Connecting landing point and exchange point cities ● Arbitraging differences in Internet pricing ● Creating diversity that can survive local cable breaks 2. Fiber Networks to IXPs 20

21 ● Internet service providers of all sizes compete to serve consumer interest, interconnecting in small and medium-sized regional hub cities 3. Regional & Local Internet 21

22 ●Delivery of bits from city-level infrastructure to local offices and consumers 4. The Last Mile 22

23 3,000 OUTAGES/DAY ACROSS THE GLOBAL INTERNET WITH EFFECTS THAT CAN LAST FOR HOURS Source: Dyn Research SECURITY AFFECTS YOUR BUSINESS @dyn

24 Source: Dyn Research 500,000 DOMAINS ACROSS 1,500 NETWORKS SERVING 150 CITIES WERE AFFECTED BY ROUTING HIJACKS IN 2014 DNS HIJACKING @dyn

25 HIJACKS Hijacks Raised when a prefix you Originate is announced by a different Origin AS Hijacked Sub-prefix Raised when you are monitoring a prefix and a more specific prefix within that range is announced by a different Origin AS @dyn

26 ANATOMY OF A HIJACK Normal YouTube announced through a /22 block 36561 208.65.152/22 Pakistan govt attempted to block an ‘offensive’ video Pakistan Telecom implemented this by announcing a more specific /24 prefix Propagated globally and redirected all YouTube users to Pakistan Telecom 3491 17557 208.65.153/24 Source: Dyn Research @dyn

27 HIJACK PT. II: GOING NUCLEAR March 2015: Vega (AS 12883) starts announcing British Telecom prefixes. Initially, 14 prefixes, later 167 prefixes including UK’s Atomic Weapons Establishment (AWE) Traceroutes confirm traffic heads into Ukraine through Vega, but still reaches it’s destination at AWE via BT Source: Dyn Research @dyn

28 WHAT IS BGP? Routing Protocol BGP = Border Gateway Protocol Properties ubiquitous: the de facto internet standard distributed: no centralized coordination trust-based: routers believe what they learn gossipy: share information freely @dyn

29 BGP IDENTIFIES RELATIONSHIPS @dyn

30 Destination “X” Dyn 701 6453 8781 Edge Core AS PATH & DATA COLLECTION @dyn

31 Destination “X” Dyn 701 6453 8781 Edge Core AS PATH & DATA ALERTING Destination “X” (hijack) @dyn

32 ACTIVE MANAGEMENT INFRASTRUCTURE @dyn Results of an active monitoring of BGP. Real-time global routing table from over 500 sessions 160+ sending traceroutes to over 1.5 million targets daily 6 billion data-points daily Line-of-site to 98% of the entire global Internet “It’s good to see this great data being exposed for operational purposes. — The internet is so critical for for almost every business today.” – Gartner (Jonah Kowall, VP).

33 @mikelsteadman DYN INTERNET INTELLIGENCE @dyn

34 THROUGH MEASUREMENT, YOU ARE IN CONTROL @dyn

35 NOTES ON HIJACKS Real Hijacks are rare False positives occur more often Usually prefixes with different Originating ASes Examples: Salesforce owns ExactTarget Verisign owns multiple ASes Only the Network Operator can really know what they expect. But... Are you sure you know ALL your prefixes and ASNs? @dyn

36 YOUR MOVE 5 Critical Internet Intelligence Questions Where is my audience (geography & key ISP’s)? How do ISP’s bring my brand to market? How do we identify external attacks on our brand (domain)? How do we monitor and analyze the performance of the internet? Who oversees our ability to watch, control, and optimize our traffic? @dyn Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. We have a world-class network and unrivaled, objective intelligence into Internet conditions.

37 THE GOOD NEWS The Internet is a service delivery medium, like any other. It can be measured and managed to meet your critical business goals. Dyn delivers the global measurement infrastructure and interactive tools to help your global business succeed and thrive! @dyn Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. We have a world-class network and unrivaled, objective intelligence into Internet conditions.

38 THANK YOU!


Download ppt "Matt Torrisi Customer Success Operations Data Connectors: Is Your Online Security Intelligent?"

Similar presentations


Ads by Google