2012 Global Application and Network Security Report

Radware 2012 Global Application & Network Security Report

January 2013

AGENDA

About 2012 Global Security Report

Key Findings & Trends

Attack Tools Trend

Recommendations

3

Information Resources

• Industry Security Survey– External survey – 179 participants– 95.5% are not using

Radware DoS mitigation solutions

• ERT Cases – Internal survey– Unique visibility into attack

behavior– 95 selected cases

• Customer identity remains undisclosed

ERT gets to see attacks in

real-time on daily basis

AGENDA



Attack Tools Trend

Recommendations

5

Organizations Bring a Knife to a Gunfight

• “Someone who brings a knife to a gun fight” – Organizations who do prepare for the fight, but do not

understand its true nature

• Organizations today are like that– They do invest in security before the attack starts, and conduct

excellent forensics after it is over– However, there is one critical blind-spot – they don't have the

capabilities or resources to sustain a long, complicated attack campaign.

• Attackers target this blind spot!

6

Attacked in 2012

They had the budget.They made the investment.

And yet they went offline.

7

Organizations Deploy Two-phase Security Approach

8

Attacks Today Have 3 Phases

9

ERT Cases – Attack Duration Trend

10

ERT Cases – Attack Vectors Trend

11

ERT Introduces Its APT Score

12

ERT Cases – APT Score Trend

13

How Likely is It That Your Organization Will Be Attacked?

14

How Well Are You Prepared?

15

Attack Vector Trends

16

Entities That Are The Bottlenecks in DoS Attacks

17

Solutions Used Against DoS Attacks

18

Dedicated Versus General Solutions

19

Attackers Motivation Trend

20

Who’s on the Target List?

AGENDA



Attack Tools Trend

Recommendations

22

HTTPS Based Attacks

• HTTPS based attacks are on the rise• SSL traffic is not terminated by DDoS Cloud scrubbers or DDoS solutions • SSL traffic is terminated by ADC or by the web server• SSL attacks hit their target and bypass security solutions

23

Content Delivery Network (CDN)

Attacks Evade CDN Service

Internet

Legitimate users

CDN service

Botnet

GET www.example.com

Backend Webserver

GET www.example.com/?[Random]

Legitimate requests are refused

• In recent cyber attacks, the CDN was easily bypassed

by changing the page request in every Web transaction

• These random request techniques forced CDNs to “raise the curtain”– All the attack traffic is disembarked directly to the

customer premise– More difficult to mitigate attacks masked by CDN

24

25

Servers Enlisted to the Botnets Army

• In 2012 a dramatic change occurred in the DDoS landscape

• Attackers build and activate Botnets of powerful servers to achieve:– Greater firepower - x100 higher bandwidth capacity vs. home PC– Greater reliability - servers are always online– Greater control – fewer machine to control vs. botnet of PCs

26

DDoS Infrastructure Changes

AGENDA



Attack Tools Trend

Recommendations

28

Attackers Are Well Prepared

• Attackers plan and run attacks on a regular basis• Turning DDoS attacks into their profession• Organizations face attacks a few times per year• Too limited experience to build the required “know how”

29

Conclusions

• Today’s attacks are different:– Carefully planned– Last days or weeks– Switching between attack vectors

• Organizations are ready to fight yesterdays’ attacks:– Deploy security solutions that can absorb the first strike– But when attacks prolong - they have very limited gunfire– By the time they succeed blocking the first two attack vectors,

attackers switch to a third, more powerful one

30

Recommendations

• Acquire capabilities to sustain long attacks• Train a team that is ready to respond to persistent attacks • Deploy the most up-to-date methodologies and tools• 24 x 7 availability to respond to attacks• Deploy counterattack techniques to cripple an attack

Thank Youwww.radware.com

2012 Global Application and Network Security Report

Documents