November 2012 Customer Solution Brief Harald Krimmel – Senior Consultant, circular Informationssysteme GmbH / depulsio
Jan 15, 2015
November 2012
Customer Solution Brief
Harald Krimmel – Senior Consultant, circular Informationssysteme GmbH / depulsio
Customer Solution Brief: Harald Krimmel– circular Informationssysteme GmbH / depulsioNovember 2012
Tom BienkowskiDirector of Product Marketing, Arbor Networks
Page 3 – Company Confidential
The Customer
Harald Krimmel – Senior Consultant, circular Informationssysteme GmbH & depulsio– Responsible for bringing DDoS Protection Services to
German market.
– Services include: IT strategy consulting, security consulting, project planning,
hardware and software delivery and systems integration.
– DDoS Protection solutions are customized to customer needs.
Page 4 – Company Confidential
A Long Relationship with Arbor Networks
circular and Arbor have had a relationship for 7 years.
circular has become and expert in DDoS Protection
circular’s portfolio of services consist of “best of breed” products such as Arbor’s Peakflow solution which is the market leader in DDoS Protection.
Page 5 – Company Confidential
depulsio DDoS Protection Services
depulsio – A new managed security services company that offers data center and carrier independent DDoS Protection Services.
What drove the creation of depulsio?– Customers demand data center availability of
99.999%.– But in many of today’s data centers DDoS Protection
doesn’t exist.– depulsio is an independent Managed Security
Service Provider who offers cloud-based DDoS Protection services to everyone.
Page 6 – Company Confidential
depulsio - DDoS Protection Services
depulsio is the 1st carrier and data center independent Managed DDoS Protection Service Provider in Germany.
Page 7 – Company Confidential
DDoS in the News…
7
Page 8 – Company Confidential
You Know the Impact of DDoS Attacks…
Source: Ponemon Institute – 2010 State of Web Application Security
Botnets & DDoS attacks cost an
average enterprise $6.3M* for a 24-hour
outage* Source: McAfee – Into the Crossfire – January 2010
Page 9 – Company Confidential
Large and Small are Potential Targets
Fact: As long as your business is Internet facing, it is vulnerable to DDoS attacks.
Large EnterpriseSMB
E-Commerce Government
Page 10 – Company Confidential
DDoS Attacks are Increasing
Increased VolumeLargest volumetric DDoS has grown from 9 to 100 Gbps in 5 years
Increased ComplexityOver quarter of attacks are now application-based DDoS mostly targeting HTTP, DNS, SMTP
Increased FrequencyMore than 50% of data center operators are seeing more than 10 attacks per month
More Attack Motivations• Geopolitical “Burma taken offline by DDOS attack”• Protests “Visa, PayPal, and MasterCard attacked”• Extortion “Techwatch weathers DDoS extortion attack”
Greater Availability of Botnets• Better Bots More infected PCs with faster connections• Easy Access Using web 2.0 tools to control botnets• Commoditized Cloud-based botnets, cheaper
+
Page 11 – Company Confidential
Two Types of DDoS Attacks
Page 12 – Company Confidential
Volumetric DDoS Attacks
Volumetric DDoS attacks are designed to saturate and overwhelm network resources, circuits etc.
DATA CENTER
IPS Load Balancer
Firewall
Page 13 – Company Confidential
Application Layer DDoS Attacks
Use much less bandwidth; harder to detect; target applications where they slowly exhaust resources.
DATA CENTER
IPS Load Balancer
Exhaustion
Exhaustion
Firewall
Page 14 – Company Confidential
The Evolving Threat Against Data Centers
Attackers Use a Combination of Both
DATA CENTER
IPS Load Balancer
Application-Layer DDoS Impact
Volumetric DDoS Impact
Firewall
Page 15 – Company Confidential
So What’s The Solution?
Page 16 – Company Confidential
Two Types of DDoS Attacks
Page 17 – Company Confidential
Volumetric DDoS Attacks
Volumetric DDoS attacks are designed to saturate and overwhelm network resources, circuits etc.
DATA CENTER
IPS Load Balancer
Firewall
Page 18 – Company Confidential
Application Layer DDoS Attacks
Use much less bandwidth; harder to detect; target applications where they slowly exhaust resources.
DATA CENTER
IPS Load Balancer
Exhaustion
Exhaustion
Firewall
Page 19 – Company Confidential
The Evolving Threat Against Data Centers
Attackers Use a Combination of Both
DATA CENTER
IPS Load Balancer
Application-Layer DDoS Impact
Volumetric DDoS Impact
Firewall
Page 20 – Company Confidential
So What’s The Solution?
Page 21 – Company Confidential
The Need for Intelligent DDoS Mitigation Systems
Fact: Firewalls & IPS Cannot Stop DDOS Attacks
DDoS attack traffic flows through untouched. DDoS attacks exhaust TCP state tables.
Page 22 – Company Confidential
Arbor’s Intelligent, Layered DDoS Protection Solution
Backed by industry leading expertise of ASERT
DATA CENTER
IPS Load Balancer
Pravail APS
Peakflow SP & TMS
In-Cloud DDoS Protection Block volumetric attacks before they
reach the customer infrastructure
CPE-Based DDoS ProtectionStop application DDoS attacks on the customer premise
Cloud Signaling“I need help!”
Firewall
Page 23 – Company Confidential
Arbor Based DDoS Protection Services
In-cloud protection from volumetric attacks with Arbor’s Peakflow SP & TMS. – Traditional security solutions such as firewalls or IPS can
not offer DDoS protection.
Peakflow SP used for pervasive network visibility and DDoS attack detection
Threat Management System (TMS) used surgical mitigation of DDoS attacks.
Page 24 – Company Confidential
Arbor Based DDoS Protection Services
Data Center-based protection from application-layer DDoS attacks with Pravail APS.
Page 25 – Company Confidential
Comprehensive DDoS Protection
Arbor Peakflow SP & TMS
Page 26 – Company Confidential
depulsio DDoS Protection Services
1) In-cloud Managed DDoS Protection (reactive mitigation only)
2) In-cloud Managed DDoS Protection + Monitoring (proactive)
3) In-cloud Managed DDoS Protection + Monitoring + Data Center-based protection from application-layer attacks + Cloud Signaling for “help” scenarios.
Page 27 – Company Confidential
For More Information Visit: www.arbornetworks.com
Questions?Thank You!
Tom BienkowskiDirector of Product Marketing
Arbor Networks