October 28, 2015 Team Director External attacks on IT: News and cases Michael Soukonnik
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
October 28, 2015
Team Director
External attacks on IT: News and cases Michael Soukonnik
Trends (Radware ERT report and Gartner based) and cases
Key Findings (Radware ERT Report) – radware.com
The Rise of the Continuous Attack
No One is Immune - Unexpected Targets
Internet Pipe – 2014’s #1 Failure Point
Reflective Attacks – the Largest DDoS Headache
Top Concerns - Not Only DDoS
Hybrid Solutions are Gaining Ground
Cloud, IoT & SDN are Changing the Rules of the Game
3
The Rise of the Continuous Attack
Longer, larger and more sophisticated attacks. Constant attacks on the rise.
In previous years - attacks that were considered “constant” never exceeded 6%
In 2014 - 19% were considered “constant”
52% of respondents felt they could fight a campaign for only one day or less
%
5%
10%
15%
20%
25%
30%
35%
40%
Less than a day 1 hour-1 day 1 day-1 week over a week Constantly
2011 2012 2013 2014
In 2014, 19% of attacks were considered “constant”
No One is Immune – Unexpected Targets
Threats in new industries, organizational sizes and technology deployments
Healthcare and Education – unexpected targets now at risk
Gaming, Hosting and ISP companies – increased likelihood
Financial Services – the only industry to have a reduced risk
2014 Change from 2013
5
Internet Pipe – 2014’s #1 Failure Point Internet pipe is the bottleneck of DDoS attacks – for the 1st time in recent years
Services and network elements that are the bottleneck of DDoS
6
Last week – Baltic States
Attack Stopped by
DOSS-DNS-Ref-L4-Above-3000
DOS
network flood IPv4 ICMP Behavioral DoS
network flood IPv4 UDP Behavioral DoS
network flood IPv4 UDP-FRAG
Behavioral DoS
Internet Pipe – 2014’s #1 Failure Point
Extra-large attacks seen on a daily basis
All types of organizations are targeted
Enabled by “better” technology via reflective attacks
Bandwidth of server attacks
39%
32%
16%
13% 10 Mbps orLess10Mbps-1Gbps
1Gbps-10bps
10Gbps andabove
8
Reflective Attacks – the Largest DDoS Headache
Attacks evenly split across network and application layers
Web-based attacks remain the single most common attack vector
– 1 in every 4 are HTTPS
Increase reflective attacks cause UDP attacks to increase
– From 7% in 2013 to 16% in 2014
Reflective attacks represent 2014’s single largest DDoS “headache”
10%
16%
6%
18%
Network 51%
TCP- Other UDP
IPv6 1% TCP-SYN Flood
ICMP
9%
23%
16%
Application 49%
VoIP 1% Web (HTTP/HTTPS)
SMTP DNS
Real attack (Russia) – September – CPE – NTP reflection + HTTP
Real attack (Russia) – September – ISP SC
Top Concerns - Not Only DDoS
DDoS continues to lead, all the others - fairly well represented
DDoS was the most-cited threat type (46%) with a narrow lead Closely next are unauthorized access (41%) and advanced persistent threats (39%)
39%
41%
46%
15%
21%
31%
37%
37%
38%
% 10% 20% 30% 40% 50%
Criminal SPAM
Corp./Geo-political Sabotage
Fraud
Worm/Virus
Phishing
Intellectual Theft
Advanced Persistent Threat
Unauthorized Access
DDoS
12
Attack Vectors Involved and Identified
Infrastructure UDP Fragmented Flood
DNS Reflection
UDP Flood (PPS)
IPS/IDS Internet Pipe Firewall Load Balancer/ADC Server Under Attack SQL Server
State TCP Out Of State Flood
UDP Scan
Zero Payload attacks
Zero sequence number attacks
Invalid ACK number attacks
ICMP Flood
Application Slowloris
SQL-Injection
XSS
Worm infection - Mydoom
SIPVicious - Scanning tool
Web-etc/passwd-Dir-Traversal
13
Closing blind area with SSL Security Solution
WAN Perimeter LAN
DLP
Anti- Malware Firewall
SSL offloading (owning the private key) for inbound traffic
Transparent SSL inspection for outbound traffic
Momentum increases – in market and in the analyst community
– More than a third (36%) already using a hybrid solution
– By 2015, nearly half (48%) will employ hybrid protection
Both on-premises & in-the-cloud mitigations are a must
%
10%
20%
30%
40%
50%
2014 2015
Organizations currently using and planning to use a hybrid security solution
Hybrid Solutions are Gaining Ground
15
Distributed denial of service attacks have risen in complexity, bandwidth and number of occurrences targeting enterprises. Organizations must architect their defenses with both cloud and on-premises defenses along with integrating DDoS responses into the current incident response process. Gartner 11‘2014 DDoS: A Comparison of Defense Approaches
Cloud, IoT & SDN are Changing the Rules of the Game
Organizations ignoring these trends risk becoming obsolete
Cloud migration continues while Enterprise IT dissolves
Internet of Things (IoT): – Brings an end to controlled endpoints – Introduces incredible new threats
47%
59%
16%
36%
42%
% 10% 20% 30% 40% 50% 60%
No effect
Increases Attack’s Sophistication
Complicates Mitigation Requirements
Increases Detection Requirements
Increases Attack's Surface
IoT in the cyber-attack landscape
18
Cloud, IoT & SDN are Changing the Rules of the Game
Organizations ignoring these trends risk becoming obsolete
Cloud migration continues while Enterprise IT dissolves
Internet of Things (IoT): – Brings an end to controlled endpoints – Introduces incredible new threats
SDN requires protection across unique and dynamic traffic routes
SDN security threats
48%
49%
25%
37%
37%
40%
% 10% 20% 30% 40% 50%
Southbound Interface
Proprietary Customization per implementation
‘Security Sprawl’ via automated provisioning
No Native net service against DDoS
Centralized Controller
Immature Vulnerable Technology
19
October 28, 2015
Introducing Radware Attack Mitigation System
Radware’s Security Solution Elements DefensePro
APSolute Vision AppWall
21
Important things to know about Radware Attack Mitigation System (AMS)
• The system first of all fights for stability of legitimate users under attack ! • Special HW&SW solution (CPE) plus Cloud Services (for volume attacks) • Automatic protection from all types of DoS/DDoS attacks and WEB based attacks • Doesn’t require manual intervention under attack • Fastest reaction to attack (18 sec) ! • Lowest false positive (close to 0) • Unique solution for SSL based attacks • Network, Application, low&slow, SSL, WEB and behavior attacks in 1 solution • Unique Fingerprint technology enables fighting attack w/o usage of IP
Market Leading Attack Mitigation Solution
7 of Top 14 World’s Stock Exchanges
12 of Top 22 World’s Commercial Banks
6 of Top 20 World’s Retailers
NBA, NHL, MLB & Nascar
6 of Top 10 World’s Telcos
2 of Top 5 Cloud Service Providers
23
Related Documents
![5 Steps to Protect Privileged Accounts From External Attacks[Infographic]](https://static.cupdf.com/doc/110x72/58ce754a1a28abdc578b65c7/5-steps-to-protect-privileged-accounts-from-external-attacksinfographic.jpg)
