How to Fight Massive IoT DDoS Attacks with Multi-layered Defense June 2017
How to Fight Massive IoT DDoS Attacks with Multi-layered Defense
June 2017
Recent Distributed Denial of Service Attacks (DDoS)
2
*1 Source: ovh.co.uk*2 Source: thehackernews.com*3 Source: hub.dyn.com
*4 Source: scmagazine.com*5 Source: theregister.co.uk*6 Source: channelnewsasia.com
*7 Source: thehackernews.com*8 Source: http://www.securityweek.com
Multiple DDoS attacks through hacked IoT
devices
Mirai-based botnets
Attacks on Domain Name Services
(DNS)
Massive DDoS attack powered by hacked IoT
145,000 devices
1 Tbps*1
Largest-ever
verified attack
End of Sep, 2016
100,000 malicious endpoints1.2 Tbps (TBV)*3
Bringing down sites like Twitter, Spotify, Netflix, Amazon and Reddit*4
Oct 21, 2016
Krebs site was hit by largest DDoS attack in history peaking 665 Gbps and 143MppsSep 21, 2016*8
Executed through customers'
infected webcams & routers*5
Oct 22 & 24*6, 2016
IoT-Enabled DDoS AttacksThreaten the InfrastructureEven for CSPs
3
New attack vectors New attack tactics
• Many IoT devices
• Many insecure devices
• High spread of infection
• Easy to create massive attack
• Massive
• Short-lived
• Out-going attacks
Who is Allot?
Allot (NASDAQ, TASE: ALLT) delivers network intelligence, policy control, and security solutions to help service providers and enterprise increase productivity, protect and improve user quality of
experience.
4
Allot at a Glance
5
Regional Headquarters
Sales & Support Offices
R&D Centers
Public company (NASDAQ, TASE: ALLT)
20Y deployment experience
24x7 follow-the-sun support
100+ countries
3000+ Enterprise customers
1B+ end users
Powering 5 of top 10 mobile CSPs
#1 provider of SECaaS in Europe
Protecting >15M subscribers
Allot Delivers Solutions Across Six Domains
Network Intelligence
Policy Control Traffic Management
DDoS Protection Web Security VAS Delivery
6
Allot is a well recognized security vendor
7
2016 Next-gen Infrastructure Security ReportDDoS Mitigation Global Market Analysis
Allot DDoS Protection Deployments Worldwide
8
Panama
Portugal
Canada
Canada
Israel
Kenya
Namibia
Australia
India
Belgium
France
Russia
USA
Kazhakstan
South Africa
Spain
Nigeria
Fiji
Thailand
Allot Proprietary & Confidential 2017
9
How can you protect your network against IoT attacks?
3 IoT Challenges
10
Lack of IoTVisibility
Limited IoTControl
Increases the Attack Surface
Allot Proprietary & Confidential 2017
11
Visibility & Control
Identify devices, Protocols and control their behavior
Security
Protect IoTnetwork from inbound and outbound attacks
Differentiation
Implement value based models that work
Allot Core Technologies Meet IoT Challenges
Allot IoT Defense Multi Layer Approach
12
• STOP INCOMING DDOS
• TRAFFIC THROTTLING
• PREVENT INFECTION
Service provider network
Incoming Attack
Infected IoTdevices
• TRAFFIC THROTTLING
• BLOCK OUTBOUND DDOS
Outgoing Attack
Infected bots
Allot Solution
1
2
3
1
Allot Solution
2
• ISOLATES BOTNETS3
Allot IoT Solution In Action
IoTManagement
Cloud
13
Access Network
New Device Connects to the Network
1
• Identify device type• Behavioral analysis• Anomaly detection• Capacity Planning
Device usage is monitored4 Device Usage stats are being reported
5
Infected Device is disabled
7
Device is discovered and classified
2
Device policy is automatically applied
• Accepted behavior • White listing • Filtering• Monitoring• Deactivation
3
Abnormal activity is Alerted
6
• Provisioning info (IMEI, TAC, APN)
• Traffic Patterns
• Usage by APN• Thresholds• SLA / KPI
Allot SG
• Device is quarantined
Acceptable Usage Policies
14
• Group IoT traffic by:• Source/Destination IP addresses / Domains APN
• IMEI
• VLAN
• Type of protocols and applications permitted for communication
• Time of day/ day of week for when the communication is allowed
• Number of new connections /amount of BW permitted
Prevent Infection with Carrier Grade Antimalware Platform
15
Leading Anti-Virus technology from McAfee, Kaspersky Lab, Sophos and Bitdefender
Detects and blocks malware and C&C websites
High scale, multi tenant platform
Every two hours updated to protect against new threats
Multi-Engine solution: Independent detection of each Antivirus Engine
Infrastructure Protection
16
20 Gbps of UDP Fragmented Attack20 Gbps
During Detection & Mitigation
20 Gbps of UDP Fragmented Attack9.99 GbpsMAX
DNS
BGP
9.99 Gbps
During Detection& Mitigation
Allot Service Gateway
FirewallCapacity: 10 Gbps
FirewallCapacity: 10 Gbps
Other Solutions
Security Threats Reporting
17
18
IoT Security as a Service
Allot Security Solutions for CSPs
Differentiated Scalable Fast Delivery
• Per-tenant Acceptable Use Policy• Per-tenant visibility and reporting• Per-tenant application control
• Works with any device• Millions of Tenants• On-premise and cloud
deployment options
• Easy to acquire• Simple to use and personalize• Hassle-free maintenance• Simple self management of user
profiles and user groups
19
Protecting End Customers Globally
Over 15,000,000 protected!
21
Allot IoT SG
MobileCore Network
Managing and Monitoring IoT Customers
Enterprise 2 User
Enterprise 1 User
Multi Tenant Platform
BSS/MSS/DCNnetwork
Bearer network
Internet of things CSP Portal Allot unified management and reporting
22
Case Studies
The Results Speak for ThemselvesExample: Vodafone Spain
“Currently 4.3 million customers of Vodafone Spain have on their mobile devices with the Secure Net service, which blocks the download of viruses and other harmful software and prevents access to unsafe websites.”
“Vodafone Spain, through its service to protect the devices connected to its mobile network Secure Net, managed to avoid more than 196 million threats of malicious virus (malware) in 2016, which means an average of about 46 attacks per client, According to the operator in a statement”
“In this regard, says that customers who have Vodafone Secure Net installed on their computer or Mac with the updated operating system are protected against the ransomware WannaCry, which last Friday attacked many companies around the world”
Vodafone Spain has crossed the 40% uptake of the Secure Net Service
Selling through Allot multiservice platform for increased profitability
CHALLENGE
Increase profitability and acquire high value customers.
SOLUTION
Telcoinabox is Australia’s largest and longest-running telecom wholesaler, with over 200 service providers as part of its group. It provides network services, end-user billing, payment processing and support to carriers, ISPs and virtual operators.
• Allot ServiceProtector delivered an effective real-time DDoS protection and anti-bot containment.
“By keeping DDoS traffic off the network and managing CMTS congestion precisely where it occurs, we have been able to delay infrastructure expansion by 2 years and to save millions.”
BENEFITS
• Customer acquisition
• Increased profitability
• Simple deployment, low opex
• Multiple VAS from a single vendor
Telcoinabox
Australia
TELECOMS WHOLESALER
“By deploying Allot multiservice platform we were able to offer greater value to our customers and attract larger businesses and service providers who cared about SLA and services for their customers.” Ahad Aboss, Telcoinabox Architect
24 Allot Proprietary and Confidential 2017
Managing Mission Critical First - Vending Machines
25
CHALLENGE
Customer wanted to ensure vending machine service during network load times.
SOLUTIONMVNO
JapanAllot traffic management allowed prioritizing the communication from the vending machines to assure commercial transactions complete in a timely manner and operation message reliable arrive to the maintenance servers.
Managing and Monitoring IoT Customers
26
CHALLENGE
Build a portal for managing and controlling the entire lifecycle of its IoT customers running on the same 3G mobile consumers network.
SOLUTION
“By keeping DDoS traffic off the network and managing CMTS congestion precisely where it occurs, we have been able to delay infrastructure expansion by 2 years and to save millions.”
BENEFITS
• Stop revenue leakage
• Visibility to IoTdevice usage
• Network security
MOBILE OPERATOR
China
• Allot Analytics delivered IoT device usage statistics and alerted upon abnormal behavior all of which were fully integrated to the IoT portal and terminal display.
• Allot Service Gateway, allowed validating device traffic and access and prevent potential misuse.
• Network-based, Seamless integration, no client software
• Comprehensive, multi layered IoT security Solution
• Scalable to a large number of IoT devices
• Actionable, alerting anomalous device behavior & misuse
• Deep analytics
• Revenue generating, available AS-A-SERVICE
Allot’s IoT Defense Solution: Unique Value Proposition
27
Allot has the Solutions and Know-how
28
Partner with Allot.Meet IoT Security Challenges.
THANK
Find out how Allot can help YOUR business to become a leading Digital Lifestyle Provider
Email [email protected]
Uwww.allot.com
29