©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY 1 Introduction to Arbor Networks Security Solutions Ivan Straniero, Regional Manager SE Europe 07.07.2016
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 1
Introduction to Arbor Networks Security Solutions
Ivan Straniero, Regional Manager SE Europe
07.07.2016
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 2
WHO IS ARBOR NETWORKS?
100% Percentage of world’s Tier 1 service providers who are Arbor customers
107 Number of countries with Arbor products deployed
120 Tbps
Amount of global traffic monitored by
the ATLAS security intelligence
initiative right now!
#1
Arbor market position in Carrier, Enterprise and Mobile DDoS equipment market segments
– [Infonetics Research June, 2015]
Number of years Arbor has been delivering innovative security and network visibility technologies & products
16
http://Digitalattackmap.com
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 4
Did You Know?
Things You Should Know About DDoS Attacks
• Its never been easier in history to launch a DDoS attack.
• DDoS attacks are increasing in size, frequency and complexity.
• DDoS attacks are used as smoke screens or forms of diversion during advanced threat campaigns2.
• Of the Top 3 causes of unplanned outages, DDoS attacks are the most costly to an organization3.
For $5/hr anyone can launch a DDoS attack an cause $100sK
in damage
…DDoS attack size increasing 1
…Increase in demand for DDoS Protection
services1
…experienced multi-vectored attacks1
$5:$100sK
DDoS for Hire
74% …involved DDOS as a diversion2
400Gbps
42%
78%
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 5
Financial Services
Online Retail
Government
Gaming
Cloud Services
Education
EXPOSURE
Any organization can be the target of a DDoS attack Fact:
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 6
Over 230,000 cyber professional jobs unfilled TODAY in the US*… 1.5 million cyber jobs worldwide will be unfilled by 2020.
INCREASED PRESSURE ON SECURITY TEAMS
Fact:
Source: Arbor Networks 10th Annual Worldwide Infrastructure Security Report
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 7
Source: Arbor Networks 11th Annual WISR
Note: Most respondents didn’t answer this question because they didn’t know!
UNDER ESTIMATED IMPACT
Fact:
Lost Revenue
Operational Costs to Mitigate Attack
Brand repair
Regulatory Fees
Customer Credits
Lost productivity
Lost future business
Others?
Dunn & Bradstreet
Impact can be immediate & severe
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 8
ARBOR NETWORKS DDoS Protection Solutions
Proven, Trusted DDoS Protection
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 9
STOPPING DDoS ATTACKS
Layered DDoS Attack Protection
Stop application layer DDoS attacks & other advanced threats; detect abnormal outbound activity
2
Your Data Centers/Internal
Networks
The Internet
Application Attack
Scrubbing Center
Your (ISP’s) Network
Stop volumetric attacks In-Cloud
1 Intelligent communication between both environments
3
4 Backed by continuous threat intelligence
Backed by Continuous Threat Intelligence
Volumetric Attack
A Recommended Industry Best Practice:
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 10
• Layered, fully integrated, managed, combination of on-premises and in-cloud DDoS attack protection
• Countermeasures to stop all types of DDoS attacks (volumetric, TCP state exhaustion, application layer) and other advanced threats
• Wide range of mitigation platforms and capacities: from 2U appliances (1Gbps-40Gbps) to virtual (sub 1Gbps) to 2TBps of global Arbor Cloud
• Continuously armed with ATLAS Intelligence Feed to detect and stop latest DDoS and advanced threats
Key Features:
Quickly stop all types of DDoS attacks and advanced threats before they impact your business
Choose from a variety of products and services to design a DDoS attack protection solution that fits your organization
Rely upon the expertise of Arbor Networks to optimize your DDoS protection and/or reduce time or size of your DDoS mitigation staff
ARBOR NETWORKS DDoS PROTECTION
Benefits:
Target/Compromised Hosts
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 11
On-Prem The Internet
Botnet, DDoS, Malware
Arbor Cloud Scrubbing
Center
In-Cloud
Cloud Signal
Arbor APS
Remote management of on-prem Arbor APS to ensure optimal performance and protection
5
Intelligent coordination between on-prem and in-cloud protection
3 Global, In-Cloud, Volumetric Attack Protection (over 1 TBps Mitigation Capacity)
1
Always on protection from application-layer attacks and advanced threats
2
Backed by global threat intelligence 4
Arbor’s Managed APS Service (mAPS)
ON PREMISE: MANAGED APS SERVICE (mAPS)
Volumetric Attack
Legit Traffic
Application Attack
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 12
Network Embedded, Virtual DDoS Protection
Up to 40 Gbps Mitigation per VSM
Attack Mitigation
Arbor Networks TMS running on Cisco ASR9K VSM
+ Arbor Networks SP running on Cisco
UCS
= Cisco ASR 9000
vDDoS Protection Solution
“Powered by Arbor Networks”
Visibility and Attack Detection
Two Best of Breeds Combine
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 13
10G
40G
1G
100G
Mit
igat
ion
Cap
acit
y
160G
20G
Cost per Gbps of Mitigation Higher Lower
ARBOR DDOS MITIGATION PLATFORMS
TMS HD 1000 (2U, 20G –
160G)
TMS 5000 (6U, 10-100G)
TMS & APS 2800 (2U, 10G – 40G)
Cisco ASR9K vDDoS
(10-40G/VSM)
TMS 2300 & TMS/APS 2600
(2U, 500M-20G)
vAPS (from 50M)
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 14
ARBOR NETWORKS Advanced Threat Protection Solution
Spectrum
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 15
Things You Should Know About Advanced Threats
Did You Know?
Used 7 or more toolkits, less than half exploited a
critical vulnerability
…did not involve malware
…of enterprises take > 3 days to
investigate just 1 critical security event
200+ Days
60%
40%
7+ Toolkits
74% …involved DDOS as a diversion2
Average dwell time is greater than
200 days
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 16
The Game Has Changed
Advanced threats have evolved from advanced malware to attack campaigns. Attack campaigns are organized human to human campaigns, using multiple tools and techniques.
Fact:
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 17
ARBOR’S ADVANCED THREAT PROTECTION SOLUTION
Target / Compromised Hosts
?
Arbor Spectrum
Proactive Investigation and Proof
Armed with Global Visibility & Actionable Threat Intelligence
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 18
Shift From “Detect and Respond” Strategies
Security operations and incident response spend 80% of their time trying to determine if indicators created by “detect and prevent” security tools are real attacks.
Fact:
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 19
Arbor Networks SpectrumTM
TIME
TOOLS
DETECT ANALYZE / PROVE FORENSICS
$ $ $ $ $ $ $ $ $ $ $
Intuitive Workflows
Traffic Analysis
Threat Intel
Firewall
IPS
AV
Sandbox
Traffic
SIEM
Packet Forensics
End-Point Forensics
Intelligence
More Efficient Security Analytics and Proof Creates Highest ROI and Security Risk Reduction
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 20
“We were to uncover and investigate an entire attack timeline in seven minutes.
With our current SIEM it would have taken several days”
Empower Teams to See, Search, Prove Threats At the Speed of Thought
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 21
Arbor Networks™ Spectrum Management Console DMZ
Arbor Networks™ Spectrum Flow Collector
Arbor Networks™ Spectrum Packet Collector
Intelligence
Triggered IF
INTERNET
Deployment of Arbor Spectrum
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 22
Arbor® DDoS & Advanced Threat Protection Solutions
Internal Network
Enterprise Assets
Packets & Flow
Servers
Packets & Flow
Enterprise Perimeter
Global Internet
Global Network
Threats
Investigate
Prove
Act
©2015 ARBOR® CONFIDENTIAL & PROPRIETARY 23
QA / THANK YOU
For More Information, Please Contact:
Ivan Straniero, Regional Manager SE Europe
Ph: +39 348 7701054 Email: [email protected]