eBook the Imminent Threat of Application Attacks and How to Defend Against Them

How do you stop what you cant see?The Imminent Threat

of Application Attacks

and How to Defend

Against Them

The Unseen Threat That Targets Your Network Its that tingling sensation on the back of your neck. You dont see anything, but just know somebodys

lurking, waiting to attack.

Nothing bad has happened yet.

But the feeling casts a dark shadow over the security

of your network.

News headlines only heighten the fear. Reports of high-

profile sophisticated attacks on carrier and enterprise

networks are increasing in number and severity.

How do You stop wHat You caNt see? 3

What its not consistently detecting are the massive application attacks

bombarding your servers from every angle, looking for ways to sneak

in to cause harm.

And they are getting in, causing slowdowns in network speed and service

outages. Youre likely not aware that these sneaky invaders are the cause

because your current network security solution provides limited defense

against application attacks and requires manual steps to intervene.

Right now, your customers may not feel the impact or may misdiagnose

attack symptoms as network congestion. But the odds are not in your favor.

Its a matter of when not if a massive application attack will compromise

your network and the data that passes over it.

How do you stop what you cant see?

Many carriers are in the dark about the number and severity of application attacks targeting their networks every day because current network security solutions are focused only on network layer attacks. Application attacks get through by targeting servers at Layer 7.

Your current network

security solution may give

you some peace of mind,

but its likely an illusion.


01 Rising out of the Darkness

The promise of the Internet

to revolutionize our lives is

exciting. Smartphones are

sophisticated control centers

that help manage our lives,

finances, homes and

businesses. Networks are

the central nervous systems

of enterprises, relaying

critical data that powers

how business gets done.

Soon everything will be connected. M2M connections and other Internet-

ready devices will talk to each other, eliminating the need for human intervention

to order stock, operate vehicles, regulate buildings and so much more.

But lurking in the shadows are bad actors looking for ways to infiltrate

networks to cause harm. Barely a week goes by without a news report

about a security breach at a Fortune 500 company, such as Sony, Target

or Anthem. Enterprises must be vigilant to protect their customers data

and business systems from both internal and external attackers.

Attacks at enterprises are well publicized. Most reports dont consider that

attacks were first transported on carrier networks before reaching enterprise

networks. This creates an obligation and an opportunity for carriers.

Obligation: Carriers must be vigilant in protecting both their own networks and

those of their customers while at the same time providing a high-available,

high-performance network.

Opportunity: Providing enhanced security protection services for enterprise

traffic is a potential new revenue source.

The installed base of the Internet of Things is forecast to be more than 220 billion devices by 2019, according to Business Insider.


The U.S. government

recently declared a national

emergency, prompting

an executive order for

a sanctions program

designed specifically to

target foreign hackers.

TARgETIng CARRIERS

The bigger threat is the dramatic increase in sophisticated multivector attacks

on carrier networks. Carriers are on guard for DDoS attacks at the network layer

with security solutions monitoring for and mitigating volumetric attacks. But the

recent service slowdown at Rackspace illustrates that DnS attacks are still able

to cripple a network.

Managing for network layer

assaults isnt enough. As the

methods that hackers use to

attack networks grow more

sophisticated, theyre shifting

their strategies from volumetric

to application attacks. Unfortu-

nately, network security systems

deployed at most carriers are

in the dark when comes to zero-

day application attacks and

recognizing the thousands of

application attacks that hit

networks every day. Dirty traffic

gets through the solutions filters

causing network slowdowns

or worse. Verizon works closely with enterprise customers to keep them up-to-date on evolving network threat patterns. verizonenterprise.com/DBIR

US

ED

WIT

H P

ER

MIS

SIO

N F

RO

M V

ER

IZO

N.Security experts like to say that

there are now only two types of companies left in the United States: those that have been hacked and those that dont know theyve been hacked.New York Times The Year in Hacking, by the numbers


ddos attacks Hit Multiple Network Layers

Network

51%Application

49%%

DNS

16%

SMTP

9%

VoIP

1%

IPv6

1%

DN

16%

S

Web(HTTP/HTTPS)

23%

Network

51%

VoIPVV

1%

6IPv6

%1%

NS

6%

SMTP

9%

S)

1TCP-SYN Flood

18%

UDP

16%

ICMP

6%

TCP -Other

10%

2014

DDoS attacks target multiple network layers,

but legacy network security solutions are

primarily focused on volumetric attacks

with very manual procedures for application

attacks. The Radware global Application &

network Security Report 20142015 finds

that attacks are evenly split between network

and application levels.


Who knows what evil

lurks in the hearts of men?

The Shadow knows!Opening line from the 1930sAmerican radio show, The Shadow


02 Shots in the dark

It corresponds directly to the extreme increase in general and high-value

traffic. As more critical data and services travel carrier networks, more bad

guys are taking shots in the dark, hoping to find ways in.

Theres a simple reason

why the number and

sophistication of attacks

on carrier networks is

growing dramatically.

How real is the threat of attack? See it live on Norse Corporations attack tracking website, which details in real-time attack types, their origin and targets. http://map.ipviking.com/

Globally, business-to-consumer e-commerce sales are approaching $2 trillion per year. Hackers are looking for ways to take advantage of the transactions.

Automating Defenses Against Increasingly Sophisticated DDoS Attacks, Patrick Donegan, Senior Analyst, Heavy Reading

US

ED

WIT

H P

ER

MIS

SIO

N F

RO

M N

OR

SE

CO

RP

OR

AT

ION


SOPHISTICATED ATTACk ECOSYSTEMS

network security solutions can rely on a number of security

events and network statistics from multiple sources to identify

attacks. There is no single motivation when it comes to bad

actors because there are many types of attackers.

criminals seek to make money from stolen digital assets

cyberwarrior governments or organizations that seek to gain

advantage by stealing Ip (Intellectual property)

Hacktavists bad actors seeking to make political statements

Carriers face thousands of attacks every day. network breaches

can even impact carriers with massive security resources. The

trend is shifting to large encrypted attacks that are continuous and

morph over time, placing carriers in need of real-time protection.

Attacks are coordinated to take advantage of server-based

botnets to conduct well-orchestrated assaults using geographically

dispersed server infrastructures that probe networks, looking for

ways in. A recent neustar study finds that 91 percent of respondents

say DDoS attacks are a comparable or bigger threat than they

were last year, and 85 percent of companies are attacked multiple

times. new onslaughts are launched in a matter of days or even

hours after encountering a new defense.

The ecosystem of threats is complex, well funded and ready to take

advantage of the number of devices connected to networks and

the ease of launching massive attacks to find cracks in network

security. In most cases, the sandbag approach of protecting the

perimeter of the network is no longer a sound strategy.

THE SHADOW OF THE ClOUD

Reliance on Cloud Services by enterprises to store data and

business applications compounds the issue by adding new

vulnerabilities to networks. The benefits of Cloud Services are

compelling: lower cost and greater speed. But on-premises

attack mitigation tools are ineffective against attacks targeting

applications in the cloud.

Enterprises that use Cloud Services rely solely on the service

provider for security because they no longer have internal

resources to monitor and safeguard digital assets. Its an

attractive model for hackers. Cloud Services require multitier

protection to safeguard the network, applications and the cloud

tenant. The most robust solution includes a hybrid architecture

consisting of hardware both on-premise and in the cloud. In

this architecture the elements can intelligently signal each other

in real-time to form a comprehensive and coordinated attack

detection and mitigation system.


lEgACY SECURITY SOlUTIOnS BlInD TO

APPlICATIOn ATTACkS

The network security solution deployed by most carriers doesnt

provide a complete picture of whats attacking their networks.

generally, volumetric attacks at the network layer and even some

well-known application attack vectors are sensed and mitigated.

Thats what the current solution is designed to handle. But the top

customer complaints are that it takes too long, requires manual

intervention and has a high rate of false positives. Theres a

troubling blind spot when it comes to new and changing

application attacks.

During application attacks, targeted commands are sent to

applications to overwhelm the central processing unit (CPU) and

memory. When the attack goes undetected, this noisy traffic

can slow traffic significantly, or even cause network outages.

If legacy network security solutions do recognize an application

attack, it can take minutes or hours to troubleshoot the unknown

signature in the application layer. Mitigation requires labor-intensive

manual intervention because theres no automated method to

handle zero-day attacks new malicious attacks that do not

have a known signature. By the time that the security team has

developed a strategy, the attackers have likely morphed to new

signatures. Carriers need a better way to protect their networks

against application attacks.

what is an application attack?

In an application attack, hackers target the application layer Layer 7

of networks. Its different from network attacks that target Layers 23, the

transport and routing layers. Application attacks hone in on specific

applications or functions by mimicking legitimate user traffic with the intent

to cripple functionality or gain access to digital assets.

The U.S. Department of Homeland Security lists the protocols that hackers use

to gain access to networks in its DDoS Quick guide (http://1.usa.gov/1DJLArf):

FTP, HTTP, POP3 and SMTP. There are a variety of types of application attacks

that seek to extract confidential information, distribute illegal content and cause

harm to networks. See next page for guide.

The 10 Most Common Application Attacks in Action


types and purposes of application attacks

Types of Application Attacks

Purpose of Attacks

Confidential personal information

Social Security numbers with or without names Credit card information Personal identity information

Criminal activity/ investigation

Subpoenas, search warrants or court orders Litigation hold requests (aka e-Discovery) Online theft, fraud Threatening communications Child pornography Physical theft, break-ins

Malicious code activity Worm, virus, Trojan Botnet Keylogger Rootkit

Reconnaissance activity

Port scanning Other vulnerability scanning Unauthorized monitoring

Rogue server or service

Rogue file/FTP server for music, movies, pirated software, etc.

Phishing scam Web servers Botnet controllers

Spam source Spam relays Spam hosts

Spear Phishing Scam e-mails targeting organizations e-mail addresses to trick people into divulging private information

Unauthorized access Abuse of access privileges Unauthorized access to data Unauthorized login attempts Brute force password cracking attempts Stolen passwords

Unpatched vulnerability

Vulnerable operating systems Vulnerable applications Vulnerable websites/services Weak or no password on accounts

Web/BBS defacement Defacement of websites Redirected websites


S O U R C E : K A N S A S S TAT E U N I V E R S I T y I N F O R M AT I O N T E C H N O L O gy S E R V I C E S

For the complete list of security incidents and source references, visit this kansas State University Information Technology Services page.


03 Out of the shadows, into the network

Currently, carriers may be confident that their network security solution is

detecting and mitigating DDoS attacks. All the reports generated by the

solution show the number and severity of attacks as well as how they were

thwarted. Unfortunately, we know its a false sense of well-being because

dirty traffic in the form of sophisticated application attacks is getting through

security filters. no major outages or data breaches have been attributed to

application attacks yet, so why should carriers care?

MAInTAInIng A SUnnY REPUTATIOn

The impact of application attacks on carriers and their customers takes

many forms:

Service degradation

network outages

Data exposure

Consumption of bandwidth resources

Consumption of system resources

Network security is a priority

for every carrier worldwide.

Investments in human

resources and technology

solutions to combat attacks

are a significant part of

carriers network operating

budgets. The goal is to

protect their networks by

staying a few steps ahead

of hackers.


persistence pays off for hackers

Recently, a leading European carrier that offers fixed, mobile, Internet and cable services was

targeted with an attack at the application layer of its network. Hackers used an attack that

carefully scanned every maintenance port on the network until an open port was detected.

Within seconds, the hackers were able to get into the network and ping every connected

device. The result: massive capacity overload that crashed network equipment and delayed

service until restoration.

An after-the-fact analysis of the attack revealed that the velocity of the assault varied between

high and medium, and spiked periodically, to avoid DDoS shield alerts.

Minutes to Compromise. Months to Discover.

DAYS

Radware has determined that

75%of application attacks take

just minutes to compromise networks.

MInUTES

legacy network security solutions take months to discover

50%of the initial compromises,

long after they have harmed the networks.

MOnTHS

Application attacks put carriers reputations at risk.

For customers, a small slowdown in services may

not be a big deal initially. But as the number and

severity of application attacks increase, clogged

pipes and slow services are not going to be accept-

able. Carriers sell services based on speed and

reliability. Bad press about service outages and

data compromises has long-lasting negative

effects. Then add the compounding power of

social networking to quickly spread the word

about service issues, and you have a recipe for

reputation disaster.

A large segment of carriers high-value customers

have zero tolerance for service interruption. There

is a direct correlation between service outages and

user churn.

Businesses with security breaches are a cautionary

tale for carriers. A recent Forbes article points to the

rise of the Chief Security Officer as the corporate

rock star of the future that protects his or her

company from cyberthreats and holds their network

partners accountable to do the same.



04 Whats hiding in the shadows?

In 2014, attack campaigns were primarily composed of multiple attack

vectors, according to the Radware Global Application & Network Security

Report 20142015. The report finds that multiattack vector campaigns

have become so commonplace that to have a campaign with a single

attack vector is far more exotic.

Attack vectors include:

SYn Flood

UDP Flood

DnS Flood

HTTP Application Flood

SSl Flood

Attackers prefer to keep a target busy by launching one or a few attacks at a

time rather than firing the entire arsenal all at once. Carriers may be successful

at blocking four or five attack vectors, but it only takes one failure for the

damage to be done.

Its safe for carriers to assume

that their networks are always

under attack. DDoS attack

volume is escalating as hackers

develop new and more tech-

nologically sophisticated ways

to target carriers and their

customers.


SSl-EnCRYPTED ATTACkS

Attackers understand that small SSl

attacks can cause large problems

based on both the encryption tunnel,

which hides the attack itself, and an

understanding that legacy systems

require large amounts of CPU capac-

ity to decrypt and detect attacks and

therefore can be easily overwhelmed.

nEW lOW AnD SlOW ATTACkS/

ADvAnCED PERSISTEnT THREATS

very patient attacks that slowly

drain server resources over time.

Zero-day attacks of this type can

be extremely difficult to detect,

since there is low probability that

an attack is active at any point

in time.

ATTACkS FROM BEHInD CDns

Attacks launched from behind a

CDn, which is used to mask the

source IP address and target the

vulnerability of legacy systems

trying to find and block the

attackers source IP address.

HEADlESS BROWSER REQUESTS

Tools that function as a browser

but without the graphical user

interface. They can be used to

bypass third-generation HTTP

challenges. Their goal is to take

websites down.

Hackers use a variety of

advanced techniques to

target carrier networks.

BOTnET ATTACkS FROM

MUlTIPlE IP SOURCES

Attacks that target legacy DDoS

systems with malware that infects

multiple IP devices and then

uses this network of computers

to coordinate an attack from a

changing list of IP addresses.


18

WHAT IS A ZERO-DAY ATTACk?

Zero-day attacks are the latest, never-before-seen generation

of attacks. They are not volumetric or detectable from a known

application signature. Security systems and experts must

react instantly to solve the new issues, that is, they have zero-

days to react. Advanced application-level attacks typically fit

into this category.

nEW ZERO-DAY ATTACkS TYPICAllY HAvE TWO DISTInCT PHASES:

1 probe and Learn: Hackers assess network defenses and probe for

vulnerabilities, looking for different weaknesses and

identifying the type of attacks that will potentially

be effective. Its like an archer who picks the best

arrows to put in his quiver before battle.

For example, a hacker may determine that a combi-

nation of encrypted attacks, attacks from a rotating

IP address source, new low and slow attacks and

headless browser attacks will be most effective.

2 optimize, Morph and attack: Hackers launch the attack and then vary the attack

vectors (or arrows from the quiver). In this case,

hackers often understand that legacy DDoS mitigators

need manual intervention to troubleshoot and mitigate

a zero-day attack. So they attack the weakness of

the legacy mitigator (multiple manual troubleshooting

cycles to stop an attack) in addition to attacking the

application vulnerabilities.

A recent attack at a North American hospital occurred over the course of about two weeks in which hackers probed the network for a few days to learn its weaknesses and then launched the assault that morphed over time to take advantage of vulnerabilities.

28

24

20

16

12

8

4

0

April 13April 11 April 15 April 17 April 19 April 21 April 23 April 25 April 27

GB

PE

R S

EC

ON

D

1

2


WHO ARE THE ATTACkERS?

Richard Clarke, former special cybersecurity advisor to the

U.S. president, devised an acronym C.H.E.W. to categorize

and explain the origin of cyberattacks threatening carriers

and enterprises.

Cybercrime the notion that someone is going to attack you

with the primary motive being financial gain from the endeavor.

Hacktivism attacks motivated by ideological differences.

The primary focus of these attacks is not financial gain but

rather persuading or dissuading certain actions or voices.

Espionage straightforward motive of gaining information on

another organization in pursuit of political, financial, capitalistic,

market share or some other form of leverage.

War (Cyber) the notion of a nation-state or transnational

threat to an adversarys centers of power via a cyberattack.

Attacks could focus on nonmilitary critical infrastructure.

The attackers can range from a tech-savvy teenager to a highly

organized group that taps into huge server farms in places like

Russia and Ukraine to facilitate attacks.

The types of hackers are as varied that the methods they employ

and include:

APTs (advanced persistent threats) agents

Corporate spies

Cybercriminals

Cyberwarriors

Hacktivists

Rogue hackers

Spammers and malware spreaders

The U.S. Federal Bureau of Investigation (FBI) offers a US$3 million reward for Russian cybercriminal Evgeniy Bogachev who was charged with numerous counts, including conspiracy, wire, bank and computer fraud, and money laundering. Hes just one of the FBIs most wanted cybercriminals.

WANTEDBY THE FBI

EvgENIY BogAcHEv


AnOnYMOUS CASTS A SHADOW

With a guy Fawkes mask as their symbol, Anonymous is a loosely

organized, secret hacktivist organization, which has gained notori-

ety since its formation in 2003. The group takes responsibility for

many of the major politically motivated cyberattacks that have

occurred over the last few years. Since its inception on the

image board 4chan as a joking referral to the name Anonymous

assigned to each users post, Anonymous has perpetuated its

opposition of Internet censorship through both physical and cyber-

protests as an anarchistic decentralized body.

Protests and cyberattacks are coordinated by means of image

boards, forums, wikis, IRC, YouTube and social networking

services, and any member of Anonymous can organize events as

a means of working toward a set of ones own goals parallel to

the Anonymous agenda.

In cyberspace, Anonymous attacks are often perpetuated

through the distributed use of flooding tools such as lOIC (low

Orbit Ion Cannon) and its newer cousin HOIC (High Orbit Ion

Cannon). By recruiting a large number of users to voluntarily

participate in such attacks (usually over IRC as it is a more

anonymous means of communication), Anonymous effectively

creates a voluntary botnet of hundreds or thousands of

computers. Using a vast number of machines running lOIC or

HOIC to target a fairly large server will often result in server

instability or potentially denial-of-service, making Anonymous

formidable as a cyberattacker. Despite this use of voluntary

botnets, much of Anonymous firepower in some of its most

notable attacks came from the use of large botnets owned by

high-ranking Anonymous members or their friends.

We are Anonymous. Expect us.Anonymous tagline on Facebook


05 Shining a light on the problem


Whats needed is an end-to-end network security system that protects the entire

network at multiple layers. Automated, real-time mitigation of application attacks

is critical. Current solutions require manual detection and intervention, which can

take hours, and is impractical in a continual morphing attack scenario.

Hackers never follow hard, fast rules when launching attacks. Neither should

carriers network security solutions. The right defense is a real-time learning

solution that leverages live data about what hackers are doing and automatically

protects against morphing attacks. The solution should employ behavioral

analysis to understand and baseline activity on the network to determine if

behaviors are Normal, Suspect or Abusive.

To fight application attacks,

carriers need to be able to

see whats targeting their

networks. Current network

security solutions detect

and mitigate attacks at the

network layer but are blind

to application layer attacks,

which slow network perfor-

mance and put customer

data at risk.

HOW DO YOU STOP WHAT YOU CAN ?EES T 23

Learn more about sophisticated DDoS attacks and how to stop

them from David Aviv, Radwares chief technology officer.

Comprehensive Cyber Defense with Radwares Attack Mitigation System (AMS)

Always-On Cyber Defense to Protect High-Value Applications and Customers

Securing the Mobile Carrier Network

NFV-Based Solutions for Carrier Networks

Radwares DDoS Scrubbing Solution

SDN-Based Cyber Security

Screenshot of video

PRESEnT MODE OF OPERATIOn (PMO) FOR CARRIERS: SCRUBBIng

The PMO for many carriers is a scrubbing center model where

telemetry is taken from the perimeter routers, usually using netFlow.

The netFlow collector looks at the network telemetry and based

on rate thresholds of different types of traffic (TCP, UDP, ICMP,

etc.), the collector signals large volume events to the Security

Operations Center (SOC), which then diverts traffic to the scrubbing

center, usually using BgP or MPlS. At this point, the mitigator

examines the traffic, blocking via signature or rate limits via

threshold for known attack vectors.

This process can take on the order of 30 minutes, from attack to

the start of mitigation. If this attack is a zero-day attack, the SOC

must now assign an engineer to analyze the attack and create a

manual signature to mitigate. In this case, the time to mitigation

can stretch into hours.

Real-time behavioral analysis can eliminate the SOC trouble-

shooting time and effort to quickly create a zero-day or new

signature in under 20 seconds to speed time to mitigation.

However, this model is still constrained by the typical five minutes

for netflow to determine the attacks.

This is one reason why deploying

in always-on mode here an

attack mitigation device (Radware

DefensePro) is used inline at the

customer premise edge of the net-

work is a faster mode of operation

(see next section on Future Mode

of Operation) for carriers to protect

high-value enterprise customers.

Carriers use multiple architectures to detect and mitigate attacks:


FUTURE MODE OF OPERATIOn (FMO) FOR CARRIERS: AlWAYS-On AS A SERvICE

For high-value customers such as financial institutions and govern-

ment, carriers need to be able to offer always-on attack mitigation

service to be able to detect and mitigate an attack faster and more

efficiently than with a scrubbing center model. Its a single inline

appliance (hardware or virtual) that protects against attacks. Its

a new way to generate revenue with end-to-end service protection

against DDoS, either at the customer site with customer premise

equipment (CPE) or in the Service Provider Cloud.

Increasingly, DDoS detection must be always-on because attacks

are dynamic, morphing over time in both volume and attack

vectors. DDoS systems must be able to learn of the changes,

morph the application signature to mitigate and pass clean traffic

for the observed new attack vectors. Always-on technology

can remedy for very complicated attacks in layer 7 the

application layer and interoperate with the scrubbing center

for added mitigation capacity when needed.

In this detection model, time to mitigation can be reduced to

2030 seconds, even for advanced attacks.


BEST MODE OF OPERATIOn FOR CARRIERS: HYBRID SCRUBBIng WITH CPE

This architecture combines the best attributes of scrubbing and

always-on. Detection and mitigation start immediately and auto-

matically using the always-on attack mitigation device that stops

various attacks from diminishing the availability of the online

services. All attacks are mitigated with the always-on device,

unless they threaten to block the overall connection. In this

case, the CPE or the cloud always-on device signals the attack

parameters and baseline traffic information to the scrubbing

center. The scrubbing center then has all the information needed

to immediately clean the traffic without having to characterize

the attack. This is a quick, efficient and excellent way to leverage

the DDoS infrastructure as a greater value security service.


InTO THE FUTURE WITH SDn

Its also important to prepare carrier networks for the future with

support for netFlowTM and the eventual deployment of Software

Defined networks (SDn). The right solution should fully integrate

with existing netFlow-based traffic monitoring and attack

detection tools, and offer seamless transition to SDn technologies

by supporting standard and proprietary SDn controllers and the

OpenFlow protocol for attack detection and traffic diversion.

Download report

assessing the threat

Annually, Radwares Emergency Response Team (ERT) surveys enterprise

and carrier security experts and publishes the Radware global Application

& network Security Report 2014-2015.

The most recent report paints a bleak picture, finding [c]yberattacks reached

a tipping point in terms of quantity, length, complexity and targets. Media

coverage has kept pace, with plenty of coverage about the latest high-profile

cyberattack. But this report provides a big-picture view that is far more

frightening than even the most ominous nightly newscast. Cyberthreats are

growing and expanding to new targets. The technical bag of tricks is bigger

than ever, and hackers are combining tricks in new (and terrifying) ways.

A telecommunications executive articulated his fears about the growing volume

and frequency of attacks. An attack [of] 30 to 40 Gbs per second, or larger,

would cause an immediate impact on our business.

1GLOBAL APPLICATION & NETWORK SECURITY REPORT 2014-2015

Global Application & Network SecurityReport 2014-2015


06 See what youve been missing


Its easy to do. Simply add the Radware AMS system to the network with no

interruption to existing network security solutions. After an attack is detected,

simply divert the attack to the Radware device for real-time diagnosis and

mitigation. Most carriers are surprised by the lack of manual effort and what

they find when they turn up the light on network traffic.

Among all this bad news

about the frequency of

undetected application

attacks is some good news.

Radware offers a seamless

implementation of Radwares

Attack Mitigation System for

Carriers to expose whats

really going on with network

security that interoperates

with legacy security solutions.

a Better way to see whats Happening

Radware often works with service providers to show them what theyve been missing by relying solely

on their legacy network security solution. By passing network traffic that has already been cleaned

by their existing solutions through a Radware AMS, its possible to see what application-level attacks

would still be transported in supposedly clean traffic.

Typical results reveal a mixture of:

HTTP floods

Numerous HTTP requests for same

big objects

Numerous HTTP connections per second

SIP attacks

Low and slow attacks

C&C traffic to Trojans

C&C from Trojans

Server cracking

Anti-scanning

Limited scale SSL protection and latency

SYN floods multisource


ABOUT RADWARES ATTACk MITIgATIOn

SYSTEM FOR CARRIERS

By protecting enterprises against known and emerging network

and application threats in real-time, Radwares layered approach

is designed to help organizations mitigate attacks that can be

detected and offer a security solution that combines detection

and mitigation tools from a single vendor. Radwares solution

provides maximum coverage, accurate detection and the shortest

time to protection.

Radwares Attack Mitigation System (AMS)

offers a multivector attack detection

and mitigation solution, handling

network layer and server-based

attacks, malware propagation

and intrusion activities.

Complete with anti-DoS,

network behavioral analysis,

DefenseSSl, IPS, WAF and

in-the-cloud DDoS mitigation

in one integrated system,

the solution is supported on

dedicated hardware designed

to fight multiple attack vectors

simultaneously.

To mitigate network attacks that threaten to saturate the Internet

pipe, Radwares AMS includes a cloud-based DDoS scrubbing

service, which works in sync with on-premise attack mitigation

devices. Enhanced with a central monitoring and reporting system,

the solution provides ongoing unified situational awareness

of the network and applications using a single security

event information management (SEIM) engine for

all components.

Get more information here.

Six of the top carriers use Radware AMS.

Figure 1: Radwares Attack Mitigation System How do You stop wHat You caNt see? 30

About RadwareRadware (nASDAQ: RDWR), is a global leader of application delivery and

application security solutions for carriers, virtual and cloud data centers. Its

award-winning solutions portfolio delivers full resilience for business-critical

applications, maximum IT efficiency, and complete business agility. Radwares

solutions empower more than 10,000 enterprise and carrier customers

worldwide to adapt to market challenges quickly, maintain business continuity

and achieve maximum productivity while keeping costs down.

For more information, please visit www.radware.com.

Radware encourages you to join our community and follow us on: Facebook,

google+, linkedIn, Radware Blog, SlideShare, Twitter, YouTube, Radware

Connect app for iPhone and our security center DDoSWarriors.com that

provides a comprehensive analysis of DDoS attack tools, trends and threats.

2015 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners.


eBook the Imminent Threat of Application Attacks and How to Defend Against Them

Documents

Transcript of eBook the Imminent Threat of Application Attacks and How to Defend Against Them