Radware DoS / DDoS Attack Mitigation System
description
Transcript of Radware DoS / DDoS Attack Mitigation System
Radware DoS / DDoS Attack Mitigation System
Orly SorokinJanuary 2013
AGENDA
DDoS attacks & Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
3
DoS – How does it Look
• Simple Way– Excessive or specially crafted traffic causing network/server/application
resources misuse, thus preventing legitimate traffic to reach its destination and limits the service providing, generated by tools, humans or both. Can be based on Volume / Rate / Vulnerability Exploitation
• Detailed– Layer 3 Floods –
targeting the network equipment, and the actual pipe capacity
– Layer 4 Floods – targeting the servers (physical or virtual), their stack resources
– Layer 7 Floods – targeting real applications and services
Network and Data Security Attacks: from the News
4
Cyber Security Study
• A research study by Ponemon & Radware• Surveyed 700 IT & IT Security Practitioners • Non Radware customers• Release date: Q4/2012
5
DDoS Attacks Frequency
of organizations had an average of 3 DDoS attacks in the past 12 months65%
How many DDoS attacks experienced in the past 12 months?
6
Less than 1 minute
1 to 10 minutes
11 to 20 minutes
21 to 30 minutes
31 to 60 minutes
1 to 2hours
3 to 5hours
More than
5 hours
Cannot deter-mine
0%
5%
10%
15%
20%
25%
10%
13%
16%
22%
11%9%
5%4%
10%
Minutes average downtime during one DDoS attack54
Average downtime during one DDoS attack
7
AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
9
Information Resources
• Industry Security Survey– External survey – 179 companies– Most are not using
Radware DoS mitigation solution
• ERT Cases – Internal survey– Unique visibility into
attacks behavior– 95 selected cases
• Customer identity remains undisclosed
ERT gets to see attacks in
real-time on daily basis
AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
11
Organizations Bring a Knife to a Gunfight
• ”Someone who brings a knife to a gun fight” – Is someone who does prepare himself for the fight, but does not
understand its true nature• Organizations today are like that
– They do invest before the attack starts, and conduct excellent forensics after it is over,
– however, they have one critical blind-spot – they don't have the capabilities or resources to sustain a long, complicated attack campaign.
• Attackers target this blind spot!
12
Attacked in 2012
They had the budgetThey made the investment
And yet they went offline
13
But Attacks Today Have 3 Phases
14
ERT Cases – Attack Duration Trend
1-2 days
Half a week
1 week
2 weeks and more
0
2
4
6
8
10
12
14
2011
2012
2011
2012
Attacks last longer: The number of DoS attacks lasting over a week had doubled in 2012
21%
11%12%
21%
12%
23%
15
ERT Cases – Attack Vectors Trend
5-6
7-8
9-10
0%
5%
10%
15%
20%
25%
30%
4%
16%
7%
16%
29%29%
2011 2012 Complexity
ERT Cases – Attack Vectors
Attacks are more complex: 2012 DoS/DDoS attacks have become more sophisticated, using more complex attack vectors. Note the number of attacks using a complexity level of 7-10.
16
Attack Vectors Trends
Industry Security Survey – Attack Count by Type
Attack remained diversified between different attack types.This reflects attackers using multi-vector attacks.
17
Entities That Are The Bottlenecks in DoS Attacks
Internet pipe (saturation)
Firewall IPS/IDS Load Balancer (ADC)
The server under attack
SQL Server0%
5%
10%
15%
20%
25%
30%27%24%
8%
4%
30%
5%
26%25%
8%11%
22%
8%
2011
2012
Industry Security SurveyWhich services or network elements are (or have been) the bottleneck of DoS?
The three entities that are consistently the bottlenecks in DoS/DDoS attacksare the server under attack, the firewall and the Internet pipe.
18
Solutions Used Against DoS Attacks
Industry Security SurveyWhich solutions do you use against DoS attacks?
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
5%8%
5%
32%
27%
10%8%
5%
2%3%1%
40%
32%
12%
5%5%
2012
2011
19
Attackers Motivation Trend
DoS motivation did not change in 2012 compared to last year.
Motivation is unknown Political/Hacktivism Angry users Competition Ransoms0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
20112012
20
Who’s On The Target List?
Low
Medium
High
GovernmentFinancial
eCommerce
eGaming
Mobile
ISP
2012 2011 Prior to 2011
AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
AMS Protection Set
NBA• Prevent application resource misuse • Prevent zero-minute malware
DoS Protection• Prevent all type of network DDoS attacks
IPS• Prevent application vulnerability exploits
Reputation Engine• Financial fraud protection• Anti Trojan & Phishing
WAF• Mitigating Web application threats and zero-day attacks
22
Radware Security Event Management (SEM)
• Correlated reports• Trend analysis• Compliance management• RT monitoring• Advanced alerts • Forensics
3rd Party SEM
NB / API
23
Radware AMS & ERT/SOC
24
Thank Youwww.radware.com