Radware: Anatomy of an IoT Botnet and Economics of Defense
Eric Grubel
BRKPAR-4000
Anatomy of an IoT Botnet and Economics of Defense
Eric Grubel
January 2018
VP, Business Development
Time isMoney
Theme of Discussion Today
5
Market Leader in Application Availability solutions
7/14 Top Stock Exchanges
12/22 Top Commercial Banks
>$200MRevenue
6/10 Top Carriers
3/7 Top Cloud Service Providers
Carriers, Service & Cloud ProvidersFinancial Services
Awarded Best Managed Security Service 2016
Enterprise, Retail & Online Businesses1/5 Top Brand in Every Key Vertical
About Radware
6Biggest Business Concern If Faced w/a Cyber-Attack
• Data loss followed by reputation loss were the biggest concerns related to cyber-attacks.
• Fewer were concerned with revenue loss this year, compared to 2016.
What is your concern if faced with a cyber-attack?
10%
10%
13%
17%
23%
28%
0% 5% 10% 15% 20% 25% 30%
Productivity loss
Customer / partner loss
Revenue loss
Reputation loss
Availability / SLA Degradation
Data Leakage/ information…
7Vertical Highlights
40%
42% 31%
73%
24%
Of retailers report bot traffic above75% of total
Of education institutes actually fear availability issues, over data theft or reputation loss
Of service providers intend to invest in DDoS mitigation in 2018
Of government and public sector organizations suffer attacks daily
Of healthcare’s express low to medium confidence in securing patient records
44%Of financials do not track the dark web after a data security breach
8Security Measures Following Attacks (2017)
• In general, customers are not holding organizations responsible for cyber-attacks
• Customers filing lawsuits following data breaches or DDoS downtime are more common in APAC
9%
9%
13%
7%
10%
5%
9%
11%
12%
75%
70%
70%
0% 20% 40% 60% 80% 100%
Malware contamination andpropogation
Data breach
DDoS downtime Customers askingfor compensation
Lawsuits
Q.19b: Have any of your customers taken any measures because of any of the following attacks against your organization?
9Modern Day Bots: IoT-Based Botnets
• IoT is the birthplace for new type of bots and malwares.
• Unsophisticated, yet very efficient and lethal.
Mirai Hajime BrickerBot
10IoT Botnets - Modus Operandi
Infection vectors:
• SSH/Telnet brute force
• TR-069 protocol
• Manufacturer backdoors
Taking advantage of factory flaws to
infect
Identify the
device
Upload the
matching binary
Drop the
payload
Remove other
malware
Scan for more
devices
11Failure Points in the Data Center
• Internet Pipe Saturation incidence grew 50% from 2016
• Servers are compromised the most - as they keep the lucrative data
• 40% growth in complete outages over mere service degradation
Internet pipe (Saturation)
37%
Firewall
17%
IPS/IDS
6% Load Balancer(ADC)
4% The Server Under Attack
35%
SQLServer
1%
Internet Pipe Firewall IPS/IDS Load Balancer/ADC
Server Under Attack
SQL Server
12Cisco transforms security service integration
• Integrated Radware Virtual DefensePro (vDP) in-line DDoS mitigates attacks
• Available on Cisco Firepower 4100 / 9300 series
• Lower latency than a stand-alone DDoS solution
• Consolidation with simplified support and procurement
• Fully automated solution
Unified Threat Platform with Integrated Security
Data Packet
100100010111100010
1110
DDoS FW NGIPS AMP
Maximum Protection
Low Latency Scalable processing
URL Filtering
SSL
Key:
Cisco Service
3rd Party Service
13Stay Focused. Be Prepared.
Don’t be the next Equifax. Build your protection strategy.
Consolidate and automate
Elastic, unified systems against multiple threats.
Fight fire with fire
AI based solutions to mitigate advanced cyber-
weapons.
Hope for the best, Prepare for the worst
Study new technologies, have an ER plan.
Thank YouEric Grubel
VP, Business [email protected]
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Please complete your Online Session Evaluations after each session
• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt
• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.
Complete Your Online Session Evaluation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
16BRKPAR-4000
Thank you
Top Related