DSS ITSEC CONFERENCE - Radware - Attack Mitigation System (AMS) - Riga NOV2011
Upcoming SlideShare
Loading in...5

DSS ITSEC CONFERENCE - Radware - Attack Mitigation System (AMS) - Riga NOV2011



Presentation from "DSS" organized ITSEC conference on 24th of November, RIga, Latvia.

Presentation from "DSS" organized ITSEC conference on 24th of November, RIga, Latvia.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

DSS ITSEC CONFERENCE - Radware - Attack Mitigation System (AMS) - Riga NOV2011 DSS ITSEC CONFERENCE - Radware - Attack Mitigation System (AMS) - Riga NOV2011 Presentation Transcript

  • Beyond Today’s Perimeter Defense:Radware AttackMitigation System(AMS) Michael Soukonnik 24.11.2012
  • Imagine That You Could…Eliminate Costs of DowntimeImprove your Customer Experience& Employee ProductivityCut Application Infrastructure Cost by 20-50%Enhance your Business Agility Slide 2
  • Over 10,000 Radware Customers Can…1 1 3 Slide 3
  • About Radware 144.1Over 10,000 Customers Company Growth 108.9 94.6 88.6 77.6 81.4 68.4 54.8 43.7 38.4 43.3 14.1 4.9 1998 2000 2002 2004 2006 2008 2010Recognized ADC Market Leader Global Technology PartnersADC Magic Quadrant 2010 “Radware has a strong vision of how ADCs fit into aseamless virtualized and cloud-based architecture” Slide 4
  • Online Business Security Threats
  • Security Threat VectorsLarge volume network flood attacks Network scan Intrusion Port scan SYN flood attack “Low & Slow” DoS attacks (e.g., Sockstress) Brute force attack Intrusion, malwareHigh and slow Application DoS attacks Web application attacks (e.g. XSS, Injections, CSRF) Slide 6
  • Network and Data Security Attacks: from the News Slide 7
  • Multi-Vulnerability Attack Campaigns Large volume network flood attacks Network scan Conclusions Large volume SYN flood• Attackers use multi-vulnerability Slow connection DoS attacks Low & attack campaigns Businessmaking mitigation nearly impossible Web application vulnerability scan Application flood attack (Slowloris, Port 443 data flood,…)• DoS & DDoS tools are preferred weapon of mass Web application attacks (e.g. XSS, Injections, CSRF)disruption Slide 8
  • Mapping Security Protection ToolsDoS ProtectionBehavioral AnalysisIPSIP Reputation Large volume network flood attacksWAF Network scan Intrusion SYN flood “Low & Slow” DoS attacks Port scan Brute force attack Intrusion, Malware High & Low rate application DoS attacks Web application attacks (e.g. XSS, Injections, CSRF) Slide 9
  • Introducing Radware Attack Mitigation System (AMS) Slide 10
  • AMS Protection SetDoS Protection• Prevent all type of Reputation Engine network DDoS attacks • Financial fraud protection • Anti Trojan & PhishingIPS• Prevent application vulnerability exploits NBAWAF • Prevent application• Mitigating Web resource misuse application threats • Prevent zero-minute and zero-day attacks malware Slide 11
  • OnDemand Switch: Designed for Attacks Mitigation DoS Mitigation Engine • ASIC based • Prevent high volume attacks • Up to 12 Million PPS of attack protectionIPS & Reputation Engine• ASIC based String Match & RegEx Engine• Performs deep NBA Protections & WAF packet inspection OnDemand Switch Platform Capacity up to 14Gbps Slide 12
  • DefensePro Architecture – Threat Mitigation DME Multi Purpose Multi Cores CPU’s L7 RegexDDoS Mitigation Engine Acceleration ASIC (12 M PPS) (14 Gbps) & Reputation Engine Behavioral-based protections Critical Mobile Malware Infrastructure Infrastructure Malware Propagation Intrusions DDoS Hardware Architecture That Was Tailored DDoS for Attack Mitigation Slide 13
  • Behavioral analysis & Real Time Signatures DoS & DDoS Inputs Application level threats Public Network - Network - Servers - Clients Zero-Minute Inbound Traffic malware propagation BehavioralReal-Time AnalysisSignature Inspection Closed Abnormal Module Feedback Activity Detection Real-Time Signature Outbound Traffic Generation Optimize Signature Remove when attack Enterprise is over Network Slide 14
  • DDoS Protection: Radware CoverageRadware DDoS Protections PPS & Bandwidth Connection & application Directed application flood attacks flood attacks DoS attacks ASIC-Based Multi-core CPUs StringMatch DoS Mitigator Real-time signatures Engine (SME) Engine (DME) & challenge - RegEx Engine Real-time signatures response Static & user filters technology technologies Up to 12MPPS of attack Up to 800K new TPS of Full 10Gbps DPI prevention HTTP Challenge-Response (RegEx) processing Slide 15
  • Radware Security Event Management (SEM) • Correlated reports • Trend analysis • Compliance management • RT monitoring • Advanced alerts • Forensics3rd Party SEM Slide 16
  • Compliance and Standardization with AMS Compliance Reports PCI DSS FISMA GLBA HIPPA Slide 17
  • Radware Security Products PortfolioDefenseProNetwork & Server attack prevention deviceAppWallWeb Application Firewall (WAF)APSolute VisionManagement and security reporting &compliance Slide 18
  • Encrypted Attacks Mitigation Application “cookie” L7 ASIC Regex engines engine Traffic Anomalies Network-Based DoS Application-Based DoS “Directed” Application DoS Floods Attacks Attacks (Clear and SSL) Attacks (Clear and SSL) Clear Clear Once an attack is detected there are 3 main security actions that are done on each client who tries to connect to the protected server(s): “Authenticated” EncryptedEncrypted SYN Attack Protection – DefensePro “authenticates” the source through a “safe-reset cookie” clients mechanism, verifying the validity of the source IP and its TCP/IP stack. Packet DefensePro receives the decrypted 1st HTTP client request from the SSL engine and HTTP Filters – anomalies, Behavioral DoS & Encrypted Black & white lists TCP cookie engines applies application layer filters. This is done in order to remove the “Directed HTTP DoS attacks” Clear that can only be mitigated by pre-defined or “ad-hoc” filters. Web Cookie Challenge – In case the client “passes” the HTTP filter check, DefensePro generates a Client-side Web cookie challenge (302 or JS challenge) that is encrypted and returned to the client by the termination point Alteon SSL engine. Client responses are decrypted and sent to the DefensePro, which validates the response. A client that responds correctly is “authenticated” (application level Alteon’s SSL “authentication”) and forced to open a new connection directly to the protected server. Acceleration Engine Slide 19
  • Radware Security Expertise : ERT Cases (1 of 2) Radware ERT helped High Council for Telecommunications (TIB) to achieve full protection against• Anonymous group published a poster callingattacks to Anonymous its fans attack Turkish government agency – Target: High Council for Telecommunications (TIB) – When: June 9th (Thursday) 2011 at 6PM – Attack tool: Low Orbit Ion Canon (LOIC)• Type of attack - Multi-vulnerability campaign – HTTP Get flood attack – TCP connection flood on port 80 – SYN flood attack – UDP flood attack Slide 20
  • Radware Security Expertise : ERT Cases (2 of 2) Radware ERT helped Istanbul police to achieve full protection against Anonymous attacks • watched the attacks and DefensePro easily eliminated“We just Anonymous group attacks Istanbul police as revenge ofthe attacks. arrest the We didn’t even see any latency during the attacks. – Target: thankful to usIstanbul Police is Istanbul police site and to you. While most of the – When: June 13th 2011state websites gets unresponsive during the attacks, they didn’t – Attackfeel anything.” tool: Low Orbit Ion Canon (LOIC)Istanbul•police integrator Type of attack - Multi-vulnerability campaign Slide 21
  • Summary
  • Summary: Radware AMS Differentiators• Best security solution for online businesses: – DoS protection – Network behavioral analysis (NBA) – Intrusion prevention (IPS) – Reputation Engine service – Web application firewall (WAF)• Built-in SEM engine• Emergency Response Team (ERT) – 24x7 Service for immediate response – Neutralize DoS/DDoS attacks and malware outbreaks• Lowest CapEx & OpEx “Radware offers low product – Multitude of security tools in a single solution and maintenance cost, as – Unified management and reporting compared with most competitors.” Greg Young & John Pescatore, Gartner, December 2010 Slide 23
  • Thank Youwww.radware.com