DDoS Protection Services
1 DDoS Protection
2 About us & global reach
3 Services & Solutions
4 Traffic Diversion
5 Response Time
6 Control Center
7 ...
DDoS Protection Strategies – General
Traditional Approaches
On Premises
Dedicated appliances
Pros
• Good for layer 7 attac...
DDoS Protection Strategies – Providers
Traditional Approaches
CDN Provider
Web content is distributed,
mitigation done at ...
SecurityDAM
overview
SecurityDAM offers
Managed Security Service
Providers (MSSPs) a quick
and easy way of adding
comprehe...
ABOUT US
SecurityDAM
Worldwide Resources
Radware Partner
SecurityDAM
Control Center
Monitoring & Alerting
MSSP Solutions
R...
OUR GLOBAL REACH
Global Network of Scrubbing Centers
US
>100 Gbps
Hong Kong
>20Gbps
Frankfurt
>100 Gbps
Current: >200 Gbps...
SERVICES & SOLUTIONS
SecurityDAM Offering
SecurityDAM offers a complete DDoS Protection Services suit, with a flexible dep...
OUR SERVICES
System and Team
Analysis
Real-time analysis and
adjustment of protection settings
Accounting
Flexible protect...
Traffic Diversion
Automated from the Control Center
Traffic diversion to Scrubbing Centers
BGP
AS / (/24)
network diversio...
RESPONSE TIME #1
Shortest Time-to-Mitigate
24x7 Monitoring
Real-time / Inline
Detection time measured in
seconds.
Alert
NO...
TIME TO MITIGATE
< 15 minutes, when diversion is needed
Time to mitigate
RESPONSE TIME
Short response time to new threats
SOFTWARE
Cloud Deployment
Quick deployment
of new measures
IDEA
New threa...
13
Figure 1 Customer Dashboard
Real-time monitoring
 Traffic
 Setting
 Security & Operational
Signaling based Alerting
...
14
Figure 2 Operator Dashboard
Global real-time views
 Traffic
 Setting
 Security & Operational
Signaling based Alertin...
15
Figure 3 Reports
Summary Report
Account report aggregating
CPE and Scrubbing Center data
Detailed Report
Attack report ...
CAPACITY BACKUP SERVICE
High rate attack mitigation via SecurityDAM
SD Net
Capacity backup
services for supporting
local s...
Partners – JT Global
Operating SecurityDAM Independent System
Image
Placeholder 1
 UK Channel Island operator
 Customer ...
Partners – Defense Center LLC
Operating SecurityDAM Independent System
 Russian MSSP
 Customer DDoS Protection
 Small b...
SUMMARY
Basic flow
Clean
Reinjection
CC
51
Monitor
CPE
Mitigate / Alert
CPECC
2
Divert
To CC
3
Cloud
Mitigation
CC
4
Atta...
SUMMARY
Attack Management Flow
20
On-premise CPE
mitigates the attack
Protected Organization
Signaling Messaging
Volumetri...
SUMMARY
SecurityDAM DDoS Protection Platform and Services
Customer
Portal
Operator
provisioning
and
management
Audit and
A...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity 2014 - London, UK)
Upcoming SlideShare
Loading in …5
×

SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity 2014 - London, UK)

832 views
669 views

Published on

Hybrid DDoS Protection Services for MSSPs and Enterprises
- Hybrid DDoS Mitigation Services
- Seamless Transparent Protection
- Mitigation Capacity Backup

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
832
On SlideShare
0
From Embeds
0
Number of Embeds
47
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity 2014 - London, UK)

  1. 1. DDoS Protection Services
  2. 2. 1 DDoS Protection 2 About us & global reach 3 Services & Solutions 4 Traffic Diversion 5 Response Time 6 Control Center 7 Capacity Backup 8 Partners CONTENT overview 9 Summary 1
  3. 3. DDoS Protection Strategies – General Traditional Approaches On Premises Dedicated appliances Pros • Good for layer 7 attacks • Enterprise control Cons • Vol. attacks (upstream) • Requires in-house skills Clean Pipe ISP detects and mitigates. Pros • Cost effective • Mature offering Cons • Low capacity ISP • ISP agnostic 2
  4. 4. DDoS Protection Strategies – Providers Traditional Approaches CDN Provider Web content is distributed, mitigation done at the edge. Web only. Pros • Always On • New services (e.g.WAF) Cons • No DMZ protection • Limited to Web Scrubbing Center Traffic redirection to closest cleaning facility. Forward good traffic. Pros • Effects ALL traffic • Interact with CPE Cons • No auto-diversion* • Require testing 3
  5. 5. SecurityDAM overview SecurityDAM offers Managed Security Service Providers (MSSPs) a quick and easy way of adding comprehensive Distributed Denial of Service (DDoS) protection service to their security portfolio.
  6. 6. ABOUT US SecurityDAM Worldwide Resources Radware Partner SecurityDAM Control Center Monitoring & Alerting MSSP Solutions RAD Group DDoS Protection NOC/ERT Services Hybrid Approach Comprehensive evolving managed DDoS Protection Services 5
  7. 7. OUR GLOBAL REACH Global Network of Scrubbing Centers US >100 Gbps Hong Kong >20Gbps Frankfurt >100 Gbps Current: >200 Gbps 200G OUR NETWORK IS EXPANDING Russia <partner> UK <partner> Hong Kong <partner> US >50Gbps Singapore >20Gbps Partners: >50 Gbps 250G 2014 Plans: >+100 Gbps 350G
  8. 8. SERVICES & SOLUTIONS SecurityDAM Offering SecurityDAM offers a complete DDoS Protection Services suit, with a flexible deployment and responsibility offering, matching your current and future needs.  White Label Service Brand on SecurityDAM system  Turnkey Service Independent local system  Backup Service Mitigation capacity backup SecurityDAM suite of services enables flexible provisioning of DDoS Protection Services  Full Operational Services SecurityDAM NOC and ERT  Partial Operational Services NOC / ERT / Support  On Demand Service for registered end-customers 7
  9. 9. OUR SERVICES System and Team Analysis Real-time analysis and adjustment of protection settings Accounting Flexible protection plans definitions to match customer and market needs Flexible Environment Cloud-based environment Best of bread flexible integration Development Evolving proprietary mitigation tools 24x7 Support NOC – monitoring, mitigation and past mortem analysis Research DDoS tools and mitigation techniques research 8
  10. 10. Traffic Diversion Automated from the Control Center Traffic diversion to Scrubbing Centers BGP AS / (/24) network diversion Route Change direct route changes 9 DNS website diversion (reverse-proxy)
  11. 11. RESPONSE TIME #1 Shortest Time-to-Mitigate 24x7 Monitoring Real-time / Inline Detection time measured in seconds. Alert NOC / Customer Analysis of attack and mitigation measures. CPE Only Monitor on premises actions Divert Decide on diversion and engage 10
  12. 12. TIME TO MITIGATE < 15 minutes, when diversion is needed Time to mitigate
  13. 13. RESPONSE TIME Short response time to new threats SOFTWARE Cloud Deployment Quick deployment of new measures IDEA New threats Real-time analysis of mitigation efficiency DEVELOPING New protections COTS and custom mitigation tools integration 12
  14. 14. 13 Figure 1 Customer Dashboard Real-time monitoring  Traffic  Setting  Security & Operational Signaling based Alerting Diversion requests Control Center Managing DDoS Protection Service
  15. 15. 14 Figure 2 Operator Dashboard Global real-time views  Traffic  Setting  Security & Operational Signaling based Alerting Control Center Managing DDoS Protection Service
  16. 16. 15 Figure 3 Reports Summary Report Account report aggregating CPE and Scrubbing Center data Detailed Report Attack report per incident (with aggregation) Enhanced Reports (future) External source integration to produced reports. Control Center Managing DDoS Protection Service
  17. 17. CAPACITY BACKUP SERVICE High rate attack mitigation via SecurityDAM SD Net Capacity backup services for supporting local scrubbing center resource limitation. Unified Unified reporting cross levels, with aggregated date from multiple mitigation points. IncreaseValue ReduceCapEx DDoS attack rate can be overwhelming 80/20 still apply  rely on cloud backup 16
  18. 18. Partners – JT Global Operating SecurityDAM Independent System Image Placeholder 1  UK Channel Island operator  Customer DDoS Protection  Banking  Online businesses  Stand-alone Control Center  Stand-alone Scrubbing Center Mark Stuchfield, (Head of Innovation and Strategy, JT): “SecurityDAM allows us to provide these cloud security services to multiple customers and at the same time give them a visual indication of what is going on” 17
  19. 19. Partners – Defense Center LLC Operating SecurityDAM Independent System  Russian MSSP  Customer DDoS Protection  Small businesses  Enterprise networks  Domestic Control Center  Mitigation capacity backup Valery Kirillov, (CEO): “Business continuity is a prime concern to our customers. Our multi- layered DDoS protection will allow us to provide the highest level of mitigation capacity, backup by SecurityDAM Emergency Response Team service.” 18
  20. 20. SUMMARY Basic flow Clean Reinjection CC 51 Monitor CPE Mitigate / Alert CPECC 2 Divert To CC 3 Cloud Mitigation CC 4 Attack End CPE 6 19
  21. 21. SUMMARY Attack Management Flow 20 On-premise CPE mitigates the attack Protected Organization Signaling Messaging Volumetric DDoS attack blocks the Internet pipe Clean traffic Sharing essential information for attack mitigation MSSP Scrubbing Center & NOC SecurityDAM Global Scrubbing Centers MSSP/customer decide to divert the traffic MSSP local capacity exhausted; initiate Capacity Backup
  22. 22. SUMMARY SecurityDAM DDoS Protection Platform and Services Customer Portal Operator provisioning and management Audit and Accounting Monitoring End-to-End Protection Integrated Layered DDoS protection Smooth operation Experts assistance 21

×