SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity 2014 - London, UK)


Published on

Hybrid DDoS Protection Services for MSSPs and Enterprises
- Hybrid DDoS Mitigation Services
- Seamless Transparent Protection
- Mitigation Capacity Backup

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity 2014 - London, UK)

  1. 1. DDoS Protection Services
  2. 2. 1 DDoS Protection 2 About us & global reach 3 Services & Solutions 4 Traffic Diversion 5 Response Time 6 Control Center 7 Capacity Backup 8 Partners CONTENT overview 9 Summary 1
  3. 3. DDoS Protection Strategies – General Traditional Approaches On Premises Dedicated appliances Pros • Good for layer 7 attacks • Enterprise control Cons • Vol. attacks (upstream) • Requires in-house skills Clean Pipe ISP detects and mitigates. Pros • Cost effective • Mature offering Cons • Low capacity ISP • ISP agnostic 2
  4. 4. DDoS Protection Strategies – Providers Traditional Approaches CDN Provider Web content is distributed, mitigation done at the edge. Web only. Pros • Always On • New services (e.g.WAF) Cons • No DMZ protection • Limited to Web Scrubbing Center Traffic redirection to closest cleaning facility. Forward good traffic. Pros • Effects ALL traffic • Interact with CPE Cons • No auto-diversion* • Require testing 3
  5. 5. SecurityDAM overview SecurityDAM offers Managed Security Service Providers (MSSPs) a quick and easy way of adding comprehensive Distributed Denial of Service (DDoS) protection service to their security portfolio.
  6. 6. ABOUT US SecurityDAM Worldwide Resources Radware Partner SecurityDAM Control Center Monitoring & Alerting MSSP Solutions RAD Group DDoS Protection NOC/ERT Services Hybrid Approach Comprehensive evolving managed DDoS Protection Services 5
  7. 7. OUR GLOBAL REACH Global Network of Scrubbing Centers US >100 Gbps Hong Kong >20Gbps Frankfurt >100 Gbps Current: >200 Gbps 200G OUR NETWORK IS EXPANDING Russia <partner> UK <partner> Hong Kong <partner> US >50Gbps Singapore >20Gbps Partners: >50 Gbps 250G 2014 Plans: >+100 Gbps 350G
  8. 8. SERVICES & SOLUTIONS SecurityDAM Offering SecurityDAM offers a complete DDoS Protection Services suit, with a flexible deployment and responsibility offering, matching your current and future needs.  White Label Service Brand on SecurityDAM system  Turnkey Service Independent local system  Backup Service Mitigation capacity backup SecurityDAM suite of services enables flexible provisioning of DDoS Protection Services  Full Operational Services SecurityDAM NOC and ERT  Partial Operational Services NOC / ERT / Support  On Demand Service for registered end-customers 7
  9. 9. OUR SERVICES System and Team Analysis Real-time analysis and adjustment of protection settings Accounting Flexible protection plans definitions to match customer and market needs Flexible Environment Cloud-based environment Best of bread flexible integration Development Evolving proprietary mitigation tools 24x7 Support NOC – monitoring, mitigation and past mortem analysis Research DDoS tools and mitigation techniques research 8
  10. 10. Traffic Diversion Automated from the Control Center Traffic diversion to Scrubbing Centers BGP AS / (/24) network diversion Route Change direct route changes 9 DNS website diversion (reverse-proxy)
  11. 11. RESPONSE TIME #1 Shortest Time-to-Mitigate 24x7 Monitoring Real-time / Inline Detection time measured in seconds. Alert NOC / Customer Analysis of attack and mitigation measures. CPE Only Monitor on premises actions Divert Decide on diversion and engage 10
  12. 12. TIME TO MITIGATE < 15 minutes, when diversion is needed Time to mitigate
  13. 13. RESPONSE TIME Short response time to new threats SOFTWARE Cloud Deployment Quick deployment of new measures IDEA New threats Real-time analysis of mitigation efficiency DEVELOPING New protections COTS and custom mitigation tools integration 12
  14. 14. 13 Figure 1 Customer Dashboard Real-time monitoring  Traffic  Setting  Security & Operational Signaling based Alerting Diversion requests Control Center Managing DDoS Protection Service
  15. 15. 14 Figure 2 Operator Dashboard Global real-time views  Traffic  Setting  Security & Operational Signaling based Alerting Control Center Managing DDoS Protection Service
  16. 16. 15 Figure 3 Reports Summary Report Account report aggregating CPE and Scrubbing Center data Detailed Report Attack report per incident (with aggregation) Enhanced Reports (future) External source integration to produced reports. Control Center Managing DDoS Protection Service
  17. 17. CAPACITY BACKUP SERVICE High rate attack mitigation via SecurityDAM SD Net Capacity backup services for supporting local scrubbing center resource limitation. Unified Unified reporting cross levels, with aggregated date from multiple mitigation points. IncreaseValue ReduceCapEx DDoS attack rate can be overwhelming 80/20 still apply  rely on cloud backup 16
  18. 18. Partners – JT Global Operating SecurityDAM Independent System Image Placeholder 1  UK Channel Island operator  Customer DDoS Protection  Banking  Online businesses  Stand-alone Control Center  Stand-alone Scrubbing Center Mark Stuchfield, (Head of Innovation and Strategy, JT): “SecurityDAM allows us to provide these cloud security services to multiple customers and at the same time give them a visual indication of what is going on” 17
  19. 19. Partners – Defense Center LLC Operating SecurityDAM Independent System  Russian MSSP  Customer DDoS Protection  Small businesses  Enterprise networks  Domestic Control Center  Mitigation capacity backup Valery Kirillov, (CEO): “Business continuity is a prime concern to our customers. Our multi- layered DDoS protection will allow us to provide the highest level of mitigation capacity, backup by SecurityDAM Emergency Response Team service.” 18
  20. 20. SUMMARY Basic flow Clean Reinjection CC 51 Monitor CPE Mitigate / Alert CPECC 2 Divert To CC 3 Cloud Mitigation CC 4 Attack End CPE 6 19
  21. 21. SUMMARY Attack Management Flow 20 On-premise CPE mitigates the attack Protected Organization Signaling Messaging Volumetric DDoS attack blocks the Internet pipe Clean traffic Sharing essential information for attack mitigation MSSP Scrubbing Center & NOC SecurityDAM Global Scrubbing Centers MSSP/customer decide to divert the traffic MSSP local capacity exhausted; initiate Capacity Backup
  22. 22. SUMMARY SecurityDAM DDoS Protection Platform and Services Customer Portal Operator provisioning and management Audit and Accounting Monitoring End-to-End Protection Integrated Layered DDoS protection Smooth operation Experts assistance 21