• Save
Brad Haizlett ISSCoastal
Upcoming SlideShare
Loading in...5
×
 

Brad Haizlett ISSCoastal

on

  • 1,241 views

Corero's DDoS Defense System (DDS) product family provides highly effective detection and mitigation of potentially crippling distributed denial-of-service attacks. But why is this layer of security ...

Corero's DDoS Defense System (DDS) product family provides highly effective detection and mitigation of potentially crippling distributed denial-of-service attacks. But why is this layer of security critical to your organization's business health and welfare?

In February 2000, a number of high-profile websites were crippled in a spectacular wave of distributed denial-of-service (DDoS) attacks. eBay, Amazon, Buy.com, Yahoo, CNN.com, ZDNet and online trading sites E*Trade and Datek all reported they were under attack. This outburst of apparently wanton disruption was unprecedented and short-lived. The DDoS threat, for a time, receded a bit as a leading security issue.

Today, the DDoS problem is worse. Much worse.

Recently, a national government suffered a politically motivated 15Gbps DDoS attack. In another incident, a bank's website was attacked for two days. During this time, its individual customers couldn't access their accounts, and a large merchant was not able to process financial transactions. The Internet's infrastructure has even been targeted when an attack was directed at the DNS root name servers. The DNS function, which translates web and other Internet addresses into their numeric equivalents, is essential to all Internet users, and the loss of availability massively degrades Internet usage. The hacker group Anonymous launched DDoS attacks on MasterCard, VISA and PayPal, and the CIA and the Serious Organized Crime Agency, the United Kingdom's equivalent of the FBI.

Statistics

Views

Total Views
1,241
Views on SlideShare
1,233
Embed Views
8

Actions

Likes
2
Downloads
0
Comments
0

2 Embeds 8

http://www.linkedin.com 7
http://www.docseek.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Brad Haizlett ISSCoastal Brad Haizlett ISSCoastal Presentation Transcript

  • DDSDDoS DefenseSolutionNovember 2011 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Company Overview• Headquartered in MA, USA; • Info Security Products Offices in London, UK Guide 2011 Best• Publicly traded CNS:LN Deployment • Frost & Sullivan• 2000 customers across Excellence in Mergers & verticals in 50 countries Acquisitions• Patented Distributed Denial of Service (DDoS) defense • 98% Customer Satisfaction technology “Corero has brought just the right product to market at just the right time. TopLayer’s customers can be encouraged by Corero’s investment in the company and the introduction of cutting edge defensive systems.” FORBES 2011 2 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Select DDoS Defense Customers• Bet365 • Prolexic• Bwin Party • Bridgepoint• Camelot • Victor Chandler• LoveFilm.com • Virgin Trains “With DDoS attacks becoming more prevalent and malicious, a solution like Corero provides is more critical than ever." Bob Mason, CTO, Journal Register3 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Customers Worldwide Rely on Corero• Barclays • Kohl’s• Blue Cross Blue Shield • Deutsche Telekom• Paysafe Card • Chase Paymentech• Pep Boys • Swisscom “Corero’s device was the only one that combined the high levels of performance with the deep packet inspection that made us comfortable with putting it inline in our network that simply cannot afford a minute being offline.” Charles Neely Harper, Director, Air Liquide Large Industries US4 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • DDoS Attacks: A Growing ProblemAttacker Motivations Victim Countries/Industries• Criminal Extortion • USA, Canada, France, Netherla nds, Russia, Austria, Malaysia,• Unfair Business Advantage China, and others• Political Activism• Ideological Activism • Banking, Payment Services, Construction• Just for Lulz (Laughs) Equipment, Insurance, Governm ent, Real Estate, Job Search Sites, Retailers, Medical Products, Mining and Minerals, News Portals, Payment Services, Sporting Goods, Social Networking Sites, and others 5 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • IT Decision-maker Survey – DDoS• A 2011 survey of 225 US-based IT decision-makers reveals: – 78% are very or extremely concerned about DDoS attacks – 67% expect the frequency and strength of DDoS attacks to increase or stay the same in the next two years – 63% said they sustained more than one attack – 11% were hit six or more times – Survey carried out by Merrill Research6 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Denial of Service – Are You Next?7 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Impact of Denial of Service Attacks • Immediate loss of sales • Immediate loss of customers • Immediate loss of productivity • Lack of remote access • Loss of customer trust • Negative publicity • Ancillary costs or ISP bandwidth charges • Smokescreen to launch and/or hide malware-based attacks8 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Distributed Denial of Service (DDoS) Attacks Common Variants9
  • Specially-Crafted PacketDenial of Service Attack • This attack exploits a server vulnerability to achieve the same effect as a DDoS attack, often from a single attacker • Involves sending a “specially crafted” packet or series of packets to a server that could cause the system to enter a denial-of-service condition on its own, due to a vulnerability • Even worse, in some cases victim servers need to be rebooted in order to Defense Technique recover from such an attack Stateful Protocol • Example: Analysis10 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Network Layer DDoS Attack • The “classic” Internet DDoS attack • Most often is a highly Distributed Denial of Service (DDoS) attack with potentially millions of attacking IP addresses • Involves sending a flood of packets over the network at a high enough volume to disrupt or overload the “infrastructure” essentially making service transactions impossible Defense Technique • Typically affects ISP links, routers, switches, firewalls, and IP Threat-Level servers, causing one or more of them to Assessment become a bottleneck, restricting or eliminating the ability of the server to deliver its service © 2011 Corero Network Security, Inc.11 www.corero.com DDS Intro / Overview Presentation
  • Reflective SYN Flood DDoS Attack • A typical TCP example of a network layer DDoS Attack • Attackers spoof their source IP addresses to appear to come from your network, and begin a large SYN flood against a third- party victim • The victim servers or proxies begin responding with SYN-ACKs, but these are directed back to YOUR network Defense Technique • As a result, your firewall suddenly becomes flooded with inbound SYN-ACKs Stateful Flow • Due to the flood, your firewall’s CPU Awareness performance begins to degrade fending off massive amounts of SYN-ACKs12 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Outbound DDoS Attack • A typical network layer DDoS Attack viewed from another perspective • This DDoS attack involves computers inside the perimeter defenses, usually botnet infected, being controlled remotely and instructed to participate in DDoS • As a result, the upstream ISP may detect the outbound attack and black-hole route your outbound traffic in order to “protect the Internet” from the DDoS traffic coming Defense Technique from your network Bi-Directional • Your Internet connection may be Flood Detection effectively blocked by the upstream ISP13 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Application Layer DDoS Attack • A newer intelligent variant of a DDoS attack • Technically still taking place over the network, these attacks actually complete real TCP connections making them appear legitimate, but with bad intentions • Once the TCP connection is made, the attacking computers make repeated requests to the application in an attempt to exhaust the resources of the application Defense Technique • Hard to defend against because they Requestor create a denial of service condition without Behavior Analysis consuming excessive network bandwidth14 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Existing Approaches to DDoS Defense Not Ready for Today’s DDoS Attacks15
  • The “Over-Provisioning” ApproachApproach: • Over-provision Bandwidth – Purchase Larger Pipes • Over-provision Resources – Purchase More/Faster/Powerful ServersWhy it falls short: • Never-ending escalation • Constantly increasing costs • Does not protect against large network layer DDoS attacks where attack bandwidth exceeds link bandwidth • Does not protect against application layer DDoS attacks • Does not protect against specially-crafted packet attacks16 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • The “Clean-Pipe” ApproachApproach: • Purchase Clean-Pipe Service from your ISP - $$$ • Your ISP monitors bandwidth usage, reacts after attack startsWhy it falls short : • Outage occurs before blocking begins • Black-hole Routing - good traffic can be lost while blocking bad traffic • Does not protect against application layer DDoS attacks • Does not protect against specially-crafted packet attacks17 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • The “In the Cloud” ApproachApproach: • Purchase specialty “In-the-Cloud” DDoS Mitigation Service - $$$$$ • Under Attack - Reroute all traffic to scrubbing center – network layer attack gets filtered – good traffic is routed back to youWhy it falls short: • Does not protect against application layer DDoS attacks • Does not protect against specially-crafted packet attacks • No visibility of outbound attack traffic or server responses18 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • On-Premises DDoS Defense Your Servers Stay Up, So You Don’t Have To19
  • Corero’s On-Premises “DDS”DDoS Defense System Combats: • Today’s application layer DDoS attacks, including “low and slow” variants, by intelligently monitoring client requests and application response behaviors • Traditional network layer DDoS attacks with its patented, built- in, multi-stage DDoS defense capabilities • Outbound DDoS attacks with its bi-directional inspection and granular security policy controls • Reflective DDoS attacks with its inherent Stateful Firewall capabilities effectively blocking mid-flow attacks • Specially-crafted packet denial of service attacks with its inherent Stateful Protocol Analysis capabilities • Server-targeted malware and other remote exploit attempts with its built-in Protection against Malicious Content20 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • DDS Optimized for Strong Server Protection Protection against Protection against Undesired Access Protection against DDoS Attacks Malicious Content DDoS Defense OptimizationIN OUT Logged Events Good Traffic Blocked Forensic Data Bad Traffic Attacks & Analysis 21 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • DDS Overview Comprehensive On-Premises DDoS Defense • First solution to protect against Network and Application layer DDoS attacks • Includes HTTP GET and DNS attack mitigation features • Models for 100MbE, 1GbE, 10GbE DDoS defense • Optimized configuration for server side protection • Built-on 64-core multi-core processor platform • Adaptive, intelligent scalable technology • Uses patented DDoS protection • Low power consumption • Lowest network latency22 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Scalable DDS Product Line 20 Gbit/Sec ProtectionCluster™ Scalable 1GbE / 10GbE Redundant Solution 10 Gbit/Sec Model 2400ES - High Utilization 10GbE Data CentersNetwork Throughput 8 Gbit/Sec Model 2000ES – 10GbE Data Centers 4.4 Gbit/Sec Model 1000EC/ES – Large 1GbE Data Centers 2.4 Gbit/Sec Model 500EC/ES – Smaller Data Centers 600 Mbit/Sec Model 150EC/ES – Multi-Server/VM Sites 300 Mbit/Sec Model 75EC – Single Site / Single Cage 23 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • DDS Advantage Why Corero’s DDS • Protection: 3DP (DDoS Defense, Firewall and IPS) includes comprehensive defense against DDoS attack variants, provides zero-day protection for server vulnerabilities and flexible policies for traffic inspection • Network performance: Lowest latency (<50uS typical) and highest throughput while under attack means no network interruption • Scalability: Up to 8 nodes in a ProtectionCluster™ that delivers exceptional scalability and transparent deployment in all redundant networks • Reliability: Purpose-built hardware has no chip fans, redundant power, N+1 fans in hot-swappable tray, 20-30 year MTBF rating, zero- power bypass • Green Design: 4th generation hardware platform based on leading edge 64-core Tilera multi-core processors yields small form factor (1 RU) and low power consumption (<100 watts)24 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Proven Hardware Platform Unsurpassed Reliability; Lowest Latency • 64-core Tilera multi-core processors • Hardened operating system25 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • SecureCommand Management SoftwareCompletes DDS SolutionNetwork Security Analyzer (NSA) • Security Event Syslog Management • Multiple DDS Event Correlation • Real-time Email and SNMP Alerts • Immediate/Scheduled Quality Reports • Long Term Event Forensics/Drill Down • Regulatory Compliance & Auditing ReportsIPS/DDS Controller • Real-time Attack Incident Response • Centralized DDS Configuration • Threat Update Service • OS Upgrade Management • Centralized Device Reporting26 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Corero Security Services• Threat Update Service – A subscription service through which customers are able to keep their threat information up to date. The latest signatures and blocking lists are provided by Corero to the customer in the form of “Protection Packs”• Security Optimization Services - Professional services offered to our customers to help them review their network security posture relating to the deployment of Corero’s DDS solutions• SecureWatch® Maintained DDS Security Service - SecureWatch service ensures that Corero Network Security DDoS Defense System (DDS) and IPS solutions are always up to date, running at peak performance, and automatically and continually protecting the IT infrastructure• SecureWatch® PLUS - A comprehensive suite of DDoS defense configuration, optimization, monitoring and response services. These are customized to meet the security policy requirements and business goals of each Corero DDS customer that selects this premium service option27 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • SecureWatch® Maintained DDS Security Service• Installs all software updates for all deployed DDS units, Network Security Analyzer (NSA) software, and DDS Controller software• Applies Protection Packs with rule, signature, and block list updates• Implements actions described in Security Advisories• Monitors the status of the DDS hardware and initiates Advanced Hardware Replacement process in the event of a hardware failure• Ensures NSA report and alert generation and delivery are functioning properly• Performs DDS solution backup service after each configuration change and sends monthly backup CD-ROM• Delivers weekly DDS status reports via email• Services performed between 8am and 8pm US Eastern Time28 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • SecureWatch® PLUS Security Service Preparation Vigilance ReactionDefining a clear DDoS defense Provide ongoing Software and Guaranteed availability of policy and overall mitigation “Protection Pack” maintenance expertise, 24x7, following strategy as required DDoS attack alert Documenting logical and Provide ongoing analysis of Initiate communication and physical topologies within protection within context of new collaboration procedures with customer environment threat advisories from Corero customer’s security team Comprehensive base-lining of Provide continuous validation Execute remote-accessprotocols, traffic types, average of monitoring and logging procedures to customer’s DDStraffic flows and network usage functions insuring operational systems Designing a secure remote- Provide weekly event analysis Analyze nature, severity and access configuration and report generation impact of DDoS attack Ongoing tuning and Provide 24x7 hardware and Tune defenses to further optimization to defend against event monitoring from secure mitigate attack as necessary as changing attack vectors Corero SOC attack vector may change Establishment of Provide 24x7 alerting of Continual monitoring communication and suspected attacks via determining if defenses are collaboration procedures established procedures optimized for current attack29 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Customer Case Studies
  • Leading Online Gaming Site Problem: Provide uninterrupted online access to thousands of online gaming customers • Dissatisfied with current IPS vendor protecting their core network • Needed to add protection for web services • Required strong DDoS protection Solution: High performance 10GbE systems to safeguard their critical online business and network • Replaced existing IPS at core and added appliance for web services protection • High performance DDoS protection to mitigate against sophisticated threats ensuring up time and no loss of revenue • Reliable, secure network infrastructure to support online betting31 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Online & Campus BasedHigher Education Problem: Inability to defend against an active DDoS Attack using next generation firewall technology • Current security infrastructure unable to stop massive DDoS attack • Customers/students unable to access the site • IT Security wanted an additional layer of protection to secure students personal information Solution: Corero DDS stopped attack in 30 minutes and increased network protection on multiple fronts • Students could access network and complete assignments as expected • Reliable DDoS protection to mitigate newest attack methodologies • Enhanced overall network security with easy to deploy and manage product that provides ongoing protection32 © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation
  • Thank You © 2011 Corero Network Security, Inc. www.corero.com DDS Intro / Overview Presentation33