Corporate Overview
Tim Dubuc
SECOR Networks
www.secornetworks.com
4845 Rugby Avenue Bethesda, M 20814 / p (240) 497-0330 / w riorey.com
D

The Company
We provide a patent pending software-based
technology platform to protect
Internet Protocol (IP) networks against
Distributed Denial of Service (DDOS) attacks.
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 2

Distributed Denial of Service Attacks (DDOS)
Bots (Zombies)
Real
Master Victim
Attacker
Attacker places
Inte rne t
malicious code (Bot)
on unsuspecting
master Master infects random Upon the Master’s
Internet computers command,
creating “Botnet” the Bots attack the victim by
overwhelming its resources
Bots (Zombies)
• Attacker takes control of infected computers (“ bies” “
zom or bots” on the Internet
)
• Using “
botnet” y of zom com
arm bie puters, the attacker proceeds to flood a network
w irrelevant traffic that denies, degrades, or even brings dow the netw
ith n ork
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 3

Potential Consequences of an Attack
•Can render Web sites or other netw services inaccessible to
ork
customers, employees, vendors, & partners
•Com unication disruptions
m
•Loss of revenue
•Damage to an organization’ reputation
s
•Loss of intellectual property
•Disruptions in supply chains
•M anagem of w
ism ent orldw inventories
ide
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 4

A Global Problem
• January - June 2006 networks worldw experienced 6,110 DDOS threats/day
ide
• U.S. biggest target, 54% of worldw total
ide
• China second highest num of DDOS attacks, 12% of total
ber
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 5

Top Sectors Targeted by DDOS Attacks
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 6

Traditional DDOS Protection
Router Drawbacks
M function - Packet routing.
ain Requires operator intervention
WAN Auxiliary function - Provide netflow Slow 10-30 m
: inutes
inform ation for billing. Netflowinformation
is nowused by anom detection devices to
aly
detect unusual netw utilization, signaling
ork
a potential DDOS attack.
Router
Access Control List &/or Firewalls
Requires operator intervention
M aintain a list of rules detailing the restriction
ACL &/or of use of each host & device on the netw ork.
Firewalls Slow 10-30 m
: inutes
Can be configured to control both inbound &
outbound traffic.
Intrusion
Detection Intrusion Detection Systems (IDS)
Systems The large am ount of bad traffic
Uses deep packet inspection to inspect
packets for virus, trojan horse & other generated as part of a DDOS
application attacks. attack often overw helm deep
s
packet based DDOS devices
LAN Often expanded to include DDOS protection.
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 7

Existing Technologies
With the exception of RioRey, all solutions can be organized
under tw approaches to handling DDOS attacks:
o
Anomaly Detection
This approach m onitors the netw s tim
ork’ e-of-day traffic behavior. When it
observes
a sudden surge of usage that cannot be correlated w “
ith norm events, it
al”
indicates
a potential attack situation.
Deep Packet Inspection
This approach exam ines the packet structure & packet payload. These are
com pared w signatures of know attacks &, w
ith n hen a m atch is found, the
packets are filtered.
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 8

Our Solution / Perimeter Protection Platform
WAN RioRey’s Perimeter Protection Platform
RioRey Perimeter
Protection Platform • Added in front of the router,
dedicated to DDOS protection function.
Router
• High throughput, provides line rate
protection to the entire network.
ACL &/or
Firewalls
• Filters out the majority of DDOS,
preserving good data to the netw ork.
Intrusion
Detection
Systems
LAN
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 9

Deploying the RioRey Solution
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 10

Technology Comparison
Technology Comparison
Anomaly Detection Deep Packet
RioRey MBA Inspection
Relative ease in
implementing high Easy Difficult Easy
bandwidth solutions
Time required to detect
Approx. 90 seconds 10 to 20 minutes >> 30 minutes
and eliminate attacks
Required to train and
Operator Intervention No operators required No operators required
examine alarms
Frequent updates
Signature Update No updates required No updates required
required
Implemented in a Usually implemented in Usually requires
Deployment architecture single box before the a single box behind the separate detection and
routers and firewalls routers and firewalls clean traffic boxes
Usually has difficulties
Handles good traffic Allows all good Difficulties distinguishing
under high bandwidth
during an attack traffic to pass good and bad trffic
attacks
Ability to screen
Yes No Yes
encrypted traffic
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 11

Platform Components
RioRey Platform Components
Hardware Software: Micro Behavioral Analysis
• Detection Function. Exam ines the netw ork
traffic & detects the attacking
packets & stream s.
• Filtering Function. Filters out attacking traffic
based on inform ation provided by the Detection
• Designed to fit into a standard Function. Legitim traffic flow unim
ate s peded
19”equipm rack
ent through the filter.
• Built-in comprehensive fail-safe • W Interface Function. Used by custom to
EB er
features create initial configuration.
• Data Analysis & Report Generation Function.
Enables users to analyze the collected attack &
victim data & generate reports that are based on
our Rview Softw
™ are.
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 12

Platform Highlights
•Platform is netw agnostic, no need to com unicate w other devices;
ork m ith
•Identifies and blocks DDOS attack traffic automatically, without human
(operator) intervention;
•Identification of a DDOS attack occurs in seconds and blocking action
begins in less than tw m
o inutes;
•Zero false positives –the device w never block valid custom traffic;
ill er
•Complete protection im ediately after installation;
m
•One-hour installation time;
•Netw personnel can be trained in less than an hour;
ork
•Technology is scalable
•By blocking DDOS floods from entering the network, existing network
defenses w be able to function m effectively during an attack.
ill ore
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 13

Customer Segments
• We b Ho s ting c e nte rs
• Inte rne t S e rvic e Pro vide rs (IS Ps )
• The Fe de ral Go ve rnme nt
• Value Adde d Re s e lle rs (VARs )
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 14

Product Family
RE Unidirectional Bidirectional
Three fam ilies of DDOS
Application
500 Series ISP
protection platform from the
s,
1500 Series Corporate highest availability, highest
throughput series RG to the
RX Unidirectional Bidirectional standard, cost efficient series RE
Service Providers
Data Center
2300 Series Universities
Banking
Transaction Processing
Application
Interactive Gaming Government
Government Services Services
3300 Series
Denense Defense
VOIP VOIP The RE, RX and RG are
4000 Series
Defense
Defense configurable for many options
Hosting
depending on our custom er's
RG Unidirectional Bidirectional needs
Application
Telecom
10000 Series Federal
Fortune 500
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 15

Ple as e c o ntac t us at S ECOR Ne two rks fo r
mo re in -de pth Dis c us s io ns
231-799-0800
www .s e c o rne two rks .c o m
© Rio Re y , Inc. / Co nfid e ntia l Info rma tio n 16