SlideShare a Scribd company logo

ip pier solution

Download as PPTX, PDF
Alexey Stankus
Alexey Stankus

IP PIER Web protection solution

Internet
1 of 21
Intro  56% of Internet traffic is generated by bots  95% of sites breaches and infecting are automatic  300% annual increase in DDoS attacks on the Application layer  30% annual increase in total number of DDoS attacks  Average indications of DDoS attacks are 9.7 Gb/s and 19 Mpps  Major attacks increased beyond 600 Gb/s
 Increase in number of users using NAT and proxy  Increase in number of mobile users  Mass transfer from http to https  PCI DSS requirement to prohibit transferring ssl certificates to third parties  CAPTCHA is not efficient any longer Intro 2
Necessary to block ALL queries by bots New paradigms of breaches
 High reliability of the service  Wide channels for protection from L3&4 DDoS attacks  Protection from DDoS attacks at the Application layer  Capability to detect singular queries by bots  Protection from bots without blocking IP addresses  Capability to filter https without disclosure of traffic Requirements for security systems
In protection  Active bot Protection (ABP)  Protection from DDoS layer 7  Protection from DDoS layer 3  Protection of HTTPS  Detection of bots without CAPTCHA  WAF  Zero Day  White and black lists Increase is site availability  Site boost (caching, optimization, SPDY)  Site balancing (for multiple platforms including)  Optimization (for a mobile client through traffic compression)  Site monitoring and statistics  IPv6  Always Online  Custom pages of errors Capacities of Cloud Cloud fail safety:  2 Tb/s – capacity of communication channels from different operators  2N backup of all Cloud components
ISP 1 client's platform General working principles of clearing cloud Cloud connection:  Change A of a DNS record  Network notice on BGP (not less than /24) ISP 2 ISP N client's platform client's platform
Basic protection principles border packet filter hardware packet filter software packet filter stateful analyzer Application Layer verification
Implementation features:  Detection of some attacks by means of traffic analysis for L3&4 using original math algorithms  Active interaction with bots  System of automated security levels control  Different security levels for different URL simultaneously are available  Interaction with bots within 0.2 – 64 Kb of traffic  Counter-bot system (we make an attack to be resource-intensive and economically unsound). Active Bot Protection (basic principles)
Benefits for client:  Protection from DDoS at the Application layer  Protection from scanning  Protection from automated replication  Protection from spam-bots in comments and forums  Avoiding necessity to use CAPTCHA  Protection beginning from the first query for HTTPS, both with and without disclosure of traffic Active Bot Protection for client
Operation modes of the complex: ✓ Filtration at the Application layer disabled. ✓ “DDoS protection” – we analyze every query, but do not make changes to user-application interaction until the user seems to be suspicious to us. This is the most common mode, suitable for most sites. If any suspicion arises concerning user's legitimacy, then, before proxying his queries, we enable mechanisms of additional verifications - watching his reaction. If everything is good - we allow the query. ✓ "Active Bot Protection" - in this mode we test every user regardless his prior activity. This mode is used when the maximum protection is required, even against a singular bot query. At that approach, analytics is not disabled. User testing modes are selected depending on personal account settings and user's activity. This approach is good for saving a site from bots totally. Operation principles of traffic filtration at Application layer
ssl certificate with key transferred Traffic disclosure HTTPS traffic filtration (with disclosure) Benefits  Requires no integration with security system (except certificate transfer)  Easy setting Drawbacks  Certificate transfer is necessary  PCI DSS requirements are not met
Benefits  Certificate transfer is not required  PCI DSS requirements are met Drawbacks  Integration with security system is necessary  Time lags on protection activation  Impossible to block sessions, only IP addresses Transfer of access logs for analysis and registering bots in blacklists HTTPS filtration (without traffic disclosure, with logs transfer)
HTTPS filtration (without traffic disclosure, with token) Redirect to security system for user verification and granting a token, after that the user is not subject to verification for a certain period of time Benefits  Certificate transfer is not required  PCI DSS requirements are met  No time lags on protection activation  Blocking sessions, not IP Drawbacks  Integration with security system is necessary  During token validity period an attack with use of this token is possible
If we reckon the user is legitimate If we reckon that additional verification is required Information provided by client: URL, IP, t, UA HTTPS filtration (without traffic disclosure, with validation service) Benefits  Certificate transfer is not required  PCI DSS requirements are met  No time lags on protection activation  Blocking sessions, not IP Drawbacks  Integration with security system is necessary
WAF capacities:  Protection from SQL Injections  Protection from Cross-site scripting  Protection from illegal resources access  Protection from Remote file inclusions  System has self learning mechanisms  Custom rules can be added client Protection from manual breach (WAF)
Balancing for multiple platforms platform 1 platform N Balancing modes:  Round robin  With weight ratio  Active-passive
Caching client The complex is capable of:  Caching queried URLs for a set period of time It enables a client to:  Reduce channel load  Reduce hardware load  Smoothen “Habra effect”
The complex is capable of:  Storing static copies of a client’s site and updating them in certain period of time It enables a client to:  Provide users with static part of the site if the client’s infrastructure fails  Save clients  To improve rating in search engines client Always online
Competitors
ip pier solution

Recommended

Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Security Session
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteAntonio Fontes
 
Vpn
VpnVpn
VpnLan & Wan Solutions
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
Reblaze Web Application Firewall
Reblaze Web Application FirewallReblaze Web Application Firewall
Reblaze Web Application FirewallJason Newell
 
Web Security
Web SecurityWeb Security
Web SecurityGerald Villorente
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 

Recommended

Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Security Session
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteAntonio Fontes
 
Vpn
VpnVpn
VpnLan & Wan Solutions
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
Reblaze Web Application Firewall
Reblaze Web Application FirewallReblaze Web Application Firewall
Reblaze Web Application FirewallJason Newell
 
Web Security
Web SecurityWeb Security
Web SecurityGerald Villorente
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
Fine-grained policy enforcement for untrusted software
Fine-grained policy enforcement for untrusted softwareFine-grained policy enforcement for untrusted software
Fine-grained policy enforcement for untrusted softwarePhú Phùng
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPSData#3 Limited
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachDr. Ramchandra Mangrulkar
 
Sangfor ngfw 修订版
Sangfor ngfw 修订版Sangfor ngfw 修订版
Sangfor ngfw 修订版Ploynatcha Akkaraputtipat
 
Https interception
Https interceptionHttps interception
Https interceptionAndrey Apuhtin
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheetMaliha Ali
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 
Threat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine LearningThreat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine LearningPriyanka Aash
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Mule anypointenterprisesecurity
Mule anypointenterprisesecurityMule anypointenterprisesecurity
Mule anypointenterprisesecurityhimajareddys
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSDr. Ramchandra Mangrulkar
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE - ATT&CKcon
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 
Security in Design of Cloud Application
Security in Design of Cloud ApplicationSecurity in Design of Cloud Application
Security in Design of Cloud ApplicationRafal Korszun
 
AS2 vs. SFTP
AS2 vs. SFTPAS2 vs. SFTP
AS2 vs. SFTPMFT Gateway
 
QualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallQualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallRisk Analysis Consultants, s.r.o.
 
Innovation in government the global challenges
Innovation in government the global challengesInnovation in government the global challenges
Innovation in government the global challengesMartin Brunet
 
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...Dr R Chelliah Jes Chelliah
 
Creative commons
Creative commonsCreative commons
Creative commonsirmiuxalba
 
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi Ganguly
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi GangulySEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi Ganguly
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi GangulyDr. Karabi Ganguly
 
Valor de uso
Valor de usoValor de uso
Valor de usoAzpergito DE Mendoza
 

More Related Content

What's hot

Fine-grained policy enforcement for untrusted software
Fine-grained policy enforcement for untrusted softwareFine-grained policy enforcement for untrusted software
Fine-grained policy enforcement for untrusted softwarePhú Phùng
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPSData#3 Limited
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheetMaliha Ali
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 
Threat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine LearningThreat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine LearningPriyanka Aash
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Mule anypointenterprisesecurity
Mule anypointenterprisesecurityMule anypointenterprisesecurity
Mule anypointenterprisesecurityhimajareddys
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE - ATT&CKcon
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 
Security in Design of Cloud Application
Security in Design of Cloud ApplicationSecurity in Design of Cloud Application
Security in Design of Cloud ApplicationRafal Korszun
 

What's hot (17)

Fine-grained policy enforcement for untrusted software
Fine-grained policy enforcement for untrusted softwareFine-grained policy enforcement for untrusted software
Fine-grained policy enforcement for untrusted software
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPS
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
 
Sangfor ngfw 修订版
Sangfor ngfw 修订版Sangfor ngfw 修订版
Sangfor ngfw 修订版
 
Https interception
Https interceptionHttps interception
Https interception
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation Firewall
 
Threat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine LearningThreat Detection using Analytics & Machine Learning
Threat Detection using Analytics & Machine Learning
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Mule anypointenterprisesecurity
Mule anypointenterprisesecurityMule anypointenterprisesecurity
Mule anypointenterprisesecurity
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
 
Security in Design of Cloud Application
Security in Design of Cloud ApplicationSecurity in Design of Cloud Application
Security in Design of Cloud Application
 
AS2 vs. SFTP
AS2 vs. SFTPAS2 vs. SFTP
AS2 vs. SFTP
 
QualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallQualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application Firewall
 

Viewers also liked

Innovation in government the global challenges
Innovation in government the global challengesInnovation in government the global challenges
Innovation in government the global challengesMartin Brunet
 
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...Dr R Chelliah Jes Chelliah
 
Creative commons
Creative commonsCreative commons
Creative commonsirmiuxalba
 
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi Ganguly
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi GangulySEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi Ganguly
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi GangulyDr. Karabi Ganguly
 
Победитель (ОМЗ).Переработка ЗШО с извлечением кремнезема
Победитель (ОМЗ).Переработка ЗШО с извлечением кремнеземаПобедитель (ОМЗ).Переработка ЗШО с извлечением кремнезема
Победитель (ОМЗ).Переработка ЗШО с извлечением кремнеземаtstart
 
Washington Global Health Landscape Study 2015 Final Report
Washington Global Health Landscape Study 2015 Final ReportWashington Global Health Landscape Study 2015 Final Report
Washington Global Health Landscape Study 2015 Final ReportAnson Fatland
 
Framework Use in Clinical Research
Framework Use in Clinical ResearchFramework Use in Clinical Research
Framework Use in Clinical Researchjetweedy
 
Telehealth and Mental Health
Telehealth and Mental HealthTelehealth and Mental Health
Telehealth and Mental Healthjetweedy
 
1 место (нт) технология маркет – эксецентрико циклоидальное зацепление (томск)
1 место (нт) технология маркет – эксецентрико циклоидальное зацепление (томск)1 место (нт) технология маркет – эксецентрико циклоидальное зацепление (томск)
1 место (нт) технология маркет – эксецентрико циклоидальное зацепление (томск)tstart
 
A new AerosolnanoCatalysis technology for organic (oil) wastes neutralization
A new AerosolnanoCatalysis technology for organic (oil) wastes neutralizationA new AerosolnanoCatalysis technology for organic (oil) wastes neutralization
A new AerosolnanoCatalysis technology for organic (oil) wastes neutralizationSergey_1
 

Viewers also liked (12)

Innovation in government the global challenges
Innovation in government the global challengesInnovation in government the global challenges
Innovation in government the global challenges
 
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...
Poster-final Page One and Page Two in 25% size...needs to be expanded to 50% ...
 
Creative commons
Creative commonsCreative commons
Creative commons
 
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi Ganguly
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi GangulySEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi Ganguly
SEPTEMBER 2015 CONFERENCE SEMINAR ATTENDEDKarabi Ganguly
 
Valor de uso
Valor de usoValor de uso
Valor de uso
 
Mundo físico
Mundo físicoMundo físico
Mundo físico
 
Победитель (ОМЗ).Переработка ЗШО с извлечением кремнезема
Победитель (ОМЗ).Переработка ЗШО с извлечением кремнеземаПобедитель (ОМЗ).Переработка ЗШО с извлечением кремнезема
Победитель (ОМЗ).Переработка ЗШО с извлечением кремнезема
 
Washington Global Health Landscape Study 2015 Final Report
Washington Global Health Landscape Study 2015 Final ReportWashington Global Health Landscape Study 2015 Final Report
Washington Global Health Landscape Study 2015 Final Report
 
Framework Use in Clinical Research
Framework Use in Clinical ResearchFramework Use in Clinical Research
Framework Use in Clinical Research
 
Telehealth and Mental Health
Telehealth and Mental HealthTelehealth and Mental Health
Telehealth and Mental Health
 
1 место (нт) технология маркет – эксецентрико циклоидальное зацепление (томск)
1 место (нт) технология маркет – эксецентрико циклоидальное зацепление (томск)1 место (нт) технология маркет – эксецентрико циклоидальное зацепление (томск)
1 место (нт) технология маркет – эксецентрико циклоидальное зацепление (томск)
 
A new AerosolnanoCatalysis technology for organic (oil) wastes neutralization
A new AerosolnanoCatalysis technology for organic (oil) wastes neutralizationA new AerosolnanoCatalysis technology for organic (oil) wastes neutralization
A new AerosolnanoCatalysis technology for organic (oil) wastes neutralization
 

Similar to ip pier solution

Threat Management Gateway 2010 - Forefront Community launch 2010
Threat Management Gateway 2010 - Forefront Community launch 2010Threat Management Gateway 2010 - Forefront Community launch 2010
Threat Management Gateway 2010 - Forefront Community launch 2010Krzysztof Binkowski
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101Cloudflare
 
CyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetCyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetBaqar Kazmi
 
CyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetCyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetBaqar kazmi
 
CyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetCyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetMaliha Ali
 
CyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetCyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetbakar kazmi
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ingHuu Hieu
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ingHuu Hieu
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
Cyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayCyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayLiberteks
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cloudflare
 

Similar to ip pier solution (20)

Threat Management Gateway 2010 - Forefront Community launch 2010
Threat Management Gateway 2010 - Forefront Community launch 2010Threat Management Gateway 2010 - Forefront Community launch 2010
Threat Management Gateway 2010 - Forefront Community launch 2010
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
Bitrix Software Security
Bitrix Software SecurityBitrix Software Security
Bitrix Software Security
 
CyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetCyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheet
 
CyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetCyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheet
 
CyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetCyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheet
 
CyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheetCyberoamNGSeriesUTMTechSheet
CyberoamNGSeriesUTMTechSheet
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
UTM Cyberoam
UTM Cyberoam UTM Cyberoam
UTM Cyberoam
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ing
 
Cyberoam cr200ing
Cyberoam cr200ingCyberoam cr200ing
Cyberoam cr200ing
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
Cyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management GatewayCyberoam vs. Forefront Threat Management Gateway
Cyberoam vs. Forefront Threat Management Gateway
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 

Recently uploaded

PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 

Recently uploaded (20)

PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 

ip pier solution

  • 1.
  • 2. Intro  56% of Internet traffic is generated by bots  95% of sites breaches and infecting are automatic  300% annual increase in DDoS attacks on the Application layer  30% annual increase in total number of DDoS attacks  Average indications of DDoS attacks are 9.7 Gb/s and 19 Mpps  Major attacks increased beyond 600 Gb/s
  • 3.  Increase in number of users using NAT and proxy  Increase in number of mobile users  Mass transfer from http to https  PCI DSS requirement to prohibit transferring ssl certificates to third parties  CAPTCHA is not efficient any longer Intro 2
  • 4. Necessary to block ALL queries by bots New paradigms of breaches
  • 5.  High reliability of the service  Wide channels for protection from L3&4 DDoS attacks  Protection from DDoS attacks at the Application layer  Capability to detect singular queries by bots  Protection from bots without blocking IP addresses  Capability to filter https without disclosure of traffic Requirements for security systems
  • 6. In protection  Active bot Protection (ABP)  Protection from DDoS layer 7  Protection from DDoS layer 3  Protection of HTTPS  Detection of bots without CAPTCHA  WAF  Zero Day  White and black lists Increase is site availability  Site boost (caching, optimization, SPDY)  Site balancing (for multiple platforms including)  Optimization (for a mobile client through traffic compression)  Site monitoring and statistics  IPv6  Always Online  Custom pages of errors Capacities of Cloud Cloud fail safety:  2 Tb/s – capacity of communication channels from different operators  2N backup of all Cloud components
  • 7. ISP 1 client's platform General working principles of clearing cloud Cloud connection:  Change A of a DNS record  Network notice on BGP (not less than /24) ISP 2 ISP N client's platform client's platform
  • 9. Implementation features:  Detection of some attacks by means of traffic analysis for L3&4 using original math algorithms  Active interaction with bots  System of automated security levels control  Different security levels for different URL simultaneously are available  Interaction with bots within 0.2 – 64 Kb of traffic  Counter-bot system (we make an attack to be resource-intensive and economically unsound). Active Bot Protection (basic principles)
  • 10. Benefits for client:  Protection from DDoS at the Application layer  Protection from scanning  Protection from automated replication  Protection from spam-bots in comments and forums  Avoiding necessity to use CAPTCHA  Protection beginning from the first query for HTTPS, both with and without disclosure of traffic Active Bot Protection for client
  • 11. Operation modes of the complex: ✓ Filtration at the Application layer disabled. ✓ “DDoS protection” – we analyze every query, but do not make changes to user-application interaction until the user seems to be suspicious to us. This is the most common mode, suitable for most sites. If any suspicion arises concerning user's legitimacy, then, before proxying his queries, we enable mechanisms of additional verifications - watching his reaction. If everything is good - we allow the query. ✓ "Active Bot Protection" - in this mode we test every user regardless his prior activity. This mode is used when the maximum protection is required, even against a singular bot query. At that approach, analytics is not disabled. User testing modes are selected depending on personal account settings and user's activity. This approach is good for saving a site from bots totally. Operation principles of traffic filtration at Application layer
  • 12. ssl certificate with key transferred Traffic disclosure HTTPS traffic filtration (with disclosure) Benefits  Requires no integration with security system (except certificate transfer)  Easy setting Drawbacks  Certificate transfer is necessary  PCI DSS requirements are not met
  • 13. Benefits  Certificate transfer is not required  PCI DSS requirements are met Drawbacks  Integration with security system is necessary  Time lags on protection activation  Impossible to block sessions, only IP addresses Transfer of access logs for analysis and registering bots in blacklists HTTPS filtration (without traffic disclosure, with logs transfer)
  • 14. HTTPS filtration (without traffic disclosure, with token) Redirect to security system for user verification and granting a token, after that the user is not subject to verification for a certain period of time Benefits  Certificate transfer is not required  PCI DSS requirements are met  No time lags on protection activation  Blocking sessions, not IP Drawbacks  Integration with security system is necessary  During token validity period an attack with use of this token is possible
  • 15. If we reckon the user is legitimate If we reckon that additional verification is required Information provided by client: URL, IP, t, UA HTTPS filtration (without traffic disclosure, with validation service) Benefits  Certificate transfer is not required  PCI DSS requirements are met  No time lags on protection activation  Blocking sessions, not IP Drawbacks  Integration with security system is necessary
  • 16. WAF capacities:  Protection from SQL Injections  Protection from Cross-site scripting  Protection from illegal resources access  Protection from Remote file inclusions  System has self learning mechanisms  Custom rules can be added client Protection from manual breach (WAF)
  • 17. Balancing for multiple platforms platform 1 platform N Balancing modes:  Round robin  With weight ratio  Active-passive
  • 18. Caching client The complex is capable of:  Caching queried URLs for a set period of time It enables a client to:  Reduce channel load  Reduce hardware load  Smoothen “Habra effect”
  • 19. The complex is capable of:  Storing static copies of a client’s site and updating them in certain period of time It enables a client to:  Provide users with static part of the site if the client’s infrastructure fails  Save clients  To improve rating in search engines client Always online