Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Beyond Today’s Perimeter Defense:
Radware Attack
Mitigation System
(AMS)
Michael Soukonnik
RIGA, Latvia (DSS ITSEC 2012)
2...
Agenda
• About Radware
• Understanding online business security threats
• Introducing Radware Attack Mitigation System (AM...
Imagine That You Could…
Slide 3
Eliminate Costs of Downtime
Improve your Customer Experience
& Employee Productivity
Cut A...
1 1 3
Over 10,000 Radware Customers Can…
Slide 4
About Radware
Slide 5
Over 10,000 Customers
Global Technology Partners
1998 2000 2002 2004 2006 2008 2010
4.9
14.1
38.4 43...
Online Business Security Threats
Security Threat Vectors
Slide 7
Large volume network flood attacks
High and slow Application DoS attacks
SYN flood attack
...
Network and Data Security Attacks: from the News
Slide 8
Multi-Vulnerability Attack Campaigns
Slide 9
Business
Large volume network flood attacks
Application flood attack (Slowlor...
Mapping Security Protection Tools
Slide 10
Large volume network flood attacks
High & Low rate application DoS attacks
“Low...
Introducing Radware Attack
Mitigation System
Radware Attack Mitigation System (AMS)
Slide 12
AMS Protection Set
Slide 13
NBA
• Prevent application
resource misuse
• Prevent zero-minute
malware
DoS Protection
• Preve...
OnDemand Switch: Designed for Attacks Mitigation
Slide 14
OnDemand Switch
Platform Capacity up to
14Gbps
DoS Mitigation En...
Static Signature
Engine (DPI)
Real-time
Signatures Engine
(Multi CPU Cores)
DefensePro On-Demand Switch 3:
• Up to 12Gbps ...
The Secret Sauce – Real-time Signatures
Public Network
Inbound Traffic
Outbound Traffic
Behavioral
Analysis
Abnormal
Activ...
Radware Security Event Management (SEM)
Slide 17
• Correlated reports
• Trend analysis
• Compliance management
• RT monito...
AMS Synergy
Slide 18
• Advanced configuration
• Role-based access control
Web application
scanning activity
detected from ...
Radware AMS & ERT/SOC
Slide 19
• Security Operations Center (SOC)
– Provides weekly and emergency signature updates
– Main...
Radware Security Products Portfolio
Slide 22
AppWall
Web Application Firewall (WAF)
DefensePro
Network & Server attack pre...
Summary
Conclusion
• Attackers deploy multi-vulnerability attack campaigns
– Organizations deploy point security solutions
– Attac...
Thank You
www.radware.com
Upcoming SlideShare
Loading in …5
×

DSS ITSEC CONFERENCE - Radware - Attack Mitigation System (AMS) - Riga, Latvia

1,160 views

Published on

Presentation from "DSS" organized ITSEC conference. (http://event.dss.lv)

Published in: Technology, News & Politics
  • Be the first to comment

DSS ITSEC CONFERENCE - Radware - Attack Mitigation System (AMS) - Riga, Latvia

  1. 1. Beyond Today’s Perimeter Defense: Radware Attack Mitigation System (AMS) Michael Soukonnik RIGA, Latvia (DSS ITSEC 2012) 24.11.2012
  2. 2. Agenda • About Radware • Understanding online business security threats • Introducing Radware Attack Mitigation System (AMS) • AMS building blocks overview • Customer success • Summary Slide 2
  3. 3. Imagine That You Could… Slide 3 Eliminate Costs of Downtime Improve your Customer Experience & Employee Productivity Cut Application Infrastructure Cost by 20-50% Enhance your Business Agility
  4. 4. 1 1 3 Over 10,000 Radware Customers Can… Slide 4
  5. 5. About Radware Slide 5 Over 10,000 Customers Global Technology Partners 1998 2000 2002 2004 2006 2008 2010 4.9 14.1 38.4 43.3 43.7 54.8 68.4 77.6 81.4 88.6 94.6 108.9 144.1 Company Growth Recognized Security Vendor
  6. 6. Online Business Security Threats
  7. 7. Security Threat Vectors Slide 7 Large volume network flood attacks High and slow Application DoS attacks SYN flood attack Brute force attack Web application attacks (e.g. XSS, Injections, CSRF) Port scan “Low & Slow” DoS attacks (e.g., Sockstress) Network scan Intrusion Intrusion, malware
  8. 8. Network and Data Security Attacks: from the News Slide 8
  9. 9. Multi-Vulnerability Attack Campaigns Slide 9 Business Large volume network flood attacks Application flood attack (Slowloris, Port 443 data flood,…) Large volume SYN flood Web application attacks (e.g. XSS, Injections, CSRF) Low & Slow connection DoS attacks Network scan Web application vulnerability scan Conclusions • Attackers use multi-vulnerability attack campaigns making mitigation nearly impossible • DoS & DDoS tools are preferred weapon of mass disruption
  10. 10. Mapping Security Protection Tools Slide 10 Large volume network flood attacks High & Low rate application DoS attacks “Low & Slow” DoS attacks Brute force attack Web application attacks (e.g. XSS, Injections, CSRF) SYN flood Port scan Network scan Intrusion Intrusion, Malware DoS Protection Behavioral Analysis IP Reputation IPS WAF
  11. 11. Introducing Radware Attack Mitigation System
  12. 12. Radware Attack Mitigation System (AMS) Slide 12
  13. 13. AMS Protection Set Slide 13 NBA • Prevent application resource misuse • Prevent zero-minute malware DoS Protection • Prevent all type of network DDoS attacks IPS • Prevent application vulnerability exploits Reputation Engine • Financial fraud protection • Anti Trojan & Phishing WAF • Mitigating Web application threats and zero-day attacks
  14. 14. OnDemand Switch: Designed for Attacks Mitigation Slide 14 OnDemand Switch Platform Capacity up to 14Gbps DoS Mitigation Engine • ASIC based • Prevent high volume attacks • Up to 12 Million PPS of attack protection NBA Protections & WAF IPS & Reputation Engine • ASIC based String Match & RegEx Engine • Performs deep packet inspection
  15. 15. Static Signature Engine (DPI) Real-time Signatures Engine (Multi CPU Cores) DefensePro On-Demand Switch 3: • Up to 12Gbps of network traffic inspection • 4,000,000 concurrent sessions • Latency < 100 micro seconds Next Generation DefensePro: IPS+DoS Architecture Page 15 APSolute Immunity Engines Standard IPS Solution Real-time signature APSolute Immunity booster: • Prevent high volume attacks • Up to 10 Million PPS of attack ASIC-Based DoS Mitigator Engines Real-time signature injection ot
  16. 16. The Secret Sauce – Real-time Signatures Public Network Inbound Traffic Outbound Traffic Behavioral Analysis Abnormal Activity Detection Inspection Module Real-Time Signature Inputs - Network - Servers - Clients Real-Time Signature Generation Closed Feedback Enterprise Network Optimize Signature Remove when attack is over Slide 16 DoS & DDoS Application level threats Zero-Minute malware propagation
  17. 17. Radware Security Event Management (SEM) Slide 17 • Correlated reports • Trend analysis • Compliance management • RT monitoring • Advanced alerts • Forensics 3rd Party SEM
  18. 18. AMS Synergy Slide 18 • Advanced configuration • Role-based access control Web application scanning activity detected from source A Web intrusion attack detected from source A Black list source A
  19. 19. Radware AMS & ERT/SOC Slide 19 • Security Operations Center (SOC) – Provides weekly and emergency signature updates – Maintains on-going application vulnerability protection • Emergency Response Team (ERT) – Provide 24x7 service for customers under attack – Neutralize DoS/DDoS attacks and malware outbreaks
  20. 20. Radware Security Products Portfolio Slide 22 AppWall Web Application Firewall (WAF) DefensePro Network & Server attack prevention device APSolute Vision Management and security reporting & compliance
  21. 21. Summary
  22. 22. Conclusion • Attackers deploy multi-vulnerability attack campaigns – Organizations deploy point security solutions – Attackers target for blind spots • Radware offers Attack Mitigation System (AMS): – The only solution that can defend against emerging cyber attack campaigns – No blind spots in network & application security • Customer success: best security solution for – Online business protection – Data center protection Slide 28
  23. 23. Thank You www.radware.com

×