Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mitigation Solution Approach


Published on

08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mitigation Solution Approach

Published in: Internet
  • Login to see the comments

  • Be the first to like this

08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mitigation Solution Approach

  1. 1. Powered by On-Premise, Cloud or Hybrid? DDoS Mitigation Solution Approach
  2. 2. Powered by Firewall/IPS/IDS=>Protected “Clean” and “Comply” Network DDoS=>Large Volume of Traffic Minimum Financial Impact Misconceptions About DDoS
  3. 3. Powered by CIA TRIAD Availability Objective Make online resources unavailable to customers and legitimated users What is DDoS ?
  4. 4. Powered by DDoS Attack Resource ImpactVolume NETWORK CPU, MEMORY, DISK TCP, UDP, ICMP Floods Network Level Volumetric Attacks Reflective/ Amplified DNS, NTP, SNMP, SSDP Floods Fragmented Packet Overlapping, Missing, Too Many Protocol Attacks Specially Crafted Packet Stack, Protocol, Buffer Application Layer(L7) Repetitive GET, Slowloris, SlowRead Application Attacks NETWORK,CPU, MEMORY, DISK
  5. 5. Powered by Mitigation Approach On-Premises Solutions • 50% DDoS Attack < 10G • DDoS Attack Durations < 30minutes • Increasingly of Multiple Type Attack Cloud Solutions • Limited Internet Capacity • Low Cost Investment
  6. 6. Powered by Our Technologies Internet Anti-DDoS System Manager MANAGEMENT AND REPORTING Traffic Analyzer FLOW/TRAFFIC MONITORING Anti-DDoS System ATTACK MITIGATION Automatic Signaling Protected Infrastructure Perimeter Security LegitimatedTraffic MaliciousTraffic Legitimated Traffic Malicious Traffic On-Premise DDS Protection Legitimated Traffic Clod DDoS Protection Services FLOW/TRAFFIC MONITORING LegitimatedTraffic
  7. 7. Powered by Our Services Protected Customer Volumetric Attack Diversion (BGP) INTERNET Clean Traffic (GRE/VLAN) Application/Protocol Attack Diversion (BGP) Flow Statistics/SNMP Clean Traffic (GRE) Scrubbing CenterINTERNET
  8. 8. Powered by On-Premises Solutions • Protect your CUSTOMERS • Quick and Effective Immediate Mitigation • Shortens Time to Redirection and Cloud Mitigation • Increased Visibility and Traffic Threshold Monitoring
  9. 9. Powered by Cloud Solutions • Protect your INFRASTRUCTURE • Quick and Easy Network Integration with BGP • Flexible Connectivity for Clean Traffic Reinjection • Low Network Latency for Effective Mitigation • Always-on, On-demand, Flat-rate
  10. 10. Powered by Hybrid Solutions • Protects Both Customers and Infrastructure • Mitigate Volumetric DDoS attacks to low-and-slow DDoS attacks • Avoids Latency Issues in Always-on Cloud Models
  11. 11. Powered by Our Global Partner
  12. 12. Powered by Global Scrubbing Centers
  13. 13. Powered by Anti DDoS Solutions • Up to 100GB Regional Scrubbing Center • Multi-Tenant/Self Service Portal • Up to 10G On-Premise Scrubbing Center • 24/7 Security Operation Center • “HYBRID”/Multi Layered DDoS Mitigation
  14. 14. Powered by Experience Sharing Real Time Cyber Attack Demo (Distributed Denial Of Service)