2012 Global Application and Network Security Report


Published on

Prepared by Radware’s Emergency Response Team (ERT), 2012 Global Application and Network Security Report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. Most recently, these tactics were leveraged by perpetrators in the attacks against U.S. financial institutions that have been ongoing since September 2012.

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

2012 Global Application and Network Security Report

  1. 1. Radware 2012 Global Application &Network Security ReportJanuary 2013
  2. 2. AGENDAAbout 2012 Global Security ReportKey Findings & TrendsAttack Tools TrendRecommendations
  3. 3. Information Resources• Industry Security Survey • ERT Cases – External survey – Internal survey – 179 participants – Unique visibility into attack – 95.5% are not using behavior Radware DoS mitigation – 95 selected cases solutions • Customer identity remains undisclosed ERT gets to see attacks in real-time on daily basis 3
  4. 4. AGENDAAbout 2012 Global Security ReportKey Findings & TrendsAttack Tools TrendRecommendations
  5. 5. Organizations Bring a Knife to a Gunfight• “Someone who brings a knife to a gun fight” – Organizations who do prepare for the fight, but do not understand its true nature• Organizations today are like that – They do invest in security before the attack starts, and conduct excellent forensics after it is over – However, there is one critical blind-spot – they dont have the capabilities or resources to sustain a long, complicated attack campaign.• Attackers target this blind spot! 5
  6. 6. Attacked in 2012 They had the budget. They made the investment.And yet they went offline. 6
  7. 7. Organizations Deploy Two-phase Security Approach 7
  8. 8. Attacks Today Have 3 Phases 8
  9. 9. ERT Cases – Attack Duration Trend 9
  10. 10. ERT Cases – Attack Vectors Trend 10
  11. 11. ERT Introduces Its APT Score 11
  12. 12. ERT Cases – APT Score Trend 12
  13. 13. How Likely is It That Your Organization Will Be Attacked? 13
  14. 14. How Well Are You Prepared? 14
  15. 15. Attack Vector Trends 15
  16. 16. Entities That Are The Bottlenecks in DoS Attacks 16
  17. 17. Solutions Used Against DoS Attacks 17
  18. 18. Dedicated Versus General Solutions 18
  19. 19. Attackers Motivation Trend 19
  20. 20. Who’s on the Target List? 20
  21. 21. AGENDAAbout 2012 Global Security ReportKey Findings & TrendsAttack Tools TrendRecommendations
  22. 22. HTTPS Based Attacks• HTTPS based attacks are on the rise• SSL traffic is not terminated by DDoS Cloud scrubbers or DDoS solutions• SSL traffic is terminated by ADC or by the web server• SSL attacks hit their target and bypass security solutions 22
  23. 23. Content Delivery Network (CDN) 23
  24. 24. Attacks Evade CDN Service GET Legitimate requests www.example.com are refusedLegitimate users Internet Backend Webserver • In recent cyber attacks, the CDN was easily bypassed GET changing the page request in every Web by transaction www.example.com/?[Random] Botnet • These random request techniques forced CDNs to “raise the curtain” – All the attack traffic is disembarked directly to the customer premise – More difficult to mitigate attacks masked by CDN CDN service 24
  25. 25. Servers Enlisted to the Botnets Army• In 2012 a dramatic change occurred in the DDoS landscape• Attackers build and activate Botnets of powerful servers to achieve: – Greater firepower - x100 higher bandwidth capacity vs. home PC – Greater reliability - servers are always online – Greater control – fewer machine to control vs. botnet of PCs 25
  26. 26. DDoS Infrastructure Changes 26
  27. 27. AGENDAAbout 2012 Global Security ReportKey Findings & TrendsAttack Tools TrendRecommendations
  28. 28. Attackers Are Well Prepared• Attackers plan and run attacks on a regular basis• Turning DDoS attacks into their profession• Organizations face attacks a few times per year• Too limited experience to build the required “know how” 28
  29. 29. Conclusions• Today’s attacks are different: – Carefully planned – Last days or weeks – Switching between attack vectors• Organizations are ready to fight yesterdays’ attacks: – Deploy security solutions that can absorb the first strike – But when attacks prolong - they have very limited gunfire – By the time they succeed blocking the first two attack vectors, attackers switch to a third, more powerful one 29
  30. 30. Recommendations• Acquire capabilities to sustain long attacks• Train a team that is ready to respond to persistent attacks• Deploy the most up-to-date methodologies and tools• 24 x 7 availability to respond to attacks• Deploy counterattack techniques to cripple an attack 30
  31. 31. Thank Youwww.radware.com