Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Radware Solutions for MSSPs

2,199 views

Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Radware Solutions for MSSPs

  1. 1. Advanced DDoS Protection for Service Providers & MSSPs<br />Ron Meyran – Director Product Marketing Security<br />July 2011<br />
  2. 2. Agenda<br />DDoS Is Growing & Evolving<br />Key Success Criteria for Service Providers & MSSPs <br />Radware’s Advanced Solution<br />Customer Cases<br />Summary <br />Slide 2<br />
  3. 3. DDoS is growing and evolving<br />
  4. 4. DDoS Threat is growing<br />Slide 4<br />Attack size<br />Operation Sony DDoS<br />Operation Payback II on Codero; <br />Netbot DDoS on Wordpress.com<br />Operation payback – Wikileaks revenge DDoS attacks<br />July 2009 cyber attacks (US and south korea)<br />IMDDOS – Commercial Botnet<br />Slowloris - Low & Slow Attacks<br />Twitter DDOS attack on Cyxymu<br />Time<br />2009<br />2011<br />2010<br />Source: Radware ERT report<br />
  5. 5. When you have no Anti-DoS solution in place…<br />Slide 5<br />Wikileaks site outage<br />Westboro Baptist Outage<br />4 sites held down for 6 days<br />
  6. 6. Poll question<br />How many DDoS attacks did you (or your customer) face in the past year?<br />None<br />Only once<br />Few times<br />Many times<br />I don’t have the tools to detect DDOS attacks<br />Slide 6<br />
  7. 7. Multi-Vulnerability Attack Campaigns<br />Slide 7<br />Large volume network flood attacks<br />Conclusions<br /><ul><li> Attackers use multi-vulnerability attack campaigns making mitigation nearly impossible
  8. 8. Even if one attack vector is successful – the business is severely impacted</li></ul>Large volume SYN flood<br />Low & Slow connection DoS attacks<br />Business<br />Slow Application flood attack (Slowloris)<br />Application flood attack (HTTP data flood)<br />BUSINESS<br />IMPACT<br />
  9. 9. DDoS Protection: layers of defense<br />Slide 8<br />Type of DoS attacks:<br />PPS & Bandwidth flood attacks<br />Connection & application flood attacks<br />Directed application DoS attacks<br />High<br />Med<br />Attack volume:<br />Low<br />Challenges:<br /><ul><li>PPS Processing capacity
  10. 10. Bandwidth capacity
  11. 11. Identify malicious sources
  12. 12. Accurate mitigation – all sessions are legitimate
  13. 13. Deep packet inspection
  14. 14. Ad-hoc filters creation
  15. 15. Accurate mitigation – maintain very low false positives
  16. 16. Time to protect</li></li></ul><li>Key criteria to become a successful MSSP<br />
  17. 17. What drives the MSSP success? (1 of 2)<br />Business<br />True DDoS Protection<br />Can you detect and protect emerging DDoS attacks including multi-vulnerability campaign attacks and slow DDoS attacks?<br />How fast can you detect and protect against attacks? In seconds? In minutes?<br />Financial<br />Solution scalability<br />Can your infrastructure grow without painful forklift upgrades?<br />How do you price your service?<br />Monthly fee<br />On demand / per incident<br />SLA penalties / rewards<br />Slide 10<br />
  18. 18. What drives the MSSP success? (1 of 2)<br />Technical <br />Flexible deployment<br />Fit any customer architecture<br />Operational<br />Customer centric reporting<br />Easy integration into provider environment (OSS, SEM, SOC)<br />Marketing<br />What is unique in your offering?<br />SLA: can you guarantee Time to protect?<br />Coverage – what type of attacks do you protect, and what you don’t?<br />Multi locations vs. single location<br />Customers portfolio and testimonials<br />Slide 11<br />
  19. 19. Radware solution for DDoS service providers<br />
  20. 20. DDoS Protection: Radware coverage<br />Slide 13<br />Radware DDoS Protections:<br />PPS & Bandwidth flood attacks<br />Connection & application flood attacks<br />Directed application DoS attacks<br />ASIC-Based <br />DoS Mitigator <br />Engine (DME)<br />Real-time signatures technology<br />Multi-core CPUs<br />Real-time signatures & challenge -response technologies<br />StringMatch Engine (SME) RegEx Engine<br />Static & user filters<br />Up to 12MPPS of attack prevention<br />Up to 800K new TPS of HTTP Challenge-Response<br />Full 10Gbps DPI (RegEx) processing<br />
  21. 21. DDoS Protection: Radware technologies<br />Slide 14<br />PPS & Bandwidth flood attacks<br />Connection & application flood attacks<br />Directed application DoS attacks<br /><ul><li> Behavioral based real-time signatures blocking
  22. 22. SYN Protection (SYN cookies; Web cookies)
  23. 23. Rate based protections
  24. 24. HTTP & DNS advanced Challenge –Response techniques
  25. 25. Behavioral based real-time signatures
  26. 26. Rate based protections
  27. 27. Auto-updated RegEx filters
  28. 28. Counter attack techniques
  29. 29. Ad-hoc filters
  30. 30. Widest DDoS attacks coverage out-of-the-box
  31. 31. Best time to protect: in seconds</li></li></ul><li>Deployment: Scrubbing center<br />Slide 15<br />Internet<br />Customer C<br />Customer B<br />Customer A<br />ISP Core IP Network<br />SOC<br />DoS protection Service Provider Infrastructure<br />Management & SEM<br />Attack Mitigation System<br />Customer Portal<br />Scrubbing center<br />
  32. 32. Out-of-path attack mitigation<br />Slide 16<br /><ul><li>Operate in asymmetric & symmetric environment
  33. 33. Full coverage:
  34. 34. Packet & BW attacks
  35. 35. Application DDoS attacks
  36. 36. Directed attacks
  37. 37. No learning required
  38. 38. Time to protect : immediate (seconds)</li></ul>DoS protection Service Provider Infrastructure<br />Attack Mitigation System<br />Scrubbing center<br />
  39. 39. APSolute Vision Reports & Alerts<br /><ul><li>Most extensive monitoring and reporting engine
  40. 40. Per customer dashboards
  41. 41. Per customer reports
  42. 42. Compliance reports
  43. 43. Advanced Alerts based on event correlation rules</li></ul>Built-in reports and alerts engine<br />Slide 17<br />DoS protection Service Provider Infrastructure<br />Management & SEM<br />
  44. 44. Poll question<br />What is the main reason customer select your security services:<br />Attack coverage<br />Reporting<br />Price<br />One stop shop – we are their hosting service provider<br />We do not provide yet security services<br />Slide 18<br />
  45. 45. Advanced alerts: SOC/NOC alarms<br />Slide 19<br />Attack volume is higher than 1Gbps in past 5 minutes<br />Customer critical application is under high risk attack<br />SOC<br />Provider SOC must be aware of high risk and high importance cases<br />DoS protection Service Provider Infrastructure<br />Management & SEM<br />
  46. 46. Advanced alerts: Show customer SLA<br />Slide 20<br />Dear customer,<br />Your site is under high volume attack for more than 1 hours. You are fully protected.<br />Regards.<br />Dear customer,<br />Your booking application has been attacked more than 4 times throughout the day.<br />Regards.<br />DoS protection Service Provider Infrastructure<br />Demonstrate SLA and ROI<br />Automatic customer notification via email<br />Management & SEM<br />
  47. 47. APSolute Vision Reporter<br /><ul><li>Web interface
  48. 48. Scheduled Reports and Alerts by email
  49. 49. Northbound interface via SNMP, SMTP
  50. 50. Export Alerts and event logs
  51. 51. Direct access API to events log database</li></ul>Reports & Alerts: easy service integration<br />Slide 21<br />Portal monitoring view<br />Historical reports<br />DoS protection Service Provider Infrastructure<br />Management & SEM<br />Customer Portal<br />
  52. 52. Deployment: SOC & ERT support<br />Slide 22<br />Security Operations Center (SOC)<br /><ul><li>Provides weekly and emergency signature updates
  53. 53. Develop counter attack tools – fighting back!</li></ul>Emergency Response Team (ERT)<br /><ul><li>Provide 24x7 service for backup when customers under attack
  54. 54. Product and security experts support</li></ul>SOC<br />DoS protection Service Provider Infrastructure<br />Management & SEM<br />Attack Mitigation System<br />Scrubbing center<br />
  55. 55. Radware security expertise : ERT cases (1 of 2)<br />Slide 23<br />Radware ERT helped High Council for Telecommunications (TIB)to achieve full protection against Anonymous attacks<br /><ul><li>Anonymous group published a poster calling its fans to attack Turkish government agency
  56. 56. Target: High Council for Telecommunications (TIB)
  57. 57. When: June 9th (Thursday) 2011 at 6PM
  58. 58. Attack tool: Low Orbit Ion Canon (LOIC)
  59. 59. Type of attack - Multi-vulnerability campaign:
  60. 60. HTTP Get flood attack
  61. 61. TCP connection flood on port 80
  62. 62. SYN flood attack
  63. 63. UDP flood attack</li></li></ul><li>Radware security expertise : ERT cases (2 of 2)<br />Slide 24<br />Radware ERT helped Istanbul police to achieve full protection against Anonymous attacks<br />“We just watched the attacks and DefensePro easily eliminated the attacks. We didn’t even see any latency during the attacks. Istanbul Police is thankful to us and to you. While most of the state websites gets unresponsive during the attacks, they didn’t feel anything.”<br />Istanbul Police integrator<br /><ul><li>Anonymous group attacks Istanbul police as revenge of the arrest
  64. 64. Target: Istanbul police site
  65. 65. When: June 13th 2011
  66. 66. Attack tool: Low Orbit Ion Canon (LOIC)
  67. 67. Type of attack - Multi-vulnerability campaign</li></li></ul><li>Customer success<br />
  68. 68. Hosting service provider: in-the-cloud DoS protection<br />Slide 26<br />Customer<br /><ul><li>One of the top three IT infrastructure providers in North America delivering Managed, Self-Managed, and Co-location hosting services
  69. 69. Hosts over 10,000 customers worldwide</li></ul>Challenges and Objective<br /><ul><li>Protect the SP infrastructure against bandwidth consuming attacks
  70. 70. Offer their customers value-added DoS protection service</li></ul>Solution Overview<br /><ul><li>DefensePro devices deployed in scrubbing center with the following protection sets:
  71. 71. DoS Protection: Prevent high volume and high PPS flood attacks
  72. 72. NBA: Prevent Application DDoS attacks</li></ul>Solution Business Benefits<br /><ul><li>Maintain customer business continuity and satisfaction when the network is under attack
  73. 73. Return on investment within 6 months
  74. 74. Service profit over 3 years: $1.2M </li></li></ul><li>Summary<br />
  75. 75. What drives the MSSP success? (1 of 2)<br />Business: best DDoS attacks coverage<br />Packet and bandwidth flood attacks protection<br />Application DDoS flood attacks protection<br />Directed (low & slow, SSL) attacks protection<br />Short time to protect – in seconds!<br />Financial<br />Solution scalability: OnDemand platform<br />Unique pay as you grow approach<br />No forklift upgrades<br />Best performing 10G attack mitigation platforms<br />Lowest CapEx & OpEx<br />Multitude of security tools and SEM in a single solution<br />Out-of-the-box protections<br />Slide 28<br />
  76. 76. What drives the MSSP success? (1 of 2)<br />Technical <br />Flexible deployment of attack mitigation devices in any environment<br />Symmetric, Asymmetric, no learning.<br />Operational<br />Emergency Response Team (ERT) to support your SOC<br />Our commitment to your success<br />Customer centric reporting<br />Integrated SEM with per-customer reports and dashboards<br />Marketing<br />The only NSS Recommended Attack Mitigation solution<br />SLA: Short time to protect!<br />SLA: Coverage: protect against emerging DDoS attacks<br />Slide 29<br />

×