SlideShare a Scribd company logo

bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app6891

S
Sergiy Pitel
1 of 14
Download to read offline
Best Practices: Using Your Network and the Cisco ASR 9000 for DDoS Protection Tom Bienkowski Product Marketing, Arbor Networks Talbot Hack Product Manager, Arbor Networks Mike Geller Principal Engineer, Cisco
Modern Day DDoS Attacks  DDoS Attacks are increasing in Size (up to 400G), Frequency (daily) and Complexity (A dynamic combination of Volumetric, TCP State Exhaustion and Application layer attack vectors) Legit Traffic Your (ISP’s) Network Your Data CentersThe Internet Volumetric Attack Botnet Application Attack State Exhaustion Impact: (To You and Your Customers)  Availability of network and services  Operational cost to mitigate attack  Lost revenue and profitability  Unwanted media attention; tarnished brand  Fees/Fines
The Solution Layered DDoS Attack Protection Stop application layer DDoS attacks and other advanced threats; detect abnormal outbound activity 2 Volumetric Attack Your Data Centers/ Internal Networks The Internet Application Attack Scrubbing Center Your (ISP’s) Network Stop volumetric attacks In-Cloud1 Intelligent communication between both environments 3 4 Backed by continuous threat intelligence Backed By Continuous Threat Intelligence
BackboneProvider C Providers A Multiple Places/Ways to Stop DDoS Attacks Peering/Transit Edge Data Center/ Customer Edge Scrubbing Center Provider D DC/Customer  Peering/Transit Edge: Stop DDoS attacks at network edge before they impact backbone, Data centers and customers.  Data Center/ Customer Edge: Dedicated DDoS protection.  Regional Scrubbing Centers: Shared DDoS protection for multiple customers placed in strategic parts of network. DDoS Traffic  Comprehensive DDoS protection is accomplished using a combination of: a) Dedicated DDoS protection solutions b) Best Current Practices leveraging network infrastructure 1 2 3 3 2 1
Who Is Arbor Networks?  For the past 15 years Arbor Networks has been the undisputed leader  A majority of the world’s service providers (100% of Tier 1) and largest enterprises have trusted Arbor Networks for their DDoS Protection 15 Proven & Trusted DDoS Protection DDoS Protection?... We invented it! #1
Arbor’s DDoS Protection Solution Proven, Industry Leading, Layered DDoS Protection Products & Services Continuously Armed with Global Visibility and Threat Intelligence Arbor Cloud Volumetric Attack On-PremThe Internet Application Attack/Malware In-Cloud Cloud Signaling (Arbor Deployments in majority of world’s ISPs) Compromised Hosts
Network Embedded, Virtual DDoS Protection Arbor Peakflow Threat Management System (TMS) #1 in DDoS Attack Protection Products Cisco ASR 9000 Virtual Services Module (VSM) Up to 40 Gbps Mitigation per VSM #1 in Network Infrastructure Products Cisco ASR 9000 vDDoS Protection Industry’s Most Comprehensive DDoS Attack Protection Solution vDDoS Protection Two Best of Breeds Combine
Backbone Provider B Provider A Cisco/Arbor’s Comprehensive DDoS Protection Solution Provider C TMS 4000  A single Peakflow console used for Netflow analysis, attack detection (in as little as 1 sec), alerting and reporting  vDDoS Protection embedded in Cisco ASR 9000 routers distributed at peering edge, data centers, customer edge, etc. (40 Gbps mitigation per VSM)  Existing Arbor TMS DDoS solutions in regional scrubbing centers or where ASR 9000’s not deployed  Leverage Network (i.e. ACLs, BGP Flowspec, D/RTBH, S/RTBH, OpenFlow) for mitigation DDoS Traffic Legit Traffic Benefits:  Infrastructure & Service Protection: Comprehensive DDoS protection solution that can stop DDoS attacks in multiple network locations  Service Enablement: Increase revenue via new managed Visibility and DDoS Protection ASR 9000 vDDoS Protection Peakflow SP NetFlow Collector DATA CENTER & CLOUD SERVICES PEERING & TRANSIT EDGE CUSTOMER EDGE 1 2 3 4 1 2 3 4 SCRUBBING CENTER Peakflow Console
Substantial Growth in Largest Attacks  Increase in size and number of Reflection/Amplification attacks  DNS, NTP, SSDP, SNMP and Chargen the most common  To effectively stop these attacks you must leverage your network
Using Your Network For Mitigation  ACLs – block all unnecessary protocols/ports at the network ingress to protect critical resources  BGP Flowspec – signal injections of ACLs or routing policy to filter or divert traffic upstream  S/RTBH – use source based remote triggered blackholing to block known bad sources  D/RTBH – use destination based remote triggered blackholing as a last resort to protect the network  SDN (OpenFlow) – Offload blacklists, policies, etc. to upstream routers to filter or divert traffic Benefit: substantially better scale and performance
Blacklist Offload via OpenFlow ASR 9000 vDDoS Protection Provider B Provider A Data Center GOOD TRAFFIC BAD TRAFFIC Blacklist offload via OPENFLOW X X Benefit: pushes filtering to the network fabric (via OpenFlow) for greater scale and performance
What’s New Leveraging the power of the cloud  Pushing SSL decryption to the cloud Improving visibility  Enabling underlay / overlay visibility  Enabling selective bypass of certain flows based on policies (‘coloring’)  Improving agility  Enabling more dynamic, intelligent offload
Arbor’s (And Cisco’s) DDoS Protection Solution Proven, Industry Leading, Layered DDoS Protection Products & Services Continuously Armed with Global Visibility and Threat Intelligence Arbor Cloud Volumetric Attack On-PremThe Internet Application Attack/Malware In-Cloud Cloud Signaling (Arbor deployment in majority of ISPs) Compromised Hosts ASR 9000 vDDoS Protection
Q&A…Thanks Tom Bienkowski tbienkowski@arbor.net For more information visit us at Cisco Live Booth # 1307

Recommended

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIben Rodriguez
 
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...PROIDEA
 
Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpnJoseph Sebastian
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
D do s
D do sD do s
D do ssunilkumar021
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...SWITCHPOINT NV/SA
 

Recommended

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIben Rodriguez
 
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...PROIDEA
 
Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpnJoseph Sebastian
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
D do s
D do sD do s
D do ssunilkumar021
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...SWITCHPOINT NV/SA
 
Hyper efficient data centres – key ingredient intelligence networkshop44
Hyper efficient data centres – key ingredient intelligence networkshop44Hyper efficient data centres – key ingredient intelligence networkshop44
Hyper efficient data centres – key ingredient intelligence networkshop44Jisc
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P NsAamirAziz
 
Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSReal-Time Innovations (RTI)
 
IT Network Asset Discovery & Inventory
IT Network Asset Discovery & InventoryIT Network Asset Discovery & Inventory
IT Network Asset Discovery & Inventoryikirmer
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PROIDEA
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentationRajesh Thakur
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationRam Bharosh Raut
 
Kenneth Howard Long_Res_Was
Kenneth Howard Long_Res_WasKenneth Howard Long_Res_Was
Kenneth Howard Long_Res_WasKenneth Long
 
Using a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkUsing a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkNetpluz Asia Pte Ltd
 
Networking Concepts Lesson 13 - Troubleshooting - Eric Vanderburg
Networking Concepts Lesson 13 - Troubleshooting - Eric VanderburgNetworking Concepts Lesson 13 - Troubleshooting - Eric Vanderburg
Networking Concepts Lesson 13 - Troubleshooting - Eric VanderburgEric Vanderburg
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)Shreyank Gupta
 
Networking Concepts Lesson 12 - WANs - Eric Vanderburg
Networking Concepts Lesson 12 - WANs - Eric VanderburgNetworking Concepts Lesson 12 - WANs - Eric Vanderburg
Networking Concepts Lesson 12 - WANs - Eric VanderburgEric Vanderburg
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
 
Zoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud ServicesZoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud ServicesWinston Morton
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptOECLIB Odisha Electronics Control Library
 
Acit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsAcit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsSleek International
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 

More Related Content

What's hot

Hyper efficient data centres – key ingredient intelligence networkshop44
Hyper efficient data centres – key ingredient intelligence networkshop44Hyper efficient data centres – key ingredient intelligence networkshop44
Hyper efficient data centres – key ingredient intelligence networkshop44Jisc
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P NsAamirAziz
 
IT Network Asset Discovery & Inventory
IT Network Asset Discovery & InventoryIT Network Asset Discovery & Inventory
IT Network Asset Discovery & Inventoryikirmer
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PROIDEA
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
 
Kenneth Howard Long_Res_Was
Kenneth Howard Long_Res_WasKenneth Howard Long_Res_Was
Kenneth Howard Long_Res_WasKenneth Long
 
Using a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkUsing a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkNetpluz Asia Pte Ltd
 
Networking Concepts Lesson 13 - Troubleshooting - Eric Vanderburg
Networking Concepts Lesson 13 - Troubleshooting - Eric VanderburgNetworking Concepts Lesson 13 - Troubleshooting - Eric Vanderburg
Networking Concepts Lesson 13 - Troubleshooting - Eric VanderburgEric Vanderburg
 
Networking Concepts Lesson 12 - WANs - Eric Vanderburg
Networking Concepts Lesson 12 - WANs - Eric VanderburgNetworking Concepts Lesson 12 - WANs - Eric Vanderburg
Networking Concepts Lesson 12 - WANs - Eric VanderburgEric Vanderburg
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaMyNOG
 
Zoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud ServicesZoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud ServicesWinston Morton
 
Acit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsAcit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsSleek International
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewallvfmindia
 

What's hot (20)

Hyper efficient data centres – key ingredient intelligence networkshop44
Hyper efficient data centres – key ingredient intelligence networkshop44Hyper efficient data centres – key ingredient intelligence networkshop44
Hyper efficient data centres – key ingredient intelligence networkshop44
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P Ns
 
Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDS
 
IT Network Asset Discovery & Inventory
IT Network Asset Discovery & InventoryIT Network Asset Discovery & Inventory
IT Network Asset Discovery & Inventory
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Kenneth Howard Long_Res_Was
Kenneth Howard Long_Res_WasKenneth Howard Long_Res_Was
Kenneth Howard Long_Res_Was
 
Using a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkUsing a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business network
 
Networking Concepts Lesson 13 - Troubleshooting - Eric Vanderburg
Networking Concepts Lesson 13 - Troubleshooting - Eric VanderburgNetworking Concepts Lesson 13 - Troubleshooting - Eric Vanderburg
Networking Concepts Lesson 13 - Troubleshooting - Eric Vanderburg
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 
Networking Concepts Lesson 12 - WANs - Eric Vanderburg
Networking Concepts Lesson 12 - WANs - Eric VanderburgNetworking Concepts Lesson 12 - WANs - Eric Vanderburg
Networking Concepts Lesson 12 - WANs - Eric Vanderburg
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
 
Zoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud ServicesZoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud Services
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
Acit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsAcit Mumbai - understanding vpns
Acit Mumbai - understanding vpns
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
 

Similar to bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app6891

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUSDETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUSCristian Garcia G.
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosHaltdos
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInformation Technology
 
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...Ziv Ichilov
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersStephanie Weagle
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceAmazon Web Services
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta swet4
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldAmazon Web Services
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDeivid Toledo
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPROIDEA
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 

Similar to bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app6891 (20)

PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
 
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUSDETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-Haltdos
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and Analysis
 
Corsa Giga Filter
Corsa Giga FilterCorsa Giga Filter
Corsa Giga Filter
 
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customers
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS Shield
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWARE
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS Protection
 
Nas nie zaatakują!
Nas nie zaatakują!Nas nie zaatakują!
Nas nie zaatakują!
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 

bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app6891

  • 1. Best Practices: Using Your Network and the Cisco ASR 9000 for DDoS Protection Tom Bienkowski Product Marketing, Arbor Networks Talbot Hack Product Manager, Arbor Networks Mike Geller Principal Engineer, Cisco
  • 2. Modern Day DDoS Attacks  DDoS Attacks are increasing in Size (up to 400G), Frequency (daily) and Complexity (A dynamic combination of Volumetric, TCP State Exhaustion and Application layer attack vectors) Legit Traffic Your (ISP’s) Network Your Data CentersThe Internet Volumetric Attack Botnet Application Attack State Exhaustion Impact: (To You and Your Customers)  Availability of network and services  Operational cost to mitigate attack  Lost revenue and profitability  Unwanted media attention; tarnished brand  Fees/Fines
  • 3. The Solution Layered DDoS Attack Protection Stop application layer DDoS attacks and other advanced threats; detect abnormal outbound activity 2 Volumetric Attack Your Data Centers/ Internal Networks The Internet Application Attack Scrubbing Center Your (ISP’s) Network Stop volumetric attacks In-Cloud1 Intelligent communication between both environments 3 4 Backed by continuous threat intelligence Backed By Continuous Threat Intelligence
  • 4. BackboneProvider C Providers A Multiple Places/Ways to Stop DDoS Attacks Peering/Transit Edge Data Center/ Customer Edge Scrubbing Center Provider D DC/Customer  Peering/Transit Edge: Stop DDoS attacks at network edge before they impact backbone, Data centers and customers.  Data Center/ Customer Edge: Dedicated DDoS protection.  Regional Scrubbing Centers: Shared DDoS protection for multiple customers placed in strategic parts of network. DDoS Traffic  Comprehensive DDoS protection is accomplished using a combination of: a) Dedicated DDoS protection solutions b) Best Current Practices leveraging network infrastructure 1 2 3 3 2 1
  • 5. Who Is Arbor Networks?  For the past 15 years Arbor Networks has been the undisputed leader  A majority of the world’s service providers (100% of Tier 1) and largest enterprises have trusted Arbor Networks for their DDoS Protection 15 Proven & Trusted DDoS Protection DDoS Protection?... We invented it! #1
  • 6. Arbor’s DDoS Protection Solution Proven, Industry Leading, Layered DDoS Protection Products & Services Continuously Armed with Global Visibility and Threat Intelligence Arbor Cloud Volumetric Attack On-PremThe Internet Application Attack/Malware In-Cloud Cloud Signaling (Arbor Deployments in majority of world’s ISPs) Compromised Hosts
  • 7. Network Embedded, Virtual DDoS Protection Arbor Peakflow Threat Management System (TMS) #1 in DDoS Attack Protection Products Cisco ASR 9000 Virtual Services Module (VSM) Up to 40 Gbps Mitigation per VSM #1 in Network Infrastructure Products Cisco ASR 9000 vDDoS Protection Industry’s Most Comprehensive DDoS Attack Protection Solution vDDoS Protection Two Best of Breeds Combine
  • 8. Backbone Provider B Provider A Cisco/Arbor’s Comprehensive DDoS Protection Solution Provider C TMS 4000  A single Peakflow console used for Netflow analysis, attack detection (in as little as 1 sec), alerting and reporting  vDDoS Protection embedded in Cisco ASR 9000 routers distributed at peering edge, data centers, customer edge, etc. (40 Gbps mitigation per VSM)  Existing Arbor TMS DDoS solutions in regional scrubbing centers or where ASR 9000’s not deployed  Leverage Network (i.e. ACLs, BGP Flowspec, D/RTBH, S/RTBH, OpenFlow) for mitigation DDoS Traffic Legit Traffic Benefits:  Infrastructure & Service Protection: Comprehensive DDoS protection solution that can stop DDoS attacks in multiple network locations  Service Enablement: Increase revenue via new managed Visibility and DDoS Protection ASR 9000 vDDoS Protection Peakflow SP NetFlow Collector DATA CENTER & CLOUD SERVICES PEERING & TRANSIT EDGE CUSTOMER EDGE 1 2 3 4 1 2 3 4 SCRUBBING CENTER Peakflow Console
  • 9. Substantial Growth in Largest Attacks  Increase in size and number of Reflection/Amplification attacks  DNS, NTP, SSDP, SNMP and Chargen the most common  To effectively stop these attacks you must leverage your network
  • 10. Using Your Network For Mitigation  ACLs – block all unnecessary protocols/ports at the network ingress to protect critical resources  BGP Flowspec – signal injections of ACLs or routing policy to filter or divert traffic upstream  S/RTBH – use source based remote triggered blackholing to block known bad sources  D/RTBH – use destination based remote triggered blackholing as a last resort to protect the network  SDN (OpenFlow) – Offload blacklists, policies, etc. to upstream routers to filter or divert traffic Benefit: substantially better scale and performance
  • 11. Blacklist Offload via OpenFlow ASR 9000 vDDoS Protection Provider B Provider A Data Center GOOD TRAFFIC BAD TRAFFIC Blacklist offload via OPENFLOW X X Benefit: pushes filtering to the network fabric (via OpenFlow) for greater scale and performance
  • 12. What’s New Leveraging the power of the cloud  Pushing SSL decryption to the cloud Improving visibility  Enabling underlay / overlay visibility  Enabling selective bypass of certain flows based on policies (‘coloring’)  Improving agility  Enabling more dynamic, intelligent offload
  • 13. Arbor’s (And Cisco’s) DDoS Protection Solution Proven, Industry Leading, Layered DDoS Protection Products & Services Continuously Armed with Global Visibility and Threat Intelligence Arbor Cloud Volumetric Attack On-PremThe Internet Application Attack/Malware In-Cloud Cloud Signaling (Arbor deployment in majority of ISPs) Compromised Hosts ASR 9000 vDDoS Protection
  • 14. Q&A…Thanks Tom Bienkowski tbienkowski@arbor.net For more information visit us at Cisco Live Booth # 1307