Speaker Notes: These hard costs are lost revenue for the specified period of time According to Arbor Networks, a typical DDoS attack can last anywhere between 2 and 6 hours. (Source: – DDoS: A Threat You Can’t Afford To Ignore – Forrester Consulting 1/21/2009 ) Further, not only can these attacks cost online organizations millions in lost revenues, they also damage reputations and customer relationships. These “soft” / indirect costs are more difficult to quantify, but could be extremely significant in terms of brand equity, customer retention and customer satisfaction. These costs include: • Company Reputation • Transaction / Operational disruption • Compliance / Regulatory Costs • Legal Costs Sources: CERT, CSI
Attacks are continually morphing and adapting to the latest defenses As time has shown, DDoS attacks are becoming increasingly mainstream, and recent DDoS attacks against US government sites, global financial institutions, and other enterprises are evidence that these may be preparatory experiments for broader reaching attack operations DDoS attacks are motivated by: Extortion Disgruntled Employees Industrial Saboteurs / Competitors Cyber Terrorists Political Activists Today, Prolexic covers 7 of the top banks around the world
Customer notified by Prolexic SOC. Their /24 is announced to Prolexic via BGP announcement. Prolexic network Attracts malicious traffic to optimal cleansing centers.
Managed DDoS Protection Service John Bull [email_address]
<ul><li>What is Denial of Service Protection (DDoS)? </li></ul><ul><li>How does it work? </li></ul>
Overview DDoS (Distributed Denial of Service) attacks are among the most serious threats to e-commerce and online businesses today.
What’s the Risk? (Estimates by Forrester, IDC and the Yankee Group)
<ul><li>- Financial </li></ul><ul><li>Extortion </li></ul><ul><li>ID Theft </li></ul><ul><li>Phishing </li></ul>For Hire Mainstream Experimental 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 TFN Attacks (Ebay, MSFT) DNS Backbone Attacks SQL Slammer Nugache Authorize.Net SCO Attack Dark Energy Darkness DC++ Conficker LOIC *Anonymous* Bank of America Competitive Sabotage Online Gambling Daily Independent CNN MasterCard Whitehouse Payment Processing Shoe Companies Cosmetics E-Commerce Olympics Airlines Twitter Amazon NYSE Akamai Visa Online Gaming CitiBank Pump and Dump Travel DNS Reflection Russian News ID Theft RIAA Primarily Organized Crime Competitors Political Activists State-sponsored State-complicit Disgruntled employees BBC All of the above + Activists Disgruntled Employees Broadband Mobile Paypal SaaS Cloud Big Financial MMORPG Mach Stux Regional Banks Estonia Georgia S.Korea Tunisia Money Mule 2.0 NAB Westpac Secure Computing EFTel, aaNet ‘ TitStorm’ News Ltd. The Evolution of DDoS Attacks & Prolexic
How Does DDoS Work? <ul><li>Attack detection is accomplished via remote router monitoring of Prolexic CPE device </li></ul><ul><li>Generic Route Encapsulation (GRE) protocol is used to create virtual wire between the mitigation infrastructure and the customer’s network </li></ul>Prolexic Mitigation Cloud Customer Border Router Customer Network Prolexic Router GRE Tunnel Customer /24 announced to Prolexic via BGP Announcement
DDoS Attack Mitigation Internet Prolexic Security Operation Center (SOC) 24/7 x 365 Customer Enterprise LON HKG MIA SJC LON HKG MIA SJC Clean Inbound Internet Traffic Clean outbound Internet Traffic GRE Tunnels Prolexic DDoS Mitigation Network Remote Attack Monitoring (24/7) Clean Inbound Traffic Delivered Malicious Attack Traffic Active Attack Mitigation as soon as traffic is routed