Deivid Toledo, profile picture
Uploaded byDeivid Toledo
PPTX, PDF928 views

Attack Prevention Solution for RADWARE

The document presents the capabilities of DefensePro, a real-time attack prevention device designed to protect data centers against various security threats, including DDoS attacks and application vulnerabilities. It outlines key features such as intrusion prevention, behavioral analysis, and a reputation engine, emphasizing its ability to maintain application availability under attack while reducing operational costs. Additionally, it highlights successful case studies and the system's competitive advantages in performance and scalability.

Embed presentation

Downloaded 34 times
DefensePro Sales Presentation APSolute Attack Prevention October 2010 Name, Title
Agenda • Data center security challenges and threats • The solution: APSolute attack prevention with DefensePro • Introducing DefensePro building blocks – Protections set – OnDemand switch platform – APSolute Vision • Emergency Response Team • Customer success • Summary Slide 2
Network & Data Center Security Challenges • Availability – How do you ensure business applications are delivered under attacks? • Performance – How do you ensure consistent user experience when your network is under attack? • Security – What is the cost of data loss or abuse of your resources? • Scalability – How do you ensure future growth while minimizing initial spending? • Cost reduction – How to address all the above while reducing costs? Slide 3 We focus on data center application delivery and security
Protection tools Intrusion Prevention Network & Data Center Threats Slide 4 Threats Application vulnerability Information theft Authentication defeat Malware spread Network anomalies Application downtime Network downtime Phishing, Trojans, Spam, Botnets Behavioral Analysis DoS Protection Reputation Services
July 2009 Cyber Attacks – From The News Slide 5
Slide 6 July 2009 Cyber Attacks: Mapping The Attacks Internet Public Web Servers Bot (Infected host) Bot (Infected host) Attacker BOT Command C&C Server Bot (Infected host) Bot (Infected host) Legitimate User Mydoom.EA Botnet Characteristics • ~50,000 zombie computers • Diversified attacks: • HTTP page flood • SYN flood with packet anomalies • UDP flood • ICMP flood • Destinations in US and S/Korea • ~ 6-7 Gbps inbound traffic (>2 Million PPS)
July 2009 Cyber Attacks: Fighting Back Slide 7 Attack Vector Solution Bot malware spread IPS or Network Behavior Analysis Bot Command & Control messages IPS Application flooding - HTTP page flood attack Network Behavior Analysis Network flooding - SYN/UDP/ICMP flood attack DoS Protection No single protection tool can handle today’s data center threats
The Solution
Network & data center security: mapping the solutions Slide 9 IPS DoS Protection NBA Reputation Engine APSolute attack prevention for data centers Internet Access Router Web Servers Application Servers FirewallDoS Protection IPS NBA Anti Trojan / phishing DefensePro  IPS  DoS Protection  NBA  Anti Trojan, Anti Phishing
DefensePro  IPS  DoS Protection  NBA  Anti Trojan, Anti Phishing Network & data center security: mapping the technologies Slide 10 IPS DoS Protection NBA Reputation Engine Signature Detection Rate-based Rate-based Behavioral Analysis Signature Detection Anti Trojan, Anti PhishingStateful Inspection         SYN Cookies  User Behavioral Analysis Application Behavioral Analysis  
Slide 11 Introducing DefensePro DefensePro is a real-time attack prevention device that protects your application infrastructure against network and application downtime, application vulnerability exploitation, malware spread, network anomalies and information theft
DefensePro building blocks Slide 12
DefensePro feature set Slide 13
IPS: Static Signature Protection • Signature protection – Leading security research team – Protection against known application vulnerability exploits – Weekly and emergency signature updates • Enables protection against – Worms, Bots, Trojans, Phishing, Spyware – Web, Mail, SQL, VoIP (SIP), DNS vulnerabilities – Anonymizers, IPv6 attacks – Microsoft vulnerabilities – Protocol anomalies Slide 14
DoS Protection: Real-time Signatures Protection • Automatic real-time signature protection against network DDoS attacks: – SYN floods – TCP floods – UDP/ICMP floods • Value proposition – Maintain critical application availability even under attack – Block attacks without blocking legitimate user traffic – Automatic, real-time protection against network flooding with no need for human intervention Slide 15
Network Behavioral Analysis: Real-time Signatures Protection • NBA (Network behavioral analysis) detects abnormal user and application transactions • Automatic real-time signature protection against : – Zero-minute Malware spread – Application resource misuse such as: • Brute force attacks • Web application scanning • HTTP page floods • SIP Scans • SIP Floods • Value proposition – Maintain critical application availability even under attack – Block attacks without blocking legitimate user traffic – Automatic, real-time protection against user and application resource misuse with no need for human intervention Slide 16
The Secret Sauce – Real-time Signatures Public Network Inbound Traffic Outbound Traffic Behavioral Analysis Abnormal Activity Detection Inspection Module Real-Time Signature Inputs - Network - Servers - Clients Real-Time Signature Generation Closed Feedback Enterprise Network Optimize Signature Remove when attack is over Slide 17 DoS & DDoS Application level threats Zero-Minute malware propagation
Standard Security Tools: HTTP Flood Example Internet Public Web Servers HTTP Bot (Infected host) HTTP Bot (Infected host) Attacker BOT Command IRC Server Misuse of Service Resources HTTP Bot (Infected host) HTTP Bot (Infected host) Static Signatures Approach - No solution for low-volume attacks as requests are legitimate - Connection limit against high volume attacks  Agnostic to the attacked page  Blocks legitimate traffic  High false-positives Slide 18
Real-Time Signatures: Accurate Mitigation Case: HTTP Page Flood Attack Internet Public Web Servers HTTP Bot (Infected host) HTTP Bot (Infected host) Attacker BOT Command IRC Server Misuse of Service Resources HTTP Bot (Infected host) HTTP Bot (Infected host) Behavioral Pattern Detection (1)  Based on probability analysis identify which Web page (or pages) has higher than normal hits Behavioral Pattern Detection (2)  Identify abnormal user activity For example: - Normal users download few pages per connection - Abnormal users download many pages per connection Real Time Signature:  Block abnormal users’ access to the specific page(s) under attack Slide 19
Real-Time Signatures: Resistance to False Positive Case: Flash Crowd Access Internet Public Web Servers Legitimate User Legitimate User Legitimate User Legitimate User Behavioral Pattern Detection (1)  Based on probability analysis identify which web page (or pages) has higher than normal hits Behavioral Pattern Detection (2)  No detection of abnormal user activity Attack not detected  No real time signature is generated  No user is blocked Slide 20
Reputation Engine: real time feeds • Protect network users from: – Financial fraud – Information theft – Known & zero-minute malware spread • Real time feeds from RSA Anti Fraud Command Center (AFCC) – The industry’s largest, and most experienced anti-fraud team • Preventing: – Trojan installs & remote communications – Communication with drop point (leak of user privileged information) – Phishing attempts • Availability: version 5.10 / October 2010 Slide 21
DefensePro feature set Slide 22
OnDemand Switch: Architecture Designed for Attacks Prevention Slide 23 OnDemand Switch Platform Capacity up to 12Gbps DoS Mitigation Engine • ASIC based • Prevent high volume attacks • Up to 10 Million PPS of attack protection NBA Protections • Prevent application resource misuse • Prevent zero-minute malware Reputation Engine • Anti Trojan & Phishing IPS • ASIC based String Match Engine performing deep packet inspection • Prevent application vulnerability exploits
Slide 24 The Competitive Advantage: Performance Under Attack Multi-Gbps Capacity Legitimate Traffic 10 Million PPS Attack Traffic Other Network Security Solutions Multi-Gbps Capacity Legitimate Traffic + Attack Attack Attack Attack Traffic DefensePro Device handles attack traffic at the expense of legitimate traffic! Attack traffic does not impact legitimate traffic
OnDemand Attack Prevention: Models up to 12Gbps • DefensePro x412 Behavioral Protection – Models: • DefensePro 4412 (4Gbps) • DefensePro 8412 (8Gbps) • DefensePro 12412 (12Gbps) • DefensePro x412 IPS & Behavioral Protection – Models: • DefensePro 4412 (4Gbps) • DefensePro 8412 (8Gbps) • DefensePro x016 IPS & Behavioral Protection – Models: • DefensePro 1016 (1Gbps) • DefensePro 2016 (2Gbps) • DefensePro 3016 (3Gbps) License Key Upgrade Slide 25
On-Demand Attack Prevention: Value Proposition • Unmatched Performance – Leading industry performance up to 12Gbps with active network security profiles • OnDemand Scalability – Scale up performance by increasing throughput using a simple license upgrade – No hardware replacement needed • Investment Protection – Buy what you need – prevent overspending for capacity you don’t need now – Pay-as-you-grow and only for the added throughput license • No Upgrade Projects – No hardware replacement, staging and network downtime – Huge cost saving and best TCO • Operational Simplicity and Standardization – A standard, unified platform suitable for all throughput levels – Savings on training, spares and maintenance Slide 26 “Radware offers low product and maintenance costs, as compared with most competitors.” Greg Young & John Pescatore, Gartner, April 2009
DefensePro: Monitoring and Reporting Slide 27
APSolute Vision: Advanced Monitoring and Reporting Slide 28 • Real-time monitoring – Active attack details • Historical reporting – Per customer dashboards – Custom reports
APSolute Vision: The Value Proposition Slide 29 APSolute Vision helps Data Center IT managers improve business: • Resilience – Real-time identification, prioritization, and response to policy breaches, cyber attacks and insider threats • Agility – Per user customization of real-time dashboards and historical reports. • Efficiency – Simplifies data center management – Improves IT productivity
Emergency Response Team
ERT Slide 31
ERT – Emergency Response Team • Background: July 2009 – Massive DDoS Incidents in USA and Korea – A new level of attacks both in terms of quality and quantity – Radware decided to address such cases and to provide help for customers under attack • ERT’s Goal – To provide swift and professional response that allows customers to neutralize attacks and to restore network and service operational status • Characteristics – 24x7 Service – Immediate Response – Neutralize DoS/DDoS attacks and malware outbreaks Slide 32
Customer success
Customer Case: Gmarket (1 of 2) • About the Customer – Gmarket Inc. (Nasdaq: GMKT) is Korea’s leading e- commerce marketplace – Gmarket derives their revenues from transaction fees on the sale of products on their website and from advertising • The Need – Web service protection • Prevent Web vulnerabilities exploitation • Prevent Web cracking (Web Scans & Brute Force) • Prevent HTTP Page floods misusing web servers – Anti-DoS solution • Protect against unexpected high volume DDoS attack which stop all web transaction services – Secure Firewalls, L3 switches and web servers from high volume attacks “Radware’s DefensePro is the only solution that was able to provide us with the most complete intelligent solution to protect our website and our business " – Park Eui-Won, Security Team Leader Slide 34
Customer Case: Gmarket (2 of 2) • The Solution Internet Access Router Web Servers Firewall Switch Multiple DefensePro DoS Protection: • Prevent high volume DoS/DDoS attacks • Infrastructure Protection: Firewalls, Switches, etc. NBA protections: • Prevent HTTP Page Flood attacks • Brute Force attacks, Web vulnerability Scans IPS: • Prevent Web vulnerabilities exploitations Slide 35
Summary
• “DefensePro 8412 is rated at 8Gbps and offers good performance coupled with low latency under all normal and extreme traffic conditions.” • “Performance in the high volume detection and mitigation tests was also impeccable across the board, with perfect detection and mitigation at all load levels.” • “DefensePro’s dedicated DoS Mitigation Engine ensures that it will not become the bottleneck under high volume attacks” • “DefensePro completed all our tests without raising a single false positive alert” • “Brute force attacks, slow port scans, web vulnerability scans and application scanning… Network behavioural analysis technology is used to differentiate the low and slow attack patterns from the legitimate network traffic. DefensePro flawlessly handled these attacks” • NSS Labs’ Rating: Recommended – “Only the top technical products earn a recommend rating from NSS Labs” NSS Report 2010 Highlight Slide 37
DefensePro Differentiators • Best security solution for networks and data centers in a single box: – Intrusion prevention (IPS) – DoS protection – Network behavioral analysis (NBA) – Reputation Engine service • Multi-patents security technology • Best performing solution – DoS Mitigator Engine - maintain throughput when under attack • Best in class unified monitoring and reporting • Lowest CapEx – Multitude of security tools in a single box – Pay-As-You-Grow – scalable platform selection with license upgrade for throughput • Lowest OpEx – Automatic real-time signatures protection with no need for human intervention Slide 38 “Radware offers low product and maintenance cost, as compared with most competitors.” Greg Young & John Pescatore, Gartner, April 2009
Attack Prevention Solution for RADWARE

More Related Content

PDF
Comptia security plus domain SYO 701.pdf
bypriyanshamadhwal2
 
PDF
Enterprise Security Guided Tour
bySplunk
 
PPSX
Next-Gen security operation center
byMuhammad Sahputra
 
PPTX
Splunk Phantom SOAR Roundtable
bySplunk
 
PDF
Cyber Threat Intelligence - It's not just about the feeds
byIain Dickson
 
PDF
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
byVijilan IT Security solutions
 
PDF
SIEM and Threat Hunting
byn|u - The Open Security Community
 
PPTX
Optimizing Security Operations: 5 Keys to Success
bySirius
 
Comptia security plus domain SYO 701.pdf
bypriyanshamadhwal2
 
Enterprise Security Guided Tour
bySplunk
 
Next-Gen security operation center
byMuhammad Sahputra
 
Splunk Phantom SOAR Roundtable
bySplunk
 
Cyber Threat Intelligence - It's not just about the feeds
byIain Dickson
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
byVijilan IT Security solutions
 
SIEM and Threat Hunting
byn|u - The Open Security Community
 
Optimizing Security Operations: 5 Keys to Success
bySirius
 

What's hot

PPTX
Splunk for Enterprise Security and User Behavior Analytics
bySplunk
 
PDF
The fundamentals of Android and iOS app security
byNowSecure
 
PPTX
WHY SOC Services needed?
bymanoharparakh
 
PPTX
Splunk Enterprise Security
byMd Mofijul Haque
 
PPTX
ICS (Industrial Control System) Cybersecurity Training
byTonex
 
PDF
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
byCanSecWest
 
PPTX
Open source SOC Tools for Home-Lab
byBoni Yeamin
 
PPTX
Modern SOC Trends 2020
byAnton Chuvakin
 
PPTX
Enterprise Security and User Behavior Analytics
bySplunk
 
PPTX
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
PPTX
McAfee SIEM solution
byhashnees
 
PPTX
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
PPTX
Check Point Solutions Portfolio- Detailed
byMoti Sagey מוטי שגיא
 
PPTX
Developing Secure Apps
byLivares Technologies Pvt Ltd
 
PPTX
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
PPTX
Splunk for Security-Hands On
bySplunk
 
PPTX
Threat hunting foundations: People, process and technology.pptx
byInfosec
 
Splunk for Enterprise Security and User Behavior Analytics
bySplunk
 
The fundamentals of Android and iOS app security
byNowSecure
 
WHY SOC Services needed?
bymanoharparakh
 
Splunk Enterprise Security
byMd Mofijul Haque
 
ICS (Industrial Control System) Cybersecurity Training
byTonex
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
byCanSecWest
 
Open source SOC Tools for Home-Lab
byBoni Yeamin
 
Modern SOC Trends 2020
byAnton Chuvakin
 
Enterprise Security and User Behavior Analytics
bySplunk
 
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
McAfee SIEM solution
byhashnees
 
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
Check Point Solutions Portfolio- Detailed
byMoti Sagey מוטי שגיא
 
Developing Secure Apps
byLivares Technologies Pvt Ltd
 
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
Splunk for Security-Hands On
bySplunk
 
Threat hunting foundations: People, process and technology.pptx
byInfosec
 

Similar to Attack Prevention Solution for RADWARE

PPTX
Radware Solutions for MSSPs
byRadware
 
PPTX
DSS ITSEC CONFERENCE - Radware - Attack Mitigation System (AMS) - Riga, Latvia
byAndris Soroka
 
PPTX
DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
byAndris Soroka
 
PPTX
Endpoint Protection
bySophos
 
PPT
Information Security
byMohit8780
 
PPTX
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
byScalar Decisions
 
PDF
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
byKhaledboufnina
 
PDF
Revolutionizing Advanced Threat Protection
byBlue Coat
 
PDF
Splunk conf2014 - Operationalizing Advanced Threat Defense
bySplunk
 
PPTX
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
byPROIDEA
 
PPTX
5 Ways To Fight A DDoS Attack
byRedZone Technologies
 
PDF
Security Delivery Platform: Best practices
byMihajlo Prerad
 
PPTX
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
byEmulex Corporation
 
PDF
Network Security - Luxury or Must Have?
byAllot Communications
 
PPTX
Radware Cloud Security Services
byRadware
 
PDF
TADSummit 2022 - How to bring your own RTC platform down
bySandro Gauci
 
PDF
How to bring down your own RTC platform. Sandro Gauci
byAlan Quayle
 
PDF
A10 issa d do s 5-2014
byRaleigh ISSA
 
PDF
Cisco Connect 2018 Thailand - Telco service provider network analytics
byNetworkCollaborators
 
PDF
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
byNetworkCollaborators
 
Radware Solutions for MSSPs
byRadware
 
DSS ITSEC CONFERENCE - Radware - Attack Mitigation System (AMS) - Riga, Latvia
byAndris Soroka
 
DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
byAndris Soroka
 
Endpoint Protection
bySophos
 
Information Security
byMohit8780
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
byScalar Decisions
 
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
byKhaledboufnina
 
Revolutionizing Advanced Threat Protection
byBlue Coat
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
bySplunk
 
PLNOG 17 - Marek Karczewski - Mity i fakty skutecznej ochrony aplikacji inter...
byPROIDEA
 
5 Ways To Fight A DDoS Attack
byRedZone Technologies
 
Security Delivery Platform: Best practices
byMihajlo Prerad
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
byEmulex Corporation
 
Network Security - Luxury or Must Have?
byAllot Communications
 
Radware Cloud Security Services
byRadware
 
TADSummit 2022 - How to bring your own RTC platform down
bySandro Gauci
 
How to bring down your own RTC platform. Sandro Gauci
byAlan Quayle
 
A10 issa d do s 5-2014
byRaleigh ISSA
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
byNetworkCollaborators
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
byNetworkCollaborators
 

Attack Prevention Solution for RADWARE

  • 1.
    DefensePro Sales Presentation APSoluteAttack Prevention October 2010 Name, Title
  • 2.
    Agenda • Data centersecurity challenges and threats • The solution: APSolute attack prevention with DefensePro • Introducing DefensePro building blocks – Protections set – OnDemand switch platform – APSolute Vision • Emergency Response Team • Customer success • Summary Slide 2
  • 3.
    Network & DataCenter Security Challenges • Availability – How do you ensure business applications are delivered under attacks? • Performance – How do you ensure consistent user experience when your network is under attack? • Security – What is the cost of data loss or abuse of your resources? • Scalability – How do you ensure future growth while minimizing initial spending? • Cost reduction – How to address all the above while reducing costs? Slide 3 We focus on data center application delivery and security
  • 4.
    Protection tools Intrusion Prevention Network& Data Center Threats Slide 4 Threats Application vulnerability Information theft Authentication defeat Malware spread Network anomalies Application downtime Network downtime Phishing, Trojans, Spam, Botnets Behavioral Analysis DoS Protection Reputation Services
  • 5.
    July 2009 CyberAttacks – From The News Slide 5
  • 6.
    Slide 6 July 2009Cyber Attacks: Mapping The Attacks Internet Public Web Servers Bot (Infected host) Bot (Infected host) Attacker BOT Command C&C Server Bot (Infected host) Bot (Infected host) Legitimate User Mydoom.EA Botnet Characteristics • ~50,000 zombie computers • Diversified attacks: • HTTP page flood • SYN flood with packet anomalies • UDP flood • ICMP flood • Destinations in US and S/Korea • ~ 6-7 Gbps inbound traffic (>2 Million PPS)
  • 7.
    July 2009 CyberAttacks: Fighting Back Slide 7 Attack Vector Solution Bot malware spread IPS or Network Behavior Analysis Bot Command & Control messages IPS Application flooding - HTTP page flood attack Network Behavior Analysis Network flooding - SYN/UDP/ICMP flood attack DoS Protection No single protection tool can handle today’s data center threats
  • 8.
  • 9.
    Network & datacenter security: mapping the solutions Slide 9 IPS DoS Protection NBA Reputation Engine APSolute attack prevention for data centers Internet Access Router Web Servers Application Servers FirewallDoS Protection IPS NBA Anti Trojan / phishing DefensePro  IPS  DoS Protection  NBA  Anti Trojan, Anti Phishing
  • 10.
    DefensePro  IPS  DoSProtection  NBA  Anti Trojan, Anti Phishing Network & data center security: mapping the technologies Slide 10 IPS DoS Protection NBA Reputation Engine Signature Detection Rate-based Rate-based Behavioral Analysis Signature Detection Anti Trojan, Anti PhishingStateful Inspection         SYN Cookies  User Behavioral Analysis Application Behavioral Analysis  
  • 11.
    Slide 11 Introducing DefensePro DefenseProis a real-time attack prevention device that protects your application infrastructure against network and application downtime, application vulnerability exploitation, malware spread, network anomalies and information theft
  • 12.
  • 13.
  • 14.
    IPS: Static SignatureProtection • Signature protection – Leading security research team – Protection against known application vulnerability exploits – Weekly and emergency signature updates • Enables protection against – Worms, Bots, Trojans, Phishing, Spyware – Web, Mail, SQL, VoIP (SIP), DNS vulnerabilities – Anonymizers, IPv6 attacks – Microsoft vulnerabilities – Protocol anomalies Slide 14
  • 15.
    DoS Protection: Real-timeSignatures Protection • Automatic real-time signature protection against network DDoS attacks: – SYN floods – TCP floods – UDP/ICMP floods • Value proposition – Maintain critical application availability even under attack – Block attacks without blocking legitimate user traffic – Automatic, real-time protection against network flooding with no need for human intervention Slide 15
  • 16.
    Network Behavioral Analysis:Real-time Signatures Protection • NBA (Network behavioral analysis) detects abnormal user and application transactions • Automatic real-time signature protection against : – Zero-minute Malware spread – Application resource misuse such as: • Brute force attacks • Web application scanning • HTTP page floods • SIP Scans • SIP Floods • Value proposition – Maintain critical application availability even under attack – Block attacks without blocking legitimate user traffic – Automatic, real-time protection against user and application resource misuse with no need for human intervention Slide 16
  • 17.
    The Secret Sauce– Real-time Signatures Public Network Inbound Traffic Outbound Traffic Behavioral Analysis Abnormal Activity Detection Inspection Module Real-Time Signature Inputs - Network - Servers - Clients Real-Time Signature Generation Closed Feedback Enterprise Network Optimize Signature Remove when attack is over Slide 17 DoS & DDoS Application level threats Zero-Minute malware propagation
  • 18.
    Standard Security Tools:HTTP Flood Example Internet Public Web Servers HTTP Bot (Infected host) HTTP Bot (Infected host) Attacker BOT Command IRC Server Misuse of Service Resources HTTP Bot (Infected host) HTTP Bot (Infected host) Static Signatures Approach - No solution for low-volume attacks as requests are legitimate - Connection limit against high volume attacks  Agnostic to the attacked page  Blocks legitimate traffic  High false-positives Slide 18
  • 19.
    Real-Time Signatures: AccurateMitigation Case: HTTP Page Flood Attack Internet Public Web Servers HTTP Bot (Infected host) HTTP Bot (Infected host) Attacker BOT Command IRC Server Misuse of Service Resources HTTP Bot (Infected host) HTTP Bot (Infected host) Behavioral Pattern Detection (1)  Based on probability analysis identify which Web page (or pages) has higher than normal hits Behavioral Pattern Detection (2)  Identify abnormal user activity For example: - Normal users download few pages per connection - Abnormal users download many pages per connection Real Time Signature:  Block abnormal users’ access to the specific page(s) under attack Slide 19
  • 20.
    Real-Time Signatures: Resistanceto False Positive Case: Flash Crowd Access Internet Public Web Servers Legitimate User Legitimate User Legitimate User Legitimate User Behavioral Pattern Detection (1)  Based on probability analysis identify which web page (or pages) has higher than normal hits Behavioral Pattern Detection (2)  No detection of abnormal user activity Attack not detected  No real time signature is generated  No user is blocked Slide 20
  • 21.
    Reputation Engine: realtime feeds • Protect network users from: – Financial fraud – Information theft – Known & zero-minute malware spread • Real time feeds from RSA Anti Fraud Command Center (AFCC) – The industry’s largest, and most experienced anti-fraud team • Preventing: – Trojan installs & remote communications – Communication with drop point (leak of user privileged information) – Phishing attempts • Availability: version 5.10 / October 2010 Slide 21
  • 22.
  • 23.
    OnDemand Switch: ArchitectureDesigned for Attacks Prevention Slide 23 OnDemand Switch Platform Capacity up to 12Gbps DoS Mitigation Engine • ASIC based • Prevent high volume attacks • Up to 10 Million PPS of attack protection NBA Protections • Prevent application resource misuse • Prevent zero-minute malware Reputation Engine • Anti Trojan & Phishing IPS • ASIC based String Match Engine performing deep packet inspection • Prevent application vulnerability exploits
  • 24.
    Slide 24 The CompetitiveAdvantage: Performance Under Attack Multi-Gbps Capacity Legitimate Traffic 10 Million PPS Attack Traffic Other Network Security Solutions Multi-Gbps Capacity Legitimate Traffic + Attack Attack Attack Attack Traffic DefensePro Device handles attack traffic at the expense of legitimate traffic! Attack traffic does not impact legitimate traffic
  • 25.
    OnDemand Attack Prevention:Models up to 12Gbps • DefensePro x412 Behavioral Protection – Models: • DefensePro 4412 (4Gbps) • DefensePro 8412 (8Gbps) • DefensePro 12412 (12Gbps) • DefensePro x412 IPS & Behavioral Protection – Models: • DefensePro 4412 (4Gbps) • DefensePro 8412 (8Gbps) • DefensePro x016 IPS & Behavioral Protection – Models: • DefensePro 1016 (1Gbps) • DefensePro 2016 (2Gbps) • DefensePro 3016 (3Gbps) License Key Upgrade Slide 25
  • 26.
    On-Demand Attack Prevention:Value Proposition • Unmatched Performance – Leading industry performance up to 12Gbps with active network security profiles • OnDemand Scalability – Scale up performance by increasing throughput using a simple license upgrade – No hardware replacement needed • Investment Protection – Buy what you need – prevent overspending for capacity you don’t need now – Pay-as-you-grow and only for the added throughput license • No Upgrade Projects – No hardware replacement, staging and network downtime – Huge cost saving and best TCO • Operational Simplicity and Standardization – A standard, unified platform suitable for all throughput levels – Savings on training, spares and maintenance Slide 26 “Radware offers low product and maintenance costs, as compared with most competitors.” Greg Young & John Pescatore, Gartner, April 2009
  • 27.
    DefensePro: Monitoring andReporting Slide 27
  • 28.
    APSolute Vision: AdvancedMonitoring and Reporting Slide 28 • Real-time monitoring – Active attack details • Historical reporting – Per customer dashboards – Custom reports
  • 29.
    APSolute Vision: TheValue Proposition Slide 29 APSolute Vision helps Data Center IT managers improve business: • Resilience – Real-time identification, prioritization, and response to policy breaches, cyber attacks and insider threats • Agility – Per user customization of real-time dashboards and historical reports. • Efficiency – Simplifies data center management – Improves IT productivity
  • 30.
  • 31.
  • 32.
    ERT – EmergencyResponse Team • Background: July 2009 – Massive DDoS Incidents in USA and Korea – A new level of attacks both in terms of quality and quantity – Radware decided to address such cases and to provide help for customers under attack • ERT’s Goal – To provide swift and professional response that allows customers to neutralize attacks and to restore network and service operational status • Characteristics – 24x7 Service – Immediate Response – Neutralize DoS/DDoS attacks and malware outbreaks Slide 32
  • 33.
  • 34.
    Customer Case: Gmarket(1 of 2) • About the Customer – Gmarket Inc. (Nasdaq: GMKT) is Korea’s leading e- commerce marketplace – Gmarket derives their revenues from transaction fees on the sale of products on their website and from advertising • The Need – Web service protection • Prevent Web vulnerabilities exploitation • Prevent Web cracking (Web Scans & Brute Force) • Prevent HTTP Page floods misusing web servers – Anti-DoS solution • Protect against unexpected high volume DDoS attack which stop all web transaction services – Secure Firewalls, L3 switches and web servers from high volume attacks “Radware’s DefensePro is the only solution that was able to provide us with the most complete intelligent solution to protect our website and our business " – Park Eui-Won, Security Team Leader Slide 34
  • 35.
    Customer Case: Gmarket(2 of 2) • The Solution Internet Access Router Web Servers Firewall Switch Multiple DefensePro DoS Protection: • Prevent high volume DoS/DDoS attacks • Infrastructure Protection: Firewalls, Switches, etc. NBA protections: • Prevent HTTP Page Flood attacks • Brute Force attacks, Web vulnerability Scans IPS: • Prevent Web vulnerabilities exploitations Slide 35
  • 36.
  • 37.
    • “DefensePro 8412is rated at 8Gbps and offers good performance coupled with low latency under all normal and extreme traffic conditions.” • “Performance in the high volume detection and mitigation tests was also impeccable across the board, with perfect detection and mitigation at all load levels.” • “DefensePro’s dedicated DoS Mitigation Engine ensures that it will not become the bottleneck under high volume attacks” • “DefensePro completed all our tests without raising a single false positive alert” • “Brute force attacks, slow port scans, web vulnerability scans and application scanning… Network behavioural analysis technology is used to differentiate the low and slow attack patterns from the legitimate network traffic. DefensePro flawlessly handled these attacks” • NSS Labs’ Rating: Recommended – “Only the top technical products earn a recommend rating from NSS Labs” NSS Report 2010 Highlight Slide 37
  • 38.
    DefensePro Differentiators • Bestsecurity solution for networks and data centers in a single box: – Intrusion prevention (IPS) – DoS protection – Network behavioral analysis (NBA) – Reputation Engine service • Multi-patents security technology • Best performing solution – DoS Mitigator Engine - maintain throughput when under attack • Best in class unified monitoring and reporting • Lowest CapEx – Multitude of security tools in a single box – Pay-As-You-Grow – scalable platform selection with license upgrade for throughput • Lowest OpEx – Automatic real-time signatures protection with no need for human intervention Slide 38 “Radware offers low product and maintenance cost, as compared with most competitors.” Greg Young & John Pescatore, Gartner, April 2009