Cloudflare, profile picture
Uploaded byCloudflare
PPTX, PDF1,794 views

Cyber security fundamentals

The document discusses cyber security fundamentals and challenges, describing how Cloudflare provides security solutions like DDoS mitigation, bot management, and web application firewalls to protect websites and applications from threats. It explains common security threats like DDoS attacks, bots, and vulnerabilities and how Cloudflare uses a global network and machine learning to detect and block attacks while ensuring high performance and availability.

Internet
Related topics:
Cyber-Security

Embed presentation

Downloaded 70 times
Cyber Security Fundamentals
Today’s Speakers Sophie Qiu Customer Success Manager @ Cloudflare Gaurav Mallawat Solutions Engineer @ Cloudflare
What you will learn today 3 How does the threat landscape look like? Challenges to a successful security strategy How do you protect your web content from these threats?
We are helping build a better Internet 4
5 Cloudflare Security Vision Provide world-class visibility, controls, and guided configurations so that customers of any size and technical sophistication can keep their Internet property safe and secure without sacrificing speed and performance 5
A Global Anycast Network 193Cities and 90+ countries99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network 44BCyber threats blocked each day in Q2’19 websites, apps & APIs 20M+
Gaurav Mallawat Solutions Engineer @ Cloudflare
Factors increasing exposure to security risks Greater scrutiny by government and media around data, privacy and security Greater attack surface area from more public APIs, moving to the cloud, and increasing third-party integrations Stronger and more sophisticated attackers
Customers’ Security Threats SYSTEM DDoS Attack Attack traffic impacts availability or performance Bots Prevent malicious bots from abusing site or application Webpage Vulnerable Applications and APIs Multi-vector attacks that exploit vulnerabilities
Volumetric DNS Flood Bots DNS Server DNS Server Server Amplification (Layer 3 & 4) HTTP Flood (Layer 7) 1 2 Bots 3 Bots Degrades availability and performance of applications, websites, and APIs HTTP Application Application/Login Types of DDoS Attack Traffic
The size of DDoS attacks growing exponentially An increase in sophisticated distributed Layer 7 attacks - which are effective at bypassing traditional DDoS protection methods.
Application and API Vulnerabilities Fake Website Visitors 1DNS Spoofing Malicious Payload eg: SQLi that ex-filtrates PII and credentials 3 Attacker Bots Brute Force 4 Data Snooping 2
IoT attacks - the new reality A botnet army of IoT cameras and a major attack took out DNS service provider in 2016. Over the last few weeks we've seen DDoS attacks that have switched to new, large methods of bringing down web applications. They appear to come from an IoT botnet (like Mirai and relations) which were responsible for the large attacks against Brian Krebs. 50 Gbps Up to 1Tbps
Types of Bot Attacks Credential Stuffing Taking-over an account to abuse the site, to perform fraudulent transactions, steal sensitive data, or compromise personal information. Content Scraping Stealing public information on the website such as prices or valuable SEO content Resell itemBots Bots Inventory Hoarding Bots automate the purchase of inventory to resell or keep them out of hands of customers Bots Website with stolen content
Lost customer trust and degraded brand value Lost revenue from site downtime or higher costs from bad traffic Business Impacts Business Impact ● $100,000 is the average hourly cost of an infrastructure failure ● $141 average cost for each lost or stolen record containing sensitive and confidential information ● $3.62 million is the average total cost of a data breach Cost categories: Remediation costs (hardware, services, and software), lost revenue, lost future revenue from customer churn, wasted marketing spend, negative brand impact, help desk costs, increase IT staffing costs, loss of user productivity IDC March 2015, and Ponemon Institute, June 2017
Cloudflare DDoS Solution Scalable, easy-to-use, and high-performance solution to address availability challenges Stay online Global Anycast network with 180++ data centers absorbs highly distributed attack traffic so customers stay online Protect origin infrastructure Detect and drop at the edge volumetric attacks: layer 3 & 4, DNS, and layer 7 Identify anomalous traffic Fingerprint HTTP requests to protect sites against known and emerging botnets with automatic mitigation rules Protect applications with control Rate Limiting gives more granular control to block harder-to-detect application-layer attacks Origin Server DDoS attack Anticipate attacks Shared intelligence across 6M websites proactively blocks known bad signatures Stop origin server attacks Argo Tunnel establishes a direct, encrypted tunnel for traffic between the origin server and Cloudflare's nearest data-center, protecting origin web servers from targeted attacks
Industry Legacy Scrubbing vs. Cloudflare Always- On 17 Industry Legacy Scrubbing - Long propagation times (up to 300 sec) - Asynchronous routing - Adds significant latency - Typically requires manual intervention Always-On - Zero propagation time - Synchronous routing - No added latency - Immediate, automated mitigation, with no “cut over” required
Cloudflare Solution to Secure Applications ATTACKS Attackers try to forge DNS answers to intercept customer credentials Snoop unencrypted sensitive data entered by customers Brute-force their way into login pages Inject malicious payloads through forms and APIs Resilient DNS and DNSSEC prevents forged answers Encryption through SSL/TLS blocks snooping Log-in protection through rate limiting Block top OWASP and emerging application-level attacks through the WAF ● Layered defense to protect against sophisticated attackers ● Single control-plane for more robust and agile security policies ● Learning from attack profiles across 6M websites to keep yours safe 1. 2. 3. 4. CLOUDFLARE SOLUTIONS
Cloudflare Rate Limiting Precise DDoS Mitigation • High precision denial-of-service protection through robust configuration options Protect Customer Data • Protect sensitive customer information against brute force login attacks API Protection • Set API usage limits to ensure availability and protect against abuse. Cost Protection • Avoid the unpredictable cost of traffic spikes or attacks by setting thresholds which only allow good traffic through. Requests per IP address matching the traffic pattern 19© 2018 Cloudflare Inc. All rights reserved.
Cloudflare Next Gen Bot Management One-Click Deployment ● With a single click, deploy rules with Cloudflare recommended bot score thresholds ● No instrumentation with third-party JavaScript required Control and Configurability ● Scope rules by path or URI pattern, request method, and bot score thresholds ● Select mitigation methods, such as log, CAPTCHA, or block Rich Analytics and Logs ● Time-series graphs with drill-down tables ● Logs bot management rule, action, and rich request meta-data for every request Detect and mitigate bad bots by leveraging intelligence from over 13 million Internet properties. All with one click.
Cloudflare Bot Management Methods Machine Learning Cloudflare’s ML trains on a curated subset of 425 billion requests per day across 13M+ Internet properties to create a reliable “bot score” for every request. Behavioral Analysis Behavioral analysis detects anomalies in site-specific traffic, scoring every request on how different it is from the baseline. Automatic Whitelist Because not all bots are bad, the solution automatically maintains and updates a white list of "good" bots, such as those belonging to search engines. Mobile SDK The mobile SDK prevents attacks against mobile application APIs by impersonation and emulation bots. 21 Detection Protection
Rate Limiting SSL L3/4 DDoS Protection ` We secure traffic end-to-end, providing a layered defense Request Passed! Bot Management WAFDNS/DNSSEC Argo Tunnel 2222 L7 DDoS Protection Orbit Spectrum EXTEND WorkersAccess CONTROL
We are helping build a better Internet 23 Q&A

More Related Content

PPTX
Endpoint Protection
bySophos
 
PPTX
Cyber security for small businesses
byB2BPlanner Ltd.
 
PDF
Cybersecurity concepts & Defense best practises
byWAJAHAT IQBAL
 
PPTX
Cyber Security: A Hands on review
byMiltonBiswas8
 
PPTX
Cyber security
byAkdu095
 
PPTX
Importance of Cybersecurity | Cyber Security | PPT
byCyber Security Experts
 
PPTX
Cyber Security
byMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
PPTX
CYBERSECURITYcoll[1].pptx
bymalik298381
 
Endpoint Protection
bySophos
 
Cyber security for small businesses
byB2BPlanner Ltd.
 
Cybersecurity concepts & Defense best practises
byWAJAHAT IQBAL
 
Cyber Security: A Hands on review
byMiltonBiswas8
 
Cyber security
byAkdu095
 
Importance of Cybersecurity | Cyber Security | PPT
byCyber Security Experts
 
Cyber Security
byMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
CYBERSECURITYcoll[1].pptx
bymalik298381
 

What's hot

PDF
Network Security Fundamentals
byRahmat Suhatman
 
PDF
Web Application Penetration Testing
byPriyanka Aash
 
PDF
Endpoint Detection & Response - FireEye
byPrime Infoserv
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
PPTX
Introduction to Cybersecurity Fundamentals
byToño Herrera
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
PPT
Basics of Information System Security
bychauhankapil
 
PPTX
OWASP Top 10 2021 What's New
byMichael Furman
 
PDF
Introduction to Cybersecurity
byKrutarth Vasavada
 
PPTX
Cyber security
byDr. Kishor Nikam
 
PPTX
zero day exploits
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PDF
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
PPT
Information security in todays world
bySibghatullah Khattak
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
PPTX
Cyber Security A Challenges For Mankind
bySaurabh Kheni
 
PDF
Corporate threat vector and landscape
byyohansurya2
 
PPT
Web Application Security
byAbdul Wahid
 
PPTX
CyberSecurity
bydivyanshigarg4
 
PPTX
Mobile Application Security
byIshan Girdhar
 
PPTX
DoS or DDoS attack
bystollen_fusion
 
Network Security Fundamentals
byRahmat Suhatman
 
Web Application Penetration Testing
byPriyanka Aash
 
Endpoint Detection & Response - FireEye
byPrime Infoserv
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
Introduction to Cybersecurity Fundamentals
byToño Herrera
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
Basics of Information System Security
bychauhankapil
 
OWASP Top 10 2021 What's New
byMichael Furman
 
Introduction to Cybersecurity
byKrutarth Vasavada
 
Cyber security
byDr. Kishor Nikam
 
zero day exploits
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
Information security in todays world
bySibghatullah Khattak
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
Cyber Security A Challenges For Mankind
bySaurabh Kheni
 
Corporate threat vector and landscape
byyohansurya2
 
Web Application Security
byAbdul Wahid
 
CyberSecurity
bydivyanshigarg4
 
Mobile Application Security
byIshan Girdhar
 
DoS or DDoS attack
bystollen_fusion
 

Similar to Cyber security fundamentals

PPTX
Cyber Security 101
byCloudflare
 
PPTX
Cyber security fundamentals (Cantonese)
byCloudflare
 
PPTX
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
byCloudflare
 
PPTX
Fight bad bot on the internet
byCloudflare
 
PPTX
Close your security gaps and get 100% of your traffic protected with Cloudflare
byCloudflare
 
PDF
Introduction of Cloudflare Solution for Mobile Payment
byJean Ryu
 
PPTX
What’s New at Cloudflare: New Product Launches
byCloudflare
 
PDF
Debunking Myths about Malicious Bots / 악성 봇의 허상과 실상
byJean Ryu
 
PDF
How to Build a Practical and Cost-Effective Security Strategy
byCloudflare
 
PPTX
Filling the Gaps in Your DDoS Mitigation Strategy
byCloudflare
 
PDF
New Products Overview: Use Cases and Demos
byCloudflare
 
PDF
New Products Overview: Use Cases and Demos
byCaitlin Magat
 
PDF
What You Should Know Before The Next DDoS Attack
byCloudflare
 
PPTX
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
byCloudflare
 
PPTX
Going Beyond the Cloud to Modernize Your Banking Infrastructure
byCloudflare
 
PPTX
Network Transformation: What it is, and how it’s helping companies stay secur...
byCloudflare
 
PPTX
Accelerate your digital transformation
byCloudflare
 
PPTX
Scaling service provider business with DDoS-mitigation-as-a-service
byCloudflare
 
PPTX
DDoS 101: Attack Types and Mitigation
byCloudflare
 
PPTX
Strengthening security posture for modern-age SaaS providers
byCloudflare
 
Cyber Security 101
byCloudflare
 
Cyber security fundamentals (Cantonese)
byCloudflare
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
byCloudflare
 
Fight bad bot on the internet
byCloudflare
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
byCloudflare
 
Introduction of Cloudflare Solution for Mobile Payment
byJean Ryu
 
What’s New at Cloudflare: New Product Launches
byCloudflare
 
Debunking Myths about Malicious Bots / 악성 봇의 허상과 실상
byJean Ryu
 
How to Build a Practical and Cost-Effective Security Strategy
byCloudflare
 
Filling the Gaps in Your DDoS Mitigation Strategy
byCloudflare
 
New Products Overview: Use Cases and Demos
byCloudflare
 
New Products Overview: Use Cases and Demos
byCaitlin Magat
 
What You Should Know Before The Next DDoS Attack
byCloudflare
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
byCloudflare
 
Going Beyond the Cloud to Modernize Your Banking Infrastructure
byCloudflare
 
Network Transformation: What it is, and how it’s helping companies stay secur...
byCloudflare
 
Accelerate your digital transformation
byCloudflare
 
Scaling service provider business with DDoS-mitigation-as-a-service
byCloudflare
 
DDoS 101: Attack Types and Mitigation
byCloudflare
 
Strengthening security posture for modern-age SaaS providers
byCloudflare
 

More from Cloudflare

PDF
Succeeding with Secure Access Service Edge (SASE)
byCloudflare
 
PPTX
Why you should replace your d do s hardware appliance
byCloudflare
 
PPTX
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
byCloudflare
 
PPTX
Why Zero Trust Architecture Will Become the New Normal in 2021
byCloudflare
 
PPTX
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
byCloudflare
 
PPTX
Zero trust for everybody: 3 ways to get there fast
byCloudflare
 
PPTX
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
byCloudflare
 
PPTX
Application layer attack trends through the lens of Cloudflare data
byCloudflare
 
PPTX
Recent DDoS attack trends, and how you should respond
byCloudflare
 
PPTX
Cybersecurity 2020 threat landscape and its implications (AMER)
byCloudflare
 
PPTX
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
byCloudflare
 
PDF
Stopping DDoS Attacks in North America
byCloudflare
 
PPTX
It’s 9AM... Do you know what’s happening on your network?
byCloudflare
 
PPTX
Cyber security fundamentals (simplified chinese)
byCloudflare
 
PPTX
Bring speed and security to the intranet with cloudflare for teams
byCloudflare
 
PPTX
Cloudflareのソリューションを使用して悪意のあるBot対策
byCloudflare
 
PPTX
Stopping DDoS Attacks In South Africa
byCloudflare
 
PPTX
Webinar - Cyber Security basics in Japanese
byCloudflare
 
PDF
How to Plan for Performance and Scale for Multiplayer Games
byCloudflare
 
PPTX
Web Performance Without Sacrificing Security: Featuring Forrester Guest Speaker
byCloudflare
 
Succeeding with Secure Access Service Edge (SASE)
byCloudflare
 
Why you should replace your d do s hardware appliance
byCloudflare
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
byCloudflare
 
Why Zero Trust Architecture Will Become the New Normal in 2021
byCloudflare
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
byCloudflare
 
Zero trust for everybody: 3 ways to get there fast
byCloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
byCloudflare
 
Application layer attack trends through the lens of Cloudflare data
byCloudflare
 
Recent DDoS attack trends, and how you should respond
byCloudflare
 
Cybersecurity 2020 threat landscape and its implications (AMER)
byCloudflare
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
byCloudflare
 
Stopping DDoS Attacks in North America
byCloudflare
 
It’s 9AM... Do you know what’s happening on your network?
byCloudflare
 
Cyber security fundamentals (simplified chinese)
byCloudflare
 
Bring speed and security to the intranet with cloudflare for teams
byCloudflare
 
Cloudflareのソリューションを使用して悪意のあるBot対策
byCloudflare
 
Stopping DDoS Attacks In South Africa
byCloudflare
 
Webinar - Cyber Security basics in Japanese
byCloudflare
 
How to Plan for Performance and Scale for Multiplayer Games
byCloudflare
 
Web Performance Without Sacrificing Security: Featuring Forrester Guest Speaker
byCloudflare
 

Recently uploaded

PPTX
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
PPTX
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
PDF
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
PDF
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
PPTX
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
PDF
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 

Cyber security fundamentals

  • 1.
  • 2.
    Today’s Speakers Sophie Qiu CustomerSuccess Manager @ Cloudflare Gaurav Mallawat Solutions Engineer @ Cloudflare
  • 3.
    What you willlearn today 3 How does the threat landscape look like? Challenges to a successful security strategy How do you protect your web content from these threats?
  • 4.
    We are helping builda better Internet 4
  • 5.
    5 Cloudflare Security Vision Provideworld-class visibility, controls, and guided configurations so that customers of any size and technical sophistication can keep their Internet property safe and secure without sacrificing speed and performance 5
  • 6.
    A Global AnycastNetwork 193Cities and 90+ countries99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network 44BCyber threats blocked each day in Q2’19 websites, apps & APIs 20M+
  • 7.
  • 8.
    Factors increasing exposureto security risks Greater scrutiny by government and media around data, privacy and security Greater attack surface area from more public APIs, moving to the cloud, and increasing third-party integrations Stronger and more sophisticated attackers
  • 9.
    Customers’ Security Threats SYSTEM DDoSAttack Attack traffic impacts availability or performance Bots Prevent malicious bots from abusing site or application Webpage Vulnerable Applications and APIs Multi-vector attacks that exploit vulnerabilities
  • 10.
    Volumetric DNS Flood Bots DNSServer DNS Server Server Amplification (Layer 3 & 4) HTTP Flood (Layer 7) 1 2 Bots 3 Bots Degrades availability and performance of applications, websites, and APIs HTTP Application Application/Login Types of DDoS Attack Traffic
  • 11.
    The size ofDDoS attacks growing exponentially An increase in sophisticated distributed Layer 7 attacks - which are effective at bypassing traditional DDoS protection methods.
  • 12.
    Application and APIVulnerabilities Fake Website Visitors 1DNS Spoofing Malicious Payload eg: SQLi that ex-filtrates PII and credentials 3 Attacker Bots Brute Force 4 Data Snooping 2
  • 13.
    IoT attacks -the new reality A botnet army of IoT cameras and a major attack took out DNS service provider in 2016. Over the last few weeks we've seen DDoS attacks that have switched to new, large methods of bringing down web applications. They appear to come from an IoT botnet (like Mirai and relations) which were responsible for the large attacks against Brian Krebs. 50 Gbps Up to 1Tbps
  • 14.
    Types of BotAttacks Credential Stuffing Taking-over an account to abuse the site, to perform fraudulent transactions, steal sensitive data, or compromise personal information. Content Scraping Stealing public information on the website such as prices or valuable SEO content Resell itemBots Bots Inventory Hoarding Bots automate the purchase of inventory to resell or keep them out of hands of customers Bots Website with stolen content
  • 15.
    Lost customer trust anddegraded brand value Lost revenue from site downtime or higher costs from bad traffic Business Impacts Business Impact ● $100,000 is the average hourly cost of an infrastructure failure ● $141 average cost for each lost or stolen record containing sensitive and confidential information ● $3.62 million is the average total cost of a data breach Cost categories: Remediation costs (hardware, services, and software), lost revenue, lost future revenue from customer churn, wasted marketing spend, negative brand impact, help desk costs, increase IT staffing costs, loss of user productivity IDC March 2015, and Ponemon Institute, June 2017
  • 16.
    Cloudflare DDoS Solution Scalable,easy-to-use, and high-performance solution to address availability challenges Stay online Global Anycast network with 180++ data centers absorbs highly distributed attack traffic so customers stay online Protect origin infrastructure Detect and drop at the edge volumetric attacks: layer 3 & 4, DNS, and layer 7 Identify anomalous traffic Fingerprint HTTP requests to protect sites against known and emerging botnets with automatic mitigation rules Protect applications with control Rate Limiting gives more granular control to block harder-to-detect application-layer attacks Origin Server DDoS attack Anticipate attacks Shared intelligence across 6M websites proactively blocks known bad signatures Stop origin server attacks Argo Tunnel establishes a direct, encrypted tunnel for traffic between the origin server and Cloudflare's nearest data-center, protecting origin web servers from targeted attacks
  • 17.
    Industry Legacy Scrubbingvs. Cloudflare Always- On 17 Industry Legacy Scrubbing - Long propagation times (up to 300 sec) - Asynchronous routing - Adds significant latency - Typically requires manual intervention Always-On - Zero propagation time - Synchronous routing - No added latency - Immediate, automated mitigation, with no “cut over” required
  • 18.
    Cloudflare Solution toSecure Applications ATTACKS Attackers try to forge DNS answers to intercept customer credentials Snoop unencrypted sensitive data entered by customers Brute-force their way into login pages Inject malicious payloads through forms and APIs Resilient DNS and DNSSEC prevents forged answers Encryption through SSL/TLS blocks snooping Log-in protection through rate limiting Block top OWASP and emerging application-level attacks through the WAF ● Layered defense to protect against sophisticated attackers ● Single control-plane for more robust and agile security policies ● Learning from attack profiles across 6M websites to keep yours safe 1. 2. 3. 4. CLOUDFLARE SOLUTIONS
  • 19.
    Cloudflare Rate Limiting PreciseDDoS Mitigation • High precision denial-of-service protection through robust configuration options Protect Customer Data • Protect sensitive customer information against brute force login attacks API Protection • Set API usage limits to ensure availability and protect against abuse. Cost Protection • Avoid the unpredictable cost of traffic spikes or attacks by setting thresholds which only allow good traffic through. Requests per IP address matching the traffic pattern 19© 2018 Cloudflare Inc. All rights reserved.
  • 20.
    Cloudflare Next GenBot Management One-Click Deployment ● With a single click, deploy rules with Cloudflare recommended bot score thresholds ● No instrumentation with third-party JavaScript required Control and Configurability ● Scope rules by path or URI pattern, request method, and bot score thresholds ● Select mitigation methods, such as log, CAPTCHA, or block Rich Analytics and Logs ● Time-series graphs with drill-down tables ● Logs bot management rule, action, and rich request meta-data for every request Detect and mitigate bad bots by leveraging intelligence from over 13 million Internet properties. All with one click.
  • 21.
    Cloudflare Bot ManagementMethods Machine Learning Cloudflare’s ML trains on a curated subset of 425 billion requests per day across 13M+ Internet properties to create a reliable “bot score” for every request. Behavioral Analysis Behavioral analysis detects anomalies in site-specific traffic, scoring every request on how different it is from the baseline. Automatic Whitelist Because not all bots are bad, the solution automatically maintains and updates a white list of "good" bots, such as those belonging to search engines. Mobile SDK The mobile SDK prevents attacks against mobile application APIs by impersonation and emulation bots. 21 Detection Protection
  • 22.
    Rate Limiting SSL L3/4 DDoS Protection ` We securetraffic end-to-end, providing a layered defense Request Passed! Bot Management WAFDNS/DNSSEC Argo Tunnel 2222 L7 DDoS Protection Orbit Spectrum EXTEND WorkersAccess CONTROL
  • 23.
    We are helping builda better Internet 23 Q&A

Editor's Notes

  • #2 Hi Everyone A very warm welcome to all of you who’s joining us across countries in Asia Pacific. We are all excited to be here with you as this will be giving you a beginner's take on Cybersecurity and how it impacts your business. We will now share the latest trends around this subject so that you know what to look out for and some practical tips on how to mitigate your risks, so we hope you stick around till the end. We’re just about to kick off but before we start, I just want to through a few housekeeping items. Because of the big number of people we have on the line today,  If you do have any questions, we are going to hold that off until the end of the presentation. How ever, you can ask questions throughout this event through chat. The webinar is scheduled for 30 minutes only, but we will stick around after that to answer your questions. Thank you again for joining our webcast.
  • #3 My name is Krishna Zulkarnain and I am the Head of Marketing in APAC.  Cloudflare is growing really fast in our region and I'm responsible for generating demand for our sales team across APAC via digital platforms and educational events such as this. On today’s webinar I’m Joined by Anand Guruprasad, our Solutions Engineer based in Singapore, Anand has been with Cloudflare for over a year and a half now. Anand, would you like to introduce yourself?  Thank you Anand for the introduction and we’re all looking forward to diving into your content. But before we start, I would like to go over some housekeeping items. Since there are so many of you on the call, we won’t be taking calls so if you have any questions, please ask them using the Q&A section in your console on the right hand side. We will go through these Questions at the end of the webcast. Also, a recording of this webinar will be available on the Cloudflare Channel and the slides will be shared with you. This session will take around 30 minutes of your time. Here we go!
  • #4 “On today’s webinar we will cover these 3 main things How does the threat landscape look like? Challenges to a successful security strategy How can you protect your web content from these threats? Of course we will end with the QA so please make sure you ask your questions on chat and we will answer them at the end.
  • #5 The next 30 minutes is packed with useful tips and insights but before we get into that, let me take a few steps back to talk about what Cloudflare does.  As you can see from our Mission Statement, Cloudflare is helping build a better internet. How do we do that? What is it that we do? In simple terms we help build a better internet by making your websites more secure, more reliable and faster. Why are these so important? Because if your website goes down or it’s slow to load, for any reason, it will have a negative impact to your business. And we make it our business that that will never happen
  • #6 So diving into Cybersecurity, In a nutshell, this is our philosophy on how we tackle this issue for our customers. world-class visibility, controls, and guided configurations 20M customers ww - huge variety - some tech some not We will not sacrifice speed and performance for security. Complete but not complex
  • #7  So how can Cloudflare help to grow your business? Cloudflare’s network has the breadth and scale that organizations need to run their Internet applications What this means is that we have a very robust, holistic view on global security threats so that we can better help companies mitigate risks as they happen around the world. With this Global Anycast Network we will ensure that your websites always stays up and deliver faster content to your customers so that you can focus on what you do best and that is growing your business. Our network offers scale, performance that helps organizations like yours deliver superior application experience while keeping keeping their environments secure. I will now hand it over to Guarav to talk about what you need to know about Cybersecurity
  • #9 Talk Track: Three factors are leading many of our customers to experience a growing exposure to security threats: Greater attack surface results from three common trends: Applications publishing more public APIs Companies are moving more applications, including production-level workloads, to the cloud Increasing third-party integrations Attackers are stronger. Here are three ways: Greater volume, greater distribution, including IoT devices as sources Greater motivation through success of holding companies for ransom Shifting to harder to detect and block “application” layer attacks A greater attack surface area along with stronger attackers would, alone, be a big concern. But at the same time, there is Greater scrutiny for security incidents: Governments are applying greater scrutiny over privacy and data issues Media reports of breaches and cybersecurity incidents have increased Individual consumers more are educated and aware with high-profile reporting (a combination of #1 and #2) Questions: Do any of these actually sound familiar for your business? Do you believe your exposure is decreasing, increasing or is the same? In what ways? Background Reading - you can build this into your talk track: Companies are facing increased pressures to strengthen their security posture. Three forces contributing to the pressure are: Attack surface area increases from applications exposing more public APIs, the increase in SaaS adoption, and the integration with more third-party applications Attackers are stronger, more sophisticated, and highly motivated Heightened public and government scrutiny of data, privacy, and security Attackers are increasing their frequency and volume of Distributed Denial of Service (DDoS) attacks. By leveraging botnets and the millions of Internet-of-Things (IoT) devices online, they are able to wage highly distributed volumetric attacks with greater ease and impact. In addition to higher volumes, attackers are shifting their focus from the network layer to the application layer. Application-layer or "Layer 7" attacks are harder to detect, often require fewer resources to bring down a website or application, and can disrupt operations with greater impact. Attackers are able to monetize their attempts to bring down sites or steal sensitive data, for example, by holding sites for ransom. As a result, because of the successful ransom payouts by their enterprise targets, the attackers are more motivated, organized and pervasive.
  • #10 Talk Track: In light of this growing exposure to security risks, what are those primary threats you may encounter? We spent time talking with OUR customers across different verticals to truly understand the most common fears. These match what industry analysts are reporting: Site is unavailable because of denial of service attack Customer data is compromised, (e.g. breached or stolen) Increasingly, abusive bot activity For each of these broad types of threats, we’ll quickly go into more detail about what those types of threats or attacks could look like. Questions: Which, if any, of these are most important for you? For the others, do you anticipate they could become problems or think they won’t impact your business? And if so, why? If there was a pre-call…”I know you shared initial concerns about DDoS, what about data compromise?”
  • #11 Talk Track: This slide gives examples of the types of DDoS attack. We could dive deeper with the rest of your team and our security team, as well. The important take-away is that these attacks are layered. In other words, a DDoS can attack different parts of your infrastructure. Volumetric DNS Flood: volumetric DNS queries against your DNS servers to make the DNS server unavailable Amplification: using a DNS to amplify requests and overload yours server over UDP HTTP Flood: volumetric HTTP attack to bring down the application All of those attacks impacts availability and performance of of websites, applications and API’s. Questions: This is often a good, in-depth slide to share with broader audience, for example if you have a security or infrastructure team. Would you be interested in that? Which have you experienced in the past, if any? How did you respond to them if you did?
  • #13 Talk Track: When it comes to compromise of sensitive customer data, you may be most familiar with malware. While that’s a very visible form of attack right now, we should consider there are other common, just not as media-hyped, forms of customer data theft. The take-away for this slide is that attackers can take advantage of different vulnerabilities. DNS Spoofing: visitors are directed to a fake site instead of your site A compromised DNS record, or "poisoned cache," can return a malicious answer from the DNS server, sending an unsuspecting visitor to an attacker's site. This enables attackers to steal user credentials to then take-over legitimate accounts. Data Snooping: sensitive data like visitor’s credentials or credit cards are snooped over the wire Attackers can intercept or "snoop" on customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers. Brute Force: attackers are repeatedly trying credentials to take over an account Attackers can wage "dictionary attacks" by automating logins with dumped credentials to "brute force" their way through a login-protected page. Malicious Payload: SQL-injection, cross-site scripting, remote file inclusion that results in ex-filtrated data Malicious payloads exploit an application vulnerability. The most common forms are SQL injections, cross-site scripting, and remote file inclusions. Each of these can exfiltrate sensitive data by running malicious code on the application. The risk is that sensitive customer data, such as credit card information, might get compromised.
  • #15 Talk Track: The third attack: increasingly, bots are becoming more common forms of attack. The three most common we have seen and blocked are: Content scraping: which essentially steals website content and hurts SEO or revenue Check out fraud: the most common is the “sneaker bot” which takes limited inventory and buys before actual customers can get them Account takeover: the result typically of a brute force login to then use a compromised account
  • #16 Talk Track: So what happens when you experience one or more of these problems we just discussed? Many of our customers shared with us they have both intangible and tangible costs. You can see some of the potential cost categories and, if you are interested, we can schedule time with your team to get a better handle on the costs if you don’t know details right now. However, for the purposes of this conversation, we’ve found it’s often helpful to think about and to discuss the potential costs. The areas of cost can range, as you can see on the list, from remediation costs to loss of user productivity. It doesn’t need to be accurate. But reviewing these can reveal whether the problem is a one-hundred dollar a month problem, or a one-hundred thousand dollar a month problem. Some questions include: What is the cost for an hour of downtime due to a DDoS in lost customers? What would be the cost if just one customer record were breached in terms of remediation or customer churn? What happens to revenue or your brand when malicious bots abuse your site? Source: IDC, March 2015: “DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified”, Stephen Elliot. This was commissioned by AppDynamics Ponemon Institute, 2017 Internal background reading - Enablement: These are discovery/conversation slides This is very important. You will have a more difficult time ultimately doing the sale or upsell without it unless the customer’s hair is on fire to buy something. On the right hand side are the types of costs to explore with customers. Potential responses from customers and options for responses: If the customer responds: I don’t know “That’s fine. I could imagine the person who would know would be interested. Could we include him in future meetings as a way to help you get the answers?” “I understand. Who would know about these numbers in your organization?” “Sure. Do you think you could make an educated guess? Is this $5 per incident or $50,000 per incident?” We have found that it’s valuable for companies to quickly get a sense of the business impacts you most care about. These two were consistently what customers shared as big concerns, whether they use Cloudflare or not. Which of these are important to you? What connection do you see between these and downtime from DoS and breached customer data? Who in the org care about these impacts? Here are some examples from conversations with existing customers: Trust A financial services customer said lost of trust would directly impact customer and revenue A medical ecommerce customer said losing trust would be “game over” as a business A hospitality company values the brand as key to their business and downtime hurt the brand A media site said losing trust of readers as a news site by being down would impact short-term ad revenues and long-term brand (which impacted advertisers) Trust goes down, Revenue goes down in every case If you had to give a dollar amount of the impact, what would it be? Notes: Are costs critical to the buying decision? Costs could be the increased costs of backend servers during attacks -- For example, the service HaveIbeenPwnd, saw a 5x increase in Azure services due to attacks -- A media company customer saw bandwidth costs increase 1000x from attack traffic Revenue could be the impact during an outage Downtime for many companies, from e-commerce, to SaaS, to ad-driven businesses, can be in the tens of thousands of dollars, due to lost customers, lost ad dollars If you have to pick an area with the biggest potential impact, which would it be? RESEARCH from competitors: The average global cost of data breach per lost or stolen record was $141. However, health care organizations had an average cost of $380 and in financial services the average cost was $245. Media ($119), research ($101) and public sector ($71) had the lowest average cost per lost or stolen record. 2017 Cost of Data Breach Study Global Overview Benchmark research sponsored by IBM Security Independently conducted by Ponemon Institute LLC June 2017 https://www.theatlantic.com/technology/archive/2016/10/a-lot/505025/ https://www.ponemon.org/blog/2014-cost-of-data-breach-united-states https://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdf https://www.corero.com/company/newsroom/press-releases/market-study-indicates-ddos-protection-is-a-high-priority-for-data-centres-hosting-providers-and-network-services-providers/ https://ns-cdn.neustar.biz/creative_services/biz/neustar/www/resources/whitepapers/it-security/ddos/2015-oct-ddos-report.pdf
  • #17 Talk Track: Cloudflare’s DDoS Solution has several components. First, our infrastructure scales to address the growing size of DDoS attacks. It does this through an Anycast network which creates a larger surface area to absorb highly distributed attacks. Second, we put in place automatic detection and mitigation. This leverages our visibility across 6M customers and 10% of HTTP traffic. Lastly, we give customers control for those layer 7 attacks which may not look like DDoS attacks to us, but for your environment need to be blocked by on customized rules you create. The big message is: The DDoS solution is: Scalable Easy to Use Fast Our protections are layered: Global Anycast absorbs distributed traffic The Argo tunnel stops attack traffic to the origin server, without the hassle of opening up firewall ports and configuring ACLs Drop at the edge high volume of ¾ and layer 7 traffic Fingerprinting looks at patterns in traffic attributes to respond quickly to dynamic threats Share intelligence across all to proactively identify threats Give granular control to users for harder-to-detect Layer 7 Before we go further, could we talk about which, if any, of these are things you’d like to ask about?
  • #19 Talk Track Earlier we discussed four common vectors for attacks to compromise or steal sensitive data. The take-away for this slide is this: when there are multiple vectors, you need a layered defense. To defend against malicious payloads, you need a Web Application Firewall - WAF checks the payload against malicious OWASP on the application To mitigate damage by malicious bots you need to be able move the attack surface closer to the attacker - Cloudflare Workers lets you apply custom security rules and filtering logic at the network edge. This helps in early detection of malicious bots and prevents them from consuming resources To prevent unintended snooping of data, you need easy to manage and deploy encryption - TLS encrypts the content so protects against sniffing To block brute force logins, you need rate-based log-in protection - Rate Limiting checks against threshold volume to protect against DDOS, brute-force or scraping To prevent forged DNS answers that can send customers to a fake site, you need resilient DNS and DNSSEC - DNS tells us the address the request goes to and secure DNS protects against phishing To protect your origin web server from targeted attacks that directly use the server IP address, you need an easy way to expose web servers securely to the internet. The Argo tunnel stops attack traffic, without the hassle of opening up firewall ports and configuring ACLs by ensuring that requests route through Cloudflare’s WAF and unmetered DDoS before reaching the web server All these work seamlessly and are easy to set up and configure through the Cloudflare UI as well as through a rich set of APIs. The high level takeaways are: Multiple attack vectors Cloudflare has layered defense Easy to configure across all services Learn across 9m websites Background Reading - you can build this into your talk track: Reduce risks of data compromise through layered defense Attackers often use several attack vectors when attempting to compromise customer data. To protect themselves, companies need a layered defense. REDUCE SPOOFING THROUGH SECURE DNS Cache poisoning or "spoofing" tricks unsuspecting site visitors to enter sensitive data, such as credit card numbers, into an attacked site. This type of attack occurs when an attacker poisons the cache of a DNS name server with incorrect records. Until the cache entry expires, that name server will return the fake DNS records. Instead of being directed to the correct site, visitors are routed to an attacker's site, allowing the bad actor to extract sensitive data. DNSSEC verifies DNS records using cryptographic signatures. By checking the signature associated with a record, DNS resolvers can verify that the requested information comes from its authoritative name server and not a man-in-the-middle attacker. STOP ATTACK TRAFFIC TO THE ORIGIN WEB SERVER If an attacker knows the server's IP address, they can attack it directly and bypass existing security solutions. To address this problem, most companies use a solution called Origin Protection. We call it BGP Origin Protection, Incapsula calls it IP Protection and Akamai calls it Site Shield. The underlying technology is often a GRE tunnel and it's slow, expensive and only available as an on-demand service. What exactly does Argo Tunnel do? exposes web servers securely to the internet, without opening up firewall ports and configuring ACLs ensures requests route through Cloudflare before reaching the web server, so attack traffic is stopped with Cloudflare’s WAF and Unmetered DDoS mitigation and authenticated with Access Every server has an internal firewall that controls what can connect to that server. The firewall decides what connections can reach the server. (Note: Firewall only controls what can get in, not what can get out). By default, Firewall says no connection can reach the server. Usually you have to change the firewall so that connections to port 443 (HTTPS) can reach the server With Tunnel, you keep the firewall totally locked down. Nothing can get in. The Tunnel client installed and running on the server makes an outbound connection to Cloudflare. That's allowed – remember the firewall only cares about what establishes an inbound connection. Outbound is allowed. Because there is an outbound connection from the server to Cloudflare, Cloudflare can communicate with server. But if anything else tries to connect to the server, the firewall drops the connection. Someone trying to get the origin server’s IP by doing a scan of all IP's will not get a response from the server behind Tunnel – it is like the server is not there, or offline. REDUCE SNOOPING THROUGH ENCRYPTION Attackers can intercept or "snoop" on customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers. In the case of a "man-in-the-middle" attack, the browser thinks it is talking to the server on an encrypted channel, and the server thinks it is talking to the browser, but they are both talking to the attacker who is sitting in the middle. All traffic passes through this man-in-the-middle, who is able to read and modify any of the data. Fast encryption/termination, easy certificate management, and support of the latest security standards enable customers to secure transmission of user data. BLOCK MALICIOUS PAYLOADS THROUGH AUTO-UPDATED, SCALABLE WAF Attackers exploit application vulnerabilities by submitting malicious payloads that can extract sensitive data from the database, the user's browser, or from injecting malware that can compromise targeted systems. A Web Application Firewall (WAF) examines web traffic looking for suspicious activity; it can then automatically filter out illegitimate traffic based on rule sets that you ask it to apply. It looks at both GET and POST-based HTTP requests and applies a rule set, such as the ModSecurity core rule set covering the OWASP Top 10 vulnerabilities to determine what traffic to block, challenge or let pass. It can block comment spam, cross-site scripting attacks and SQL injections. The Cloudflare Web Application Firewall (WAF) updates rules based on threats identified because of its 6M customers, and can protect customers without hurting application performance because of its low-latency inspection and integration with traffic acceleration. REDUCE ACCOUNT TAKE-OVERS THROUGH LOGIN PROTECTION Attackers can wage "dictionary attacks" by automating logins with dumped credentials to "brute force" their way through a login-protected page. Cloudflare enables users to customize rules to identify and block at the edge these hard-to-detect attacks through its rate-limiting rules
  • #20 Cloudflare has protected its customers against some of the largest DDoS attacks which ever occurred. In fact, our 10 Tbps global anycast network is 10X bigger than the latest and largest DDoS attack, which allows us to protect all internet assets on our network even against the new, massive IoT-based DDoS attacks. With the addition of Rate Limiting Cloudflare complements the existing services DDoS and Web Application Firewall (WAF) Services. Rate Limiting protects against layer 7 denial-of-service attacks, brute-force password attempts, and other types of abusive behavior targeting the application layer. It provides the ability to configure thresholds and define responses by IP. If traffic from a specific IP exceeds the threshold, than those requests get blocked and timed out for a defined period. Cloudflare does not charge for blocked traffic, so that our customers only pay for good traffic but not attack traffic. Rate Limiting also provides customers to gain analytical insights into endpoints of the website, application, or API, and they can monitor their good and bad traffic. The main benefits of Rate Limiting include: Precise DDoS Mitigation: Rate Limiting provides simple to use but powerful configuration capabilities to protect against denial-of-service attacks Protect Customer Data: Rate Limiting is the right service to protect sensitive customer information against brute force login attacks Enforce Usage Limits: Enforce usage limits on your API endpoints by limiting HTTP requests Cost Protection: Avoid the unpredictable cost of traffic spikes or attacks by setting thresholds which only allow good traffic through.