Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
This presentation will cover an overview of cloud market trends, the Infoblox Cloud Network Automation, VMware Private Cloud Automation use cases, and Amazon AWS and Hybrid/Public Cloud.
Guide answers the questions like - Which tools are available in the marketplace to mitigate ddos attacks? Is Scrubbing Center enough to mitigate ddos attacks?
With several DDoS defense technologies available in the market, which one is good for your organization? Choose the mitigation solution that works best for your needs.
Security, Availability and Integrity are top concerns around DNS. Infoblox Secure DNS
* provides a secure platform to host DNS services
* provides resilient DNS services even under attack ( like DNS DDoS, exploits )
* prevents data theft by malware/APT that uses DNS
* maintains DNS integrity that can otherwise be compromised by DNS hijacking
DNS security is important. But, in today’s world of dynamic cloud environments (AWS and Azure), content delivery networks (CDNs) and crowdsourced content and advertisements, looking only at the domain name is not a complete indicator of security. “Grey” domains are no longer the exception, they have become the norm. Join this webcast to explore the risks of relying on DNS-only based solutions and ways to add security to your DNS traffic without sacrificing performance or additional security insights.
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
This presentation will cover an overview of cloud market trends, the Infoblox Cloud Network Automation, VMware Private Cloud Automation use cases, and Amazon AWS and Hybrid/Public Cloud.
Guide answers the questions like - Which tools are available in the marketplace to mitigate ddos attacks? Is Scrubbing Center enough to mitigate ddos attacks?
With several DDoS defense technologies available in the market, which one is good for your organization? Choose the mitigation solution that works best for your needs.
Security, Availability and Integrity are top concerns around DNS. Infoblox Secure DNS
* provides a secure platform to host DNS services
* provides resilient DNS services even under attack ( like DNS DDoS, exploits )
* prevents data theft by malware/APT that uses DNS
* maintains DNS integrity that can otherwise be compromised by DNS hijacking
DNS security is important. But, in today’s world of dynamic cloud environments (AWS and Azure), content delivery networks (CDNs) and crowdsourced content and advertisements, looking only at the domain name is not a complete indicator of security. “Grey” domains are no longer the exception, they have become the norm. Join this webcast to explore the risks of relying on DNS-only based solutions and ways to add security to your DNS traffic without sacrificing performance or additional security insights.
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...ShortestPathFirst
Presentation given by Roland Dobbins covering our recent draft of use case scenarios for use in DDoS Open Threat Signaling. This presentation was given on Nov. 3rd, 2015 at IETF 94 in Yokohama, Japan.
DNS is one of the fastest growing attack vectors and current security solutions don’t address DNS threats. Infoblox Advanced DNS Protection is a self-protecting DNS appliance that provides defense against widest range of attacks – enabling you to automatically defend your business from DNS threats.
Is DNS a Part of Your Cyber Security Strategy?
Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program– DNS can help with this and much more, but are you leveraging it as part of your security controls and processes? DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing.
In this session, you'll learn:
The value of DNS as part of your cyber strategy
How DNS can provide your SIEM with actionable intelligence
How DNS can add value to other security controls, such as vulnerability scanners and end point protection
Join Infoblox for a discussion on this often overlooked topic.
Cloud basics for pen testers, red teamers, and defendersGerald Steere
Given at BSides Seattle 2017, February 4, 2017
You know the ins and outs of pivoting through your client’s or your employer’s domains. You know where to find those unprotected creds that unlock the mysteries of the LAN. You know which hashes grant DA and root to the infrastructure. All the bases belong to you, but do you know how to follow once the path leads into the clouds? As more and more companies move part or all of their operations into the cloud, penetration testers need to think beyond the traditional network boundaries and follow the data and services they are after.
The intent of this talk is to provide penetration testers as well as defenders a foundation on cloud services from an attacker’s point of view. This talk is cloud-agnostic and focuses on the general topics and attack patterns necessary to assess cloud-based services rather than specific implementations or vulnerabilities.
Do you know the differences between IaaS, PaaS, and SaaS and which vulnerabilities are applicable to each?
Am I even allowed to assess my company’s cloud resources?
Do you know what credentials you need to move from the corporate network into cloud based services? Do you know where to find them?
What dependencies can you compromise to complete your objectives?
What kinds of recommendations can I make to improve the security of my client’s cloud deployments?
Companies trust key portions of their operations, services, and data to public and private clouds and unless their internal and third-party testers must assess these deployments.
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
During the webinar, Vivek Ganti, Product Marketing Manager for Cloudflare, & Jim Hodges, Chief Analyst of Cloud and Security at Heavy Reading, discussed how service providers are regular targets of DDoS attacks, and how these attacks directly impact their uptime, availability, and revenue.
DDoS Defense for the Hosting Provider - Protection for you and your customersStephanie Weagle
Distributed Denial of Service (DDoS) attacks are major threats to hosting providers as well as datacenter operators, and traditional game plans for protecting shared infrastructure should be revisited to better protect availability and allow hosting providers to potentially create incremental revenue streams. DDoS attacks can have a devastating impact on not only the customer under attack, but also on the hosting provider and other customers within the same shared network infrastructure.
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...Imperva Incapsula
DDoS attacks are bigger and more sophisticated than ever before. Odds are your business is going to be attacked – and without an effective mitigation strategy, you don't stand a chance.
In this webinar Andrew Shoemaker a DDoS simulation expert from NimbusDDOS gives you a rare glimpse into how hackers find the weak points in your defenses and exploit them to level devastating DDoS attacks. You'll see real world examples of the tactics and methods used to create tailored DDoS attacks that can bring down a targeted network or application, and learn how best to defend them.
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...ShortestPathFirst
Presentation given by Roland Dobbins covering our recent draft of use case scenarios for use in DDoS Open Threat Signaling. This presentation was given on Nov. 3rd, 2015 at IETF 94 in Yokohama, Japan.
DNS is one of the fastest growing attack vectors and current security solutions don’t address DNS threats. Infoblox Advanced DNS Protection is a self-protecting DNS appliance that provides defense against widest range of attacks – enabling you to automatically defend your business from DNS threats.
Is DNS a Part of Your Cyber Security Strategy?
Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program– DNS can help with this and much more, but are you leveraging it as part of your security controls and processes? DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing.
In this session, you'll learn:
The value of DNS as part of your cyber strategy
How DNS can provide your SIEM with actionable intelligence
How DNS can add value to other security controls, such as vulnerability scanners and end point protection
Join Infoblox for a discussion on this often overlooked topic.
Cloud basics for pen testers, red teamers, and defendersGerald Steere
Given at BSides Seattle 2017, February 4, 2017
You know the ins and outs of pivoting through your client’s or your employer’s domains. You know where to find those unprotected creds that unlock the mysteries of the LAN. You know which hashes grant DA and root to the infrastructure. All the bases belong to you, but do you know how to follow once the path leads into the clouds? As more and more companies move part or all of their operations into the cloud, penetration testers need to think beyond the traditional network boundaries and follow the data and services they are after.
The intent of this talk is to provide penetration testers as well as defenders a foundation on cloud services from an attacker’s point of view. This talk is cloud-agnostic and focuses on the general topics and attack patterns necessary to assess cloud-based services rather than specific implementations or vulnerabilities.
Do you know the differences between IaaS, PaaS, and SaaS and which vulnerabilities are applicable to each?
Am I even allowed to assess my company’s cloud resources?
Do you know what credentials you need to move from the corporate network into cloud based services? Do you know where to find them?
What dependencies can you compromise to complete your objectives?
What kinds of recommendations can I make to improve the security of my client’s cloud deployments?
Companies trust key portions of their operations, services, and data to public and private clouds and unless their internal and third-party testers must assess these deployments.
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
During the webinar, Vivek Ganti, Product Marketing Manager for Cloudflare, & Jim Hodges, Chief Analyst of Cloud and Security at Heavy Reading, discussed how service providers are regular targets of DDoS attacks, and how these attacks directly impact their uptime, availability, and revenue.
DDoS Defense for the Hosting Provider - Protection for you and your customersStephanie Weagle
Distributed Denial of Service (DDoS) attacks are major threats to hosting providers as well as datacenter operators, and traditional game plans for protecting shared infrastructure should be revisited to better protect availability and allow hosting providers to potentially create incremental revenue streams. DDoS attacks can have a devastating impact on not only the customer under attack, but also on the hosting provider and other customers within the same shared network infrastructure.
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...Imperva Incapsula
DDoS attacks are bigger and more sophisticated than ever before. Odds are your business is going to be attacked – and without an effective mitigation strategy, you don't stand a chance.
In this webinar Andrew Shoemaker a DDoS simulation expert from NimbusDDOS gives you a rare glimpse into how hackers find the weak points in your defenses and exploit them to level devastating DDoS attacks. You'll see real world examples of the tactics and methods used to create tailored DDoS attacks that can bring down a targeted network or application, and learn how best to defend them.
This is a presentation i made about Denial of Service or a Distributed Denial of Service (DoS / DDoS) and the latest methods used to crash anything online and the future of such attacks which can disrupt the whole internet . Such attacks which are in TB's and can be launched from just single computer. And, there is not much that can be done to prevent them.
The security experts from Cloudflare and WP Engine help you navigate the security landscape for your web infrastructure.
Register to watch the on-demand webinar: https://hs.wpengine.com/webinar-securing-web-infrastructure
Recent DDoS attack trends, and how you should respondCloudflare
The past few months have seen significant changes in global DDoS tactics. We can observe these changes in detail by analyzing traffic patterns from Cloudflare’s global network, which protects more than 27 million Internet properties and blocks 45 billion cyber threats every day. What approaches are DDoS attackers using right now, and what are forward-thinking organizations doing in response?
Cloudflare DDoS product experts Omer Yoachimik, and Vivek Ganti will explore new data on DDoS trends and discuss ways to counter these tactics.
This presentation was delivered at the 2nd International Conference on Recent Trends in Information Technology and Computer Science in Mumbai. The paper deals with security issues in Cloud Computing, its mitigation and proposes a secure cloud mechanism with an implementation of the single-sign on mechanism on the Ubuntu Enterprise Cloud
"In this session, we will address the current threat landscape, present DDoS attacks that we have seen on AWS, and discuss the methods and technologies we use to protect AWS services. You will leave this session with a better understanding of:
DDoS attacks on AWS as well as the actual threats and volumes that we typically see.
What AWS does to protect our services from these attacks.
How this all relates to the AWS Shared Responsibility Model."
En 2019, NSFOCUS Security Labs detectó más de 400,000 ataques DDoS lanzados a través de botnets, un fuerte aumento en comparación con 2018 (8323 ataques DDoS). Según nuestra observación, Las botnets que se ejecutaban en dispositivos IoT eran principalmente de las familias Mirai y Gafgyt. Estas dos familias fueron explotadas para lanzar más del 60% de los ataques DDoS en la primera mitad de 2019. NSFocus posee una de las soluciones más potentes y robustas del mercado, con 20 años de Experiencia y 8 Centros de Limpieza (Scrubbing Center) Desplegados en todo el Globo. Con una capacidad de mitigación de 7 Tbps
Presentation by Charl van der Walt at INFO SEC Africa 2001.
The presentation begins with a case study of a DoS attack launched on a number of high profile sites by the canadian teen "Mafiaboy". An explanation of DoS and DDoS given. The impact of DDoS in South Africa is also discussed. The presentation ends with a series of discussions on DDoS countermeasures.
DDoS attacks make headlines everyday, but how do they work and how can you defend against them? DDoS attacks can be high volume UDP traffic floods, SYN floods, DNS amplification, or Layer 7 HTTP attacks. Understanding how to protect yourself from DDoS is critical to doing business on the internet today. Suzanne Aldrich, a lead Solutions Engineer at Cloudflare, will cover how these attacks work, what is being targeted by the attackers, and how you can protect against the different attack types. She will cap the session with the rise in IoT attacks, and expectations for the future of web security.
As presented on 1/31/2018 at Cisco NYC Security Open House. These slides describe how a proper Disaster Recovery infrastructure, with a proper an automated network integration can provide instant recovery from Ransomware attacks and can improve security of the production environment.
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCCloudflare
Join this webinar with guest speaker Romain Fouchereau, Manager of the Security Appliance Program, European Systems and Infrastructure Solutions at IDC and Cloudflare, recently named a Leader in the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment (Doc #US43699318, March 2019).
In this webinar, you will learn:
- Why defending against only volumetric layer 3 and 4 attacks will leave you vulnerable to other emerging DDoS attack vectors
- What economic and technological shifts are making DDoS more harmful and more evasive
- Why bot management should be considered in every DDoS mitigation strategy
- Which types of companies in EMEA are highly targeted and why
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
B2B payments are rapidly changing. Find out the 5 key questions you need to be asking yourself to be sure you are mastering B2B payments today. Learn more at www.BlueSnap.com.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
In the Adani-Hindenburg case, what is SEBI investigating.pptxAdani case
Adani SEBI investigation revealed that the latter had sought information from five foreign jurisdictions concerning the holdings of the firm’s foreign portfolio investors (FPIs) in relation to the alleged violations of the MPS Regulations. Nevertheless, the economic interest of the twelve FPIs based in tax haven jurisdictions still needs to be determined. The Adani Group firms classed these FPIs as public shareholders. According to Hindenburg, FPIs were used to get around regulatory standards.
Company Valuation webinar series - Tuesday, 4 June 2024FelixPerez547899
This session provided an update as to the latest valuation data in the UK and then delved into a discussion on the upcoming election and the impacts on valuation. We finished, as always with a Q&A
Understanding User Needs and Satisfying ThemAggregage
https://www.productmanagementtoday.com/frs/26903918/understanding-user-needs-and-satisfying-them
We know we want to create products which our customers find to be valuable. Whether we label it as customer-centric or product-led depends on how long we've been doing product management. There are three challenges we face when doing this. The obvious challenge is figuring out what our users need; the non-obvious challenges are in creating a shared understanding of those needs and in sensing if what we're doing is meeting those needs.
In this webinar, we won't focus on the research methods for discovering user-needs. We will focus on synthesis of the needs we discover, communication and alignment tools, and how we operationalize addressing those needs.
Industry expert Scott Sehlhorst will:
• Introduce a taxonomy for user goals with real world examples
• Present the Onion Diagram, a tool for contextualizing task-level goals
• Illustrate how customer journey maps capture activity-level and task-level goals
• Demonstrate the best approach to selection and prioritization of user-goals to address
• Highlight the crucial benchmarks, observable changes, in ensuring fulfillment of customer needs
Exploring Patterns of Connection with Social Dreaming
Cybersecurity breakfast tour 2013 (1)
1. DDoS
mi'ga'on
Infradata
Cybersecurity
Breakfast
Tour
2013
Nicolai
van
der
Smagt
–
nicolai@infradata.nl
2. DDoS..
“A
distributed
denial-‐of-‐service
aGack
(DDoS
aGack)
is
an
aGempt
to
make
a
machine
or
network
resource
unavailable
to
its
intended
users.
Although
the
means
to
carry
out,
mo'ves
for,
and
targets
of
a
DoS
aGack
may
vary,
it
generally
consists
of
efforts
to
temporarily
or
indefinitely
interrupt
or
suspend
services
of
a
host
connected
to
the
Internet.”
3. ..Mi'ga'on
Mi'ga'on:
mi
·∙
'
·∙
ga
·∙
'on.
/mɪtɪˈgeɪʃ(ə)n/
noun
the
ac'on
of
reducing
the
severity,
seriousness,
or
painfulness
of
something.
3
4. DDoS
aGack?
It’ll
never
happen
to
me
˥ Ostrich
Mentality
:
‘When
an
ostrich
is
afraid,
it
will
bury
its
head
in
the
ground,
assuming
that
because
it
cannot
see,
it
cannot
be
seen.’
˥ Historically,
this
has
been
the
a`tude
to
DDoS
as
a
Service
Availability
Threat.
˥ …but
this
has
changed
in
the
past
2-‐3
years,
because
of:
˥
˥
˥
˥
AWARENESS
:
Massive
mainstream
press
around
Anonymous,
ING,
other
bank
aGacks
RISK
:
More
businesses
are
reliant
on
Internet
Services
for
their
business
con'nuity.
MOTIVATIONS
:
Wider
spread
of
aGack
mo'va'ons,
broader
target
set.
EXPERIENCE
:
Larger,
more
frequent,
more
complex
aGacks.
6. Recent
DDoS
events
in
Europe
˥ Ideologically
mo'vated
DDoS
aGacks
against
UK
government
sites
in
rela'on
to
the
extradi'on
of
Julian
Assange.
˥ Ideologically
mo'vated
DDoS
aGacks
against
the
largest
DNS
registrar
in
the
UK
which
was
authorita've
for
domains
hos'ng
poli'cal
content
cri'cal
of
the
Chinese
government
˥ Compe==ve
advantage
was
the
mo'va'on
for
DDoS
aGacks
on
a
Jersey-‐based
provider
of
online
gambling
services,
las'ng
over
a
week
˥ Retaliatory
DDoS
aGack
against
a
sokware
vendor
of
widely-‐used
customer-‐service
sokware,
aker
the
vendor
found
and
fixed
a
SQL
injec'on
vulnerability
in
their
products.
A
blackhat
had
discovered
this
on
his
own
and
was
actually
in
the
process
of
auc'oning
it
off
to
prospec've
aGackers
in
an
underground
criminal
forum
as
a
zero-‐day
exploit
when
the
vendor
issued
the
patch
˥ Unknown
mo'va'ons
inspired
the
ING
bank
aGacks
(distrac'on
from
other
criminal
ac'vi'es?)
7. DDoS
aGack
mo'va'ons
˥ Distrac'on
from
other
criminal
ac'vity
˥ Phishing
for
banking
creden'als
with
Zeus
˥ DDoS
to
distract
and
cover
up
the
crime
˥ DDoS
distrac'on
also
used
to
cover
up
system
penetra'ons
followed
by
data
leaks
10. DDoS
is
Key
to
availability
risk
planning
Availability
Scorecard
DDoS
is
the
#1
threat
to
the
availability
of
services
–
but
it
is
not
part
of
the
risk
analysis
Site
Selec'on
Physical
Security
Fire
Protec'on
&
Detec'on
When
measuring
the
risk
to
the
availability
or
resiliency
of
services,
where
does
the
risk
of
DDoS
aFacks
fall
on
the
list?
Electrical
&
Power
Environment
&
Weather
DDoS
AFacks?
10
11. Business
impact
of
DDoS
aGacks
Bar
Chart
9:
Significance
of
revenue
loss
resul=ng
from
website
down=me
for
one
hour
43%
50%
40%
30%
31%
21%
20%
5%
10%
0%
Very
Significant
Significant
Somewhat
Significant
Not
Significant
0%
None
Botnets
&
DDoS
aFacks
cost
an
average
enterprise
$6.3M*
for
a
24-‐hour
outage!
*
Source:
McAfee
–
Into
the
Crossfire
–
January
2010
Source:
Ponemon
Ins'tute
–
2010
State
of
Web
Applica'on
Security
The
impact
of
loss
of
service
availability
goes
beyond
financials:
Opera=ons
How
many
IT
personnel
will
be
'ed
up
addressing
the
aGack?
Help
Desk
How
many
more
help
desk
calls
will
be
received,
and
at
what
cost
per
call?
Recovery
How
much
manual
work
will
need
to
be
done
to
re-‐
enter
transac'ons?
Lost
Worker
Output
How
much
employee
output
will
be
lost?
Penal=es
Lost
Business
Brand
&
Reputa=on
Damage
How
much
will
have
to
be
paid
in
service
level
agreement
(SLA)
credits
or
other
penal'es?
How
much
will
the
ability
to
aGract
new
customers
be
affected?
What
is
the
full
value
of
that
lost
customers?
What
is
the
cost
to
the
company
brand
and
reputa'on?
12. DDoS
aGack
types
and
targets
Volumetric,
state-‐exhaus'on
and
applica'on-‐layer
aGacks
can
bring
down
cri'cal
data
center
services
AGack
Traffic
e.g:
Layer
4-‐7
Application-‐
Layer
/
Slow&Low
AGack
Good
Traffic
ISP
1
DATA
CENTER
ISP
2
ISP
n
Backbone
SATURATION
e.g.:
Volumetric
/
Flooding
AGack
Exhaus:on
of
STATE
Firewall
Exhaus:on
of
SERVICE
IPS
Load
Balancer
e.g:
Layer
4-‐7
/
State
/
Connec'on
AGack
Target
Applica'ons
&
Services
13. DDoS
aGack
vectors
•
Volumetric
AGacks
UK Broadband
– Usually
botnets
or
traffic
from
spoofed
IPs
genera'ng
high
bps
/
pps
traffic
volume
– UDP
based
floods
from
spoofed
IP
take
advantage
of
connec'on
less
UDP
protocol
– Take
out
the
infrastructure
capacity
–
routers,
switches,
servers,
links
BB
B
Bots connect to
a C&C to create
an overlay
Provider
network (botnet)
C&C
B
Systems
Become
Infected
Internet
Backbone
B
B
Server
DNS
RequestV
Repeated
many
'mes
DNS
ResponseV
Vic'm
DNS
Server
responds
to
request
from
spoofed
source.
DNS
Response
is
many
8mes
larger
than
request.
Bots attack
BM
B
B
US Corp
AGacker
JP Corp.
Bye
Bye!
B
Botnet master
Controller B
Issues attack
Connects
Command
US Broadband
§ Reflec'on
AGacks
– Use
a
legi'mate
resource
to
amplify
an
aGack
to
a
des'na'on
– Send
a
request
to
an
IP
that
will
yield
a
big
response,
spoof
the
source
IP
address
to
that
of
the
actual
vic'm
– DNS
Reflec've
Amplifica'on
is
a
good
example
14. DDoS
aGack
vectors
• TCP
state
exhaus'on
– Take
advantage
of
stateful
nature
of
TCP
protocol
– SYN,
FIN,
RST
Floods
– TCP
connec'on
aGacks
Client
SYNC
Server
SYNS,
ACKC
Repeated
many
'mes
– Exhaust
resources
in
servers,
load
balancers
or
firewalls.
Listening…
Store
data
(connec8on
state,
etc.)
System
runs
out
of
TCP
listener
sockets
or
out
memory
for
stored
state
• Applica'on
layer
aGacks
• Exploit
limita'ons,
scale
and
func'onality
of
specific
applica'ons
• Can
be
low-‐and-‐slow
• HTTP
GET
/
POST,
SIP
Invite
floods
• Can
be
more
sophis'cated:
ApacheKiller,
Slowloris,
SlowPOST,
RUDY,
refref,
hash
collision
etc..
15. DDoS
aGack
vectors
The
DDoS
weapon
of
choice
for
Anonymous
ac'vists
is
LOIC,
downloaded
more
than
639,000
'mes
this
year
(so
far).
Average
2115
downloads
daily.
16. So,
how
is
DDoS
evolving?
Looking
at
the
Internet
threat
landscape
˥ In
order
to
understand
the
DDoS
threat
(and
how
to
protect
ourselves)
we
need
to
know
what
is
going
on
out
there.
˥ Two
data
sources
being
presented
here:
˥ Arbor
Worldwide
Infrastructure
Security
Survey,
2011.
˥ Arbor
ATLAS
Internet
Trends
data.
˥ Arbor
Worldwide
Infrastructure
Security
Survey,
2011
˥ 7th
Annual
Survey
˥ Concerns,
observa'on
and
experiences
of
the
OpSec
community
˥ 114
respondents,
broad
spread
of
network
operators
from
around
the
world
˥ Arbor
ATLAS
Internet
Trends
˥ 240+
Arbor
customers,
37.8Tbps
of
monitored
traffic
˥ Hourly
export
of
anonymized
DDoS
and
traffic
sta's'cs
17. 2012
ATLAS
ini'a've
:
Anonymous
worldwide
stats
Higher
pps
rates
seen
in
2011,
have
con=nued
into
2012
§ Average
aGack
is
1.56Mpps,
September
2012
§ 190%
growth
from
September
2011
Average
Monthly
Kpps
of
AFacks
2500
2000
1500
1000
500
0
1556
18. 2012
ATLAS
ini'a've
:
Anonymous
worldwide
stats
Peak
ABack
Growth
trend
in
Gbps
§ Peak
aGack
in
September
2012
is
63.3Gbps
§ 136%
rise
from
September
2011
§ Spikes
at
75Gb/sec
and
100Gb/sec
so
far
this
year.
Peak
Monthly
Gbps
of
AFacks
120
100
80
60
40
20
0
63.33
19. 2012
ATLAS
ini'a've
:
Anonymous
worldwide
stats
Average
ABack
Growth
trend
in
Mbps
§ Average
aGack
is
1.67Gbps,
September
2012
§ 72%
growth
from
September
2011
§ Average
aGacks
now
consistently
over
1Gb/sec
2500
Average
Monthly
Mbps
of
AFacks
2000
1500
1000
500
0
1670
20. DDoS
AGacks
are
evolving
Have You Experienced Multi-vector Application /
Volumetric DDoS Attacks
27%
32%
Don't Know
No
Yes
41%
Number of DDoS Attacks per Month
47%
50%
40%
30%
20%
10%
9%
15%
7%
10%
11%
1%
0%
0
1 - 10 10 - 20 20 - 50 50 - 100 100 500
> 500
Services Targeted by Application
Layer DDoS Attacks
Other
IRC
SIP/VOIP
HTTPS
SMTP
DNS
HTTP
7%
11%
19%
24%
25%
67%
87%
0%
20%
40%
60%
80%
100%
21. Recent
financial
aGacks
(“Opera'on
Ababil”):
Mul'-‐vector
DDoS
on
a
new
level
˥ Compromised
PHP,
WordPress,
&
Joomla
servers
˥ Oken
US
or
EU
based
so
geo-‐blocking
is
difficult
˥ Large
bandwidths
–
powerful
aGacks
˥ Mul'ple
concurrent
aGack
vectors
˥ GET
and
POST
app
layer
aGacks
on
HTTP
and
HTTPS
˥ DNS
query
app
layer
aGack
˥ Floods
on
UDP,
TCP
Syn
floods,
ICMP
and
other
IP
protocols
˥ Unique
characteris'cs
of
the
aGacks
˥ Very
high
packet
per
second
rates
per
individual
source
˥ Large
bandwidth
aGack
on
mul'ple
companies
simultaneously
˥ Very
focused
˥ could
be
false
flag
˥ could
be
Cyberwar
˥ could
be
hack'vism
22. DDoS,
a
growing
problem
So,
how
can
we
minimize
the
impact
of
an
aGack?
˥ Monitor
the
network
and
services
so
that
you
can
pro-‐ac'vely
detect
changes
at
all
layers
(up
to
layer
7).
˥ Know
who
to
call.
˥ Develop
an
incident
handling
process
and
run
fire-‐drills
˥ U'lise
the
security
capabili'es
built
into
other
network
and
security
infrastructure
to
minimise
impact
where
possible
˥ Use
a
Dedicated
OOB
Management
Network
23. The
failure
of
exis'ng
security
devices
CPE-‐based
security
devices
focus
on
integrity
and
confiden'ality
and
not
on
availability
Product
Family
Triangle
Benefit
Firewalls
Integrity
Enforce
network
policy
to
prevent
unauthorized
access
to
data
Intrusion
Preven'on
System
Integrity
Block
break-‐in
aGempts
causing
data
thek
Informa'on
Security
Triangle
Firewalls
and
IPS
device
do
not
solve
the
DDoS
problem
because
they
(1)
are
op'mized
for
other
security
problems,
(2)
can’t
detect
or
stop
distributed
aGacks,
and
(3)
can
not
integrate
with
in-‐cloud
security
solu'ons.
DATA
CENTER
IPS
Load
Balancer
Because
they
are
stateful
and
inline,
they
are
part
of
the
DDoS
problem
and
not
the
solu8on.
Many
DDoS
aCacks
target
firewalls
and
IPS
devices
directly!
24. Industry
solu'on
A:
CPE-‐based
protec'on
˥ A
CPE
is
placed
inline
with
traffic.
Because
the
device
has
full
visibility
of
traffic
des'ned
for
the
customer
it
is
in
a
unique
posi'on
to
quickly
detect
and
mi'gate
DDoS
aGacks.
The
CPE:
˥
˥
˥
˥
Detects
DDoS
aGacks
immediately
Starts
blocking
without
delay
Has
finite
capacity
Requires
hands-‐on
knowledge
to
operate
24
25. Industry
solu'on
B:
Out-‐of-‐path
protec'on
˥ A
monitoring
device
receives
L3/L4
traffic
informa'on
from
routers
in
the
network
(via
Neƒlow/BGP).
DDoS
traffic
can
be
diverted
to
a
scrubbing
center
for
“cleaning”.
Other
traffic
con'nues
unaffected.
˥
˥
˥
˥
Detects
DDoS
aGacks
immediately
Works
in
large
and
complex
networks
with
lots
of
traffic
and
internet
links
Has
finite
capacity
Requires
hands-‐on
knowledge
to
operate
SCRUBBING
CENTER
ISP
1
DATA
CENTER
ISP
2
Local
ISP
Firewall
IPS
ISP
n
Monitoring
system
25
26. Industry
solu'on
C:
Cloud-‐based
protec'on
˥ Cloud-‐based
protec'on
works
by
intercep'ng
aGack
traffic
‘in-‐the-‐cloud’,
long
before
it
reaches
the
network
under
aGack.
It
provides:
˥
˥
˥
˥
Almost
infinite
capacity
(currently
1
Tbps)
Upstream
blocking
so
customer
networks
never
see
DDoS
traffic
Effec've
blocking
within
minutes
of
star'ng
mi'ga'on
DDoS
mi'ga'on
“as-‐a-‐Service”
27. Arbor
Peakflow,
Out-‐of-‐path
protec'on
Pervasive
and
cost-‐effec've
visibility
and
security
˥ Pervasive
network
visibility
and
deep
insight
into
services
˥ Leverage
Neƒlow
technology
for
broad
traffic
visibility
across
service
provider
networks.
˥ Comprehensive
threat
management
˥ Granular
threat
detec'on,
surgical
mi'ga'on
and
repor'ng
of
DDoS
aGacks
that
threaten
business
services.
˥ Managed
service
enabler
˥ A
plaƒorm
which
offers
the
ability
to
deliver
new,
profitable,
revenue-‐genera'ng
services
i.e
DDoS
Protec'on
and
traffic
analysis
28. Prolexic
cloud-‐based
DDoS
mi'ga'on
Scrubbing
Centers
(peering):
§ San
Jose,
CA
§ Ashburn,
VA
§ London,
UK
§ Frankfurt,
DE
§ Hong
Kong,
China
§ Tokyo,
Sydney
(2014)
Carrier
reach:
§ A
minimum
of
3
Tier
1
Carriers
Per
Site
§ 500+
peers
Global
Reach:
§ Staff
on
four
con'nents
§ 800
Gigabits/sec
dedicated
for
aGack
traffic
Scrubbing
Center
Regional
offices
Headquarters
&
SOC
Botnet
Concentra=on