Downloaded 13 times
Uploaded byHostway|HOSTING
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
The document discusses mitigating DDoS attacks. It provides an overview of DDoS attacks including some history and context, current observations and statistics showing a large increase in attacks, the visible and invisible costs of attacks, and strategies for protection including using on-premises appliances, cloud-based solutions, or a hybrid approach. It also covers some challenges in protecting applications and infrastructure layers and looks ahead to threats in 2016 as barriers to DDoS attacks are lowered. The presentation aims to help organizations understand the risks and have the right tools and configurations to defend against attacks.
More Related Content
![[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...](https://cdn.slidesharecdn.com/ss_thumbnails/webinar-151105191522-lva1-app6892-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
More from Hostway|HOSTING
![[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-themodernstackbuildingwebaiapplicationswithserverless-251124030844-388cf04f-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels](https://cdn.slidesharecdn.com/ss_thumbnails/md-exploringappleson-devicefoundationmodels-251124030840-d690542c-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-phpinaiagethelaravelway-251125012602-ef9d330e-thumbnail.jpg?width=640&height=640&fit=bounds)
![Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day3-cfd-251120170304-ddef8112-thumbnail.jpg?width=640&height=640&fit=bounds)
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
- 1.
- 2. • This webinaris being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar • Please submit questions via the button on the upper left of the viewer • If we don’t get to your question during the webinar, we will follow up with you via email • Download related resources via the “Attachments” button above the viewing panel • On Twitter? Join the conversation: #DDoS, @HOSTINGdotcom, @Exceda, @shrepfur 2 HOUSEKEEPING
- 3. 3 #1. #2. #3? Devv. Prod (Un)Managed
- 4. 4 How Deep… Are YouProtected? For Free, I will say you are at risk!
- 5.
- 6. 6 Buyers On SameTeam
- 7. 7 OUR LOGOS EVENMATCH
- 8.
- 9. HIGH PERFORMANCE SECURITY: MITIGATINGDDOS ATTACKS WITHOUT LOSING YOUR EDGE John Cully, U.S. Marketing
- 10. DDoS Webinar 1/14/1610 WHAT WE’LL COVER TODAY • Some history/context • Current observations & scary numbers • Visible & invisible costs • Protection strategies • 2016 threat outlook • Q&A
- 11. DDoS Webinar 1/14/1611 NICE TO MEET YOU • John Cully Exceda U.S. Director of Marketing • Alex Soares Director, Exceda Security Products
- 12. DDoS Webinar 1/14/1612 WHO IS EXCEDA? “Exceda provides a managed portfolio of best-in-class web acceleration, security and monitoring solutions to customers and resellers throughout the Americas.” • 15 year track record • 3rd largest Akamai Technologies channel partner • Extensive experience in professional services/custom configurations
- 13. DDoS Webinar 1/14/1613 DDOS ATTACKS: A BRIEF HISTORY • A Perfect Storm • Players • Objectives • Targets • Cost of entry
- 14. DDoS Webinar 1/14/1614 TWO DAYS AGO…
- 15. DDoS Webinar 1/14/1615 SOME NUMBERS Q3 2015 vs. Q3 2014: • 1,510 DDoS attacks on Akamai customers • 179.66% increase in total DDoS attacks • 25.74% increase in application layer (Layer 7) DDoS attacks • 198.1% increase in infrastructure layer (Layer 3 & 4) DDoS attacks • 15.65% decrease in average attack duration: 18.86 vs. 22.36 hours • 52.94% decrease in attacks > 100 Gbps: 8 vs. 17 • 65.58% decrease in average peak attack bandwidth • 88.72% decrease in average peak attack volume • 462.44% increase in reflection attacks Source: Akamai Q3 2015 SOTI Security Report
- 16. DDoS Webinar 1/14/1616 KEY TAKEAWAYS • More small attacks • More diverse actors • More tools • More incentive • More victims
- 17. DDoS Webinar 1/14/1617 WHAT’S THE DAMAGE? • $ per minute/hour • Reputation • Fines • Remediation • Resource fatigue • “Smash & grab”
- 18. DDoS Webinar 1/14/1618 THINGS TO CONSIDER • Timing • CDN • Closet or Cloud? • The $64,000 question
- 19. DDoS Webinar 1/14/1619 CHALLENGES & STRATEGIES • Application layer DDoS attack • WAF / request rate control - Provides defense for web applications by limiting the amount of requests it can receive before disrupting service; • Added bonus of protecting against malicious requests against the web application with intent to steal data, deface websites, etc. (e.g. OWASP) • Network layer DDoS attack • Always on and on-demand full network routing protects all infrastructure against attacks on the network layers (L3 - transport, L4 - control); • Solutions • On-premises appliances • Cloud Application and Network DDoS defense • Hybrid approach that combines both solutions
- 20. DDoS Webinar 1/14/1620 On-Premises DDoS Protection On-premises DDoS defense Risk of resource exhaustion due to attacks larger than the equipment capacity, leading to service disruption - Capable of protecting against all types of attacks - Good first step approach - More granular control - Only the tip of the iceberg
- 21. DDoS Webinar 1/14/1621 Exceda’s globally distributed Web Application Firewall Cloud Web DDoS Protection - Near-infinite resources to combat DDoS attacks - On-demand option available - Only protects the web applications and not the entirety of the infrastructure
- 22. DDoS Webinar 1/14/1622 Cloud Network DDoS Protection Exceda globally distributed Scrubbing Centers - Protects all of the infrastructure but without granularity towards the applications - Possible added latency
- 23. DDoS Webinar 1/14/1623 Hybrid Approach Network DDoS Defense Web Application DDoS Defense On-Prem DDoS Defense A hybrid approach will largely eliminate the shortcomings of each individual solution and provide a comprehensive multi-perimeter approach to defending your business
- 24. DDoS Webinar 1/14/1624 THE ROAD AHEAD: 2016 • DDoSaaS lowers barrier to entry • IoT risks increase • Ransom/blackmail • Increased scale—not duration • Trickle down to SMB and beyond
- 25. DDoS Webinar 1/14/1625 FINAL THOUGHTS • Planning: “How’s now? Is now good for you? • On-Prem vs Cloud vs Hybrid • Right Tools, Right Configuration
- 26. 26 Q&A John Cully |Director of Marketing, Exceda | jcully@exceda.com Andy Schroepfer | CSO, HOSTING | aschroepfer@hosting.com Alex Soares | Director of Security Products, Exceda asoares@exceda.com For more information about security solutions by HOSTING, please contact our team at 888.894.4678.
Editor's Notes
- #13 Founded in Sao Paolo, Brazil Long term Akamai partner Expanded & Dynamic portfolio Importance of configuration; risk of “Right tool, wrong configuration”
- #14 Perfect storm Increased reliance on the Internet in business & personal lives Increased reliance on Internet for revenue—tipping point around 2010 for eCommerce Explosion in the number and types of connected device; mobile, wearable, pervasive Home routers, security cameras, appliances Players Script kids>hacktivists>state sponsored>organized crime>everyone’s getting in on the action as it’s gotten less complex and costly to launch attacks 5 year view Before 2010 it was really about script kiddies and gamers; web was less important to business. Defacement, downtime were the end goals 2010 Anonymous really brings DDoS to the fore as a form of digital protest. Around the same digital blackmail emerges; send us $$ or we’ll DDoS your site. Profit motive emerges; downtime becomes means to an end DD4BD Last September, DD4BC started blackmailing for bitcoins. Lasted September through June. Hundreds of emails to CFOs, CSOs around the world. Then in June 2015 they fell silent. Armada Soon after, we saw a group called Armada come forth. They’re using many of the same techniques; not highly sophisticated. Same type of volumetric attack; standard, open-source tools for DDoS & Blackhat Community to attack with. If you get us an email saying “pay us $ or else” it could be one of these. Copycats While DD4BC followed through on threats, Armada followed through on some threats, now there are copycats. Working down the ladder of businesses all the way down to small business. Organized Crime Blackmail; there are
- #15 Perfect storm Increased reliance on the Internet in business & personal lives Increased reliance on Internet for revenue—tipping point around 2010 for eCommerce Explosion in the number and types of connected device; mobile, wearable, pervasive Home routers, security cameras, appliances Players Script kids>hacktivists>state sponsored>organized crime>everyone’s getting in on the action as it’s gotten less complex and costly to launch attacks 5 year view Before 2010 it was really about script kiddies and gamers; web was less important to business. Defacement, downtime were the end goals 2010 Anonymous really brings DDoS to the fore as a form of digital protest. Around the same digital blackmail emerges; send us $$ or we’ll DDoS your site. Profit motive emerges; downtime becomes means to an end DD4BD Last September, DD4BC started blackmailing for bitcoins. Lasted September through June. Hundreds of emails to CFOs, CSOs around the world. Then in June 2015 they fell silent. Armada Soon after, we saw a group called Armada come forth. They’re using many of the same techniques; not highly sophisticated. Same type of volumetric attack; standard, open-source tools for DDoS & Blackhat Community to attack with. If you get us an email saying “pay us $ or else” it could be one of these. Copycats While DD4BC followed through on threats, Armada followed through on some threats, now there are copycats. Working down the ladder of businesses all the way down to small business. Organized Crime Blackmail; there are
- #16 Importance of WAF DDoS Attack activity over our network jumped again this quarter, setting a record for the number of DDoS attacks. At the same time, average peak bandwidth and packets-per-second have been dropping, a trend continued from q2. e use of reflection-based DDoS methods by DDoS-for-hire sites resulted in smaller attacks on average than we have observed from infection-based botnets. Akamai tracked nine infrastructure-layer re ection attack vectors, including the three newer re ection attacks: NetBIOS, Sentinel, and rpc. ere were eight mega attacks greater than 100 gigabits per second (Gbps), with the largest at 149 Gbps. Half of all attacks were between 400 Mbps to 5 Gbps. e online gaming sector was hit particularly hard in q3, accounting for half of all DDoS attacks. Media and entertainment faced more of the biggest DDoS attacks. e decrease in bandwidth, volume and duration can be attributed to a few factors. One is that the booter-stresser tools used to launch attacks cost money and limit the attacker to a set length of time. In the past, more attacks were based on botnets developed through infection, and attacks could last until they were mitigated, attackers gave up, or the botnet was taken down. Additionally, the booter-stresser tools, which use reflection attack techniques instead of directly generating their own payloads, seem to be less capable of big attacks than botnets. If you were to come under DDoS attack, there’s an even chance that the DDoS attack size would be somewhere between 400 Mbps and 5 Gbps. is estimate gives you a range to use as you plan your DDoS defenses. Also note that while the attacks falling below 400 Mbps are widely distributed and gradually fall o , there is a large cluster of attacks above 5 Gbps that drops o dramatically above 50 Gbps. attack spotlight / When it comes to DDoS attacks, high bandwidth is usually the most notable metric, but a high packet-per-second rate can also be devastating. In q3, Akamai mitigated an attack that would require at least 145 Gbps of available bandwidth just to withstand its brunt. Further, the attack generated a record-setting 222 million packets-per-second (Mpps). Reflection DDoS attack: command & control structure Malicious actor begins by sending a query to a victim IP address. The victim is an unwitting accomplice in the attack. The victim could be any device on the Internet that exposes a reflectable UDP service. The attacker’s query is spoofed to appear to originate from the attacker’s target. The attacker uses an automated attack tool to send malicious queries at high rates to a large list of victims, who will in turn respond to the target. A big takeaway is that malicious actors are finding it more pro table to choose reflection over infection. Instead of spending time and e ort to build and maintain DDoS botnets, it is far easier for attackers to exploit network devices and unsecured service protocols. is methodology has been applied to the DDoS-for-hire ecosystem. Stresser/Booter These are tools for users to test their own site; assumption is that it’s a legit server sending testing traffic. These are sites that use in many cases compromised serers;
- #17 Attackers are now thinking in terms of ROI Large scale attacks were designed to bring websites down and keep them down Small scale attacks are a tactic as part of a larger ‘business plan’ The pool of attackers is growing larger as the means to attack become more available Proliferation of connected devices>easier to create large scale botnets>easy to package access for sale More tools/”DDoS as a Service”+easier to scale mean lower pricing to execute an attack The tools are incredibly easy and low-cost. $50-$100 gets you 30-60 minutes of botnet End result is a trickle down effect to even small businesses. It’s not just downtime; it’s the perceived risk of site damage/destruction Small ransoms mean it can be easier to just pay No business is immune, and geographic borders are meaningless.
- #18 $ per minute/hour $40,000 per hour (Encapsula) These are averages; holiday season can be a multiple of 10x-20x this for eCommerce $40k/hr any other day could be $500k/hr on Black Friday Find out how much per hour during business hours your company brings in online. IT may not know, but sales/mktg sure will Not a one-time transactional loss; long term customer loss “Keeping a customers is free; finding a new one costs money.” Reputation You’re being shut down in the most visible way possible. Sends both a business and security message. “If they can’t protect their own site how are they protecting my PII?” If I can’t count on them I’ll go to someone I can. Social media amplifies effects Banks can suffer even more from both financial & reputational damage The more important trust is to your business, the more reputational risk from DDoS Fines Not a HUGE issue in the U.S. yet Impacting regulated industries Canada leading the way in imposing fines for unprotected sites Resource fatigue Resources of people within the IT team. Havoc in daily routine can be a huge distraction from business as usual. Stop and start attacks. 15 minutes. Stop/Start. Over days, this can have an effect on the people who are combatting these attacks. This can be part of the “Smash and grab” approach with a theft of customer data. “Smash & grab” DDoS as a smokescreen for other activities Create a distraction while attempting to penetrate cust. database, for example Again, think of DDoS as a means to an end, not an end in itself
- #19 Timing: Benefits of proactive planning/preparation; cost of downtime + complexity & cost of remediation Difference in cost between security in place vs. security in place when you’re under attack CDN: Do you have a CDN in place? Scalability, capacity, absorption Closet or Cloud: Introduce On-Prem vs. Cloud/Managed DDoS solutions $64,000 question: balancing performance, security and cost. “Good, Fast, Cheap” analogy Transition to Alex