Keynote presentation by Dvir Shapira, Director of Product Management. Opening remarks include a look at where we’ve been in terms of the Internet as a whole and Internet security and performance, as well as where we’re going.
1. Staying Ahead of the Curve
DVIR SHAPIRA, Director of Product Management, Imperva
Incapsula
2. BIO Dvir Shapira
Just turned
forty-one.
Three kids.
Five years at
Incapsula (now
Imperva).
Successfully
battled millions
of bots.
(Bearing some
battle scars from
those fights.)
Helped make
thousands of IT
guys a bit happier.
5. How the internet came to be
Cybersecurity is introduced
The early days of online attacks
1990s 1994 2003 2009
19901980
1988 2001 2016
1994 1998 2004 2007
6. The Internet was
small and safe (only
20 ASNs
connected)
1980 1990
First web server,
first web browser
How the internet came to be
7. The early days of online attacks
1988
The Morris Worm
Robert Morris, creator of the Morris Worm
Russian Hackers
steal $10MM from
Citibank
1994
First web server,
first web browser
1990
The Internet was
small and safe
1980
8. Cybersecurity is introduced
Early 1990s
First IDS/IPS
systems
First stateful firewall
First web server,
first web browser
1990
The Internet was
small and safe
1980
The Morris Worm
1988
1994
9. The web starts evolving
First web server,
first web browser
1990
The Internet was
small and safe
1980
The Morris Worm
1988
First IDS/IPS
systems
1990s
First stateful
firewall
1994
Amazon.com is
founded
Google is
founded
1994 1998
10. Attacks become more
sophisticated
First web server,
first web browser
1990
The Internet was
small and safe
1980
The Morris Worm
1988
First IDS/IPS
systems
1990s
First stateful
firewall
1994
2001
Microsoft servers
are taken down by a
large DDoS attack
FBI Operation Bot
Roast finds over 1
million botnet victims
Amazon.com is founded
1994
Google is
founded
1998
11. Internet for the masses
First web server,
first web browser
1990
The Internet was
small and safe
1980
The Morris Worm
1988
First IDS/IPS
systems
1990s
First stateful
firewall
1994
Amazon.com is founded
1994
Google is
founded
1998
Attacks became more sophisticated
2001
Facebook is
founded
The iPhone is
introduced
2004 2007
12. 2003
Security is evolving as well
First cloud-based
DDoS protection
2009
First anti-bot
solutions introduced
First web server,
first web browser
1990
The Internet was
small and safe
1980
The Morris Worm
1988
First IDS/IPS
systems
1990s
First stateful
firewall
1994
Amazon.com is founded
1994
Google is
founded
1998
Attacks became more sophisticated
2001
2004 2007
Facebook
is founded
iPhone is
introduced
13. First web server,
first web browser
1990
The Internet
was small
and safe
1980
The Morris Worm
1988
First IDS/IPS
systems
1990s
First stateful
firewall
1994
Attacks became
more sophisticated
2001
Modern day attacks
First cloud-based
DDoS protection
2003
First anti-bot
solutions introduced
2009
High PPS DDoS
attack launched by
an IoT Botnet takes
DYN down
2016
Sophisticated botnets
bypass security to
perform numerous
ATO attacks
Amazon.com is founded
1994
Google is
founded
1998
2004
2007
Facebook is founded
iPhone is
introduced
14.
15.
16. We’re building our
network for IoT-based
multi-GPPS attacks
What’s next?
We anticipate seeing
AI-controlled ATO and
site scraping
The trend is toward
mobile and API
focused attacks
17. We must adapt.
Build an effective anti-bot toolbox.
Prepare for the next high-PPS attack.
18. There is still hope.
We still
have time
to prepare.
Most attacks are still under 100MPPS
>90% of automated attacks can be
mitigated using existing technologies
19. New
technologies are
in the works.
A lot of companies are working on
new tools to add to your toolbox.
There is still hope.
20. The increase in
awareness is
evident.
Most customers ask about
DDoS and bot-related attacks.
There is still hope.
21. Get the relevant people in
one room
IT, Security, dev, marketing
What can you do?
22. Estimate the risk
Are we susceptible to site scraping? ATO?
DDoS? What would be the impact?
What can you do?
23. What can you do?
Assign the right resources
based on the risk
R&D/IT, third-party providers