Orly Sorokin. January 2013. AGENDA. DDoS attacks & Cyber security Statistics. About 2012 Global Security Report. Key Findings & Trends. Recommendations. DoS – How does it Look . Simple Way. ID: 301102
DownloadNote - The PPT/PDF document "Radware DoS / DDoS Attack Mitigation Sys..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Presentations text content in Radware DoS / DDoS Attack Mitigation System
Simple WayExcessive or specially crafted traffic causing network/server/application resources misuse, thus preventing legitimate traffic to reach its destination and limits the service providing, generated by tools, humans or both. Can be based on Volume / Rate / Vulnerability Exploitation DetailedLayer 3 Floods – targeting the network equipment, and the actual pipe capacity Layer 4 Floods – targeting the servers (physical or virtual), their stack resources Layer 7 Floods – targeting real applications and services
3
Slide4
Network and Data Security Attacks: from the News
4
Slide5
Cyber Security Study
A research study by Ponemon & RadwareSurveyed 700 IT & IT Security Practitioners Non Radware customersRelease date: Q4/2012
5
Slide6
DDoS Attacks Frequency
of organizations had an average of 3 DDoS attacks in the past 12 months
65%
How many DDoS attacks experienced in the past 12 months?
6
Slide7
Minutes average downtime during one DDoS attack
54
Average downtime during one DDoS attack
7
Slide8
AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
Slide9
Information Resources
Industry Security SurveyExternal survey 179 companiesMost are not using Radware DoS mitigation solution
ERT gets to see attacks in real-time on daily basis
Slide10
AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
Slide11
Organizations Bring a Knife to a Gunfight
”Someone who brings a knife to a gun fight” Is someone who does prepare himself for the fight, but does not understand its true natureOrganizations today are like thatThey do invest before the attack starts, and conduct excellent forensics after it is over, however, they have one critical blind-spot – they don't have the capabilities or resources to sustain a long, complicated attack campaign. Attackers target this blind spot!
11
Slide12
Attacked in 2012
12
They had the budget
They made the investment
And yet they went offline
Slide13
But Attacks Today Have 3 Phases
13
Slide14
ERT Cases – Attack Duration Trend
14
Attacks last longer: The number of
DoS attacks lasting over a week had doubled in 2012
21%
1
1%
12%
21%
12%
23%
Slide15
ERT Cases – Attack Vectors Trend
15
ERT Cases – Attack Vectors
Attacks are more complex
: 2012 DoS/DDoS attacks have become more sophisticated, using
more complex
attack vectors. Note the number of attacks using a complexity level of 7-10.
Slide16
Attack Vectors Trends
16
Industry Security Survey – Attack Count by Type
Attack remained diversified between different attack types.This reflects attackers using multi-vector attacks.
Slide17
Entities That Are The Bottlenecks in DoS Attacks
17
Industry Security
SurveyWhich services or network elements are (or have been) the bottleneck of DoS?
The three entities that are consistently the bottlenecks in DoS/DDoS attacksare the server under attack, the firewall and the Internet pipe.
Slide18
Solutions Used Against DoS Attacks
18
Industry Security SurveyWhich solutions do you use against DoS attacks?
Slide19
Attackers Motivation Trend
19
DoS motivation did not change in 2012 compared to last year.
Slide20
Who’s On The Target List?
20
Low
Medium
High
Government
Financial
eCommerce
eGaming
Mobile
ISP
2012
2011
Prior to 2011
Slide21
AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
Slide22
AMS Protection Set
NBA
Prevent application
resource misuse
Prevent zero-minute
malware
DoS Protection Prevent all type of network DDoS attacks
IPS Prevent application vulnerability exploits
Reputation Engine Financial fraud protection Anti Trojan & Phishing
WAF Mitigating Web application threats and zero-day attacks
Download this presentation
DownloadNote - The PPT/PDF document "Radware DoS / DDoS Attack Mitigation Sys..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Presentations text content in Radware DoS / DDoS Attack Mitigation System
Radware DoS / DDoS Attack Mitigation System
Orly Sorokin
January 2013
Slide2AGENDA
DDoS attacks & Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
Slide3DoS – How does it Look
Simple WayExcessive or specially crafted traffic causing network/server/application resources misuse, thus preventing legitimate traffic to reach its destination and limits the service providing, generated by tools, humans or both. Can be based on Volume / Rate / Vulnerability Exploitation DetailedLayer 3 Floods – targeting the network equipment, and the actual pipe capacity Layer 4 Floods – targeting the servers (physical or virtual), their stack resources Layer 7 Floods – targeting real applications and services
3
Slide4Network and Data Security Attacks: from the News
4
Slide5Cyber Security Study
A research study by Ponemon & RadwareSurveyed 700 IT & IT Security Practitioners Non Radware customersRelease date: Q4/2012
5
Slide6DDoS Attacks Frequency
of organizations had an average of 3 DDoS attacks in the past 12 months
65%
How many DDoS attacks experienced in the past 12 months?
6
Slide7Minutes average downtime during one DDoS attack
54
Average downtime during one DDoS attack
7
Slide8AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
Slide9Information Resources
Industry Security SurveyExternal survey 179 companiesMost are not using Radware DoS mitigation solution
ERT Cases Internal surveyUnique visibility into attacks behavior95 selected casesCustomer identity remains undisclosed
9
ERT gets to see attacks in real-time on daily basis
Slide10AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
Slide11Organizations Bring a Knife to a Gunfight
”Someone who brings a knife to a gun fight” Is someone who does prepare himself for the fight, but does not understand its true natureOrganizations today are like thatThey do invest before the attack starts, and conduct excellent forensics after it is over, however, they have one critical blind-spot – they don't have the capabilities or resources to sustain a long, complicated attack campaign. Attackers target this blind spot!
11
Slide12Attacked in 2012
12
They had the budget
They made the investment
And yet they went offline
Slide13But Attacks Today Have 3 Phases
13
Slide14ERT Cases – Attack Duration Trend
14
Attacks last longer: The number of
DoS attacks lasting over a week had doubled in 2012
21%
1
1%
12%
21%
12%
23%
Slide15ERT Cases – Attack Vectors Trend
15
ERT Cases – Attack Vectors
Attacks are more complex
: 2012 DoS/DDoS attacks have become more sophisticated, using
more complex
attack vectors. Note the number of attacks using a complexity level of 7-10.
Slide16Attack Vectors Trends
16
Industry Security Survey – Attack Count by Type
Attack remained diversified between different attack types.This reflects attackers using multi-vector attacks.
Slide17Entities That Are The Bottlenecks in DoS Attacks
17
Industry Security
SurveyWhich services or network elements are (or have been) the bottleneck of DoS?
The three entities that are consistently the bottlenecks in DoS/DDoS attacksare the server under attack, the firewall and the Internet pipe.
Slide18Solutions Used Against DoS Attacks
18
Industry Security SurveyWhich solutions do you use against DoS attacks?
Slide19Attackers Motivation Trend
19
DoS motivation did not change in 2012 compared to last year.
Slide20Who’s On The Target List?
20
Low
Medium
High
Government
Financial
eCommerce
eGaming
Mobile
ISP
2012
2011
Prior to 2011
Slide21AGENDA
Cyber security StatisticsAbout 2012 Global Security ReportKey Findings & TrendsRecommendations
Slide22AMS Protection Set
NBA
Prevent application
resource misuse
Prevent zero-minute
malware
DoS Protection Prevent all type of network DDoS attacks
IPS Prevent application vulnerability exploits
Reputation Engine Financial fraud protection Anti Trojan & Phishing
WAF Mitigating Web application threats and zero-day attacks
22
Slide23Radware Security Event Management (SEM)
Correlated reports
Trend analysis
Compliance management RT monitoring Advanced alerts Forensics
3
rd
Party SEM
NB / API
23
Slide24Radware AMS & ERT/SOC
24
Slide25Thank You
www.radware.com
Slide26Slide27Slide28Slide29Slide30Slide31Slide32Slide33