DDoS Attacks:

DDoS Attacks: DDoS Attacks: - Start

Added : 2017-03-19 Views :217K

Download Presentation

DDoS Attacks:




Download Presentation - The PPT/PDF document "DDoS Attacks:" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentations text content in DDoS Attacks:

Slide1

DDoS Attacks:The Stakes Have Changed. Have You?

November 17, 2016

Slide2

Today’s Speakers

Sean PikeProgram Vice President, Security Products, IDC

Tom BienkowskiDirector, Product Marketing, Arbor Networks

Kevin WhalenSr. Director, Corporate & Marketing Communications, Arbor Networks

Slide3

Slide4

Recent IoT Botnet Attack Against Dyn

Slide5

IDC’s Perspectives on DDoS Attack Trends…

Slide6

Source: Verizon DBIR 2016

Uptick in DDoS Attacks

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

Slide7

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

Mean Values

Spamhaus

400 GbpsBBC 600GbpsRio 540 Gbps

Source: DBIR 2016

Largest Attacks

Probably vs. Capable

Slide8

Heavy Spending Priority on Newsworthy Incidents

63.1%

63.4%

Top 2

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

Slide9

Arbor’s Perspectives on DDoS Attack Trends…

Slide10

DDoS Attacks Increasing in Size, Frequency & Complexity

Fact:

Source: Arbor Networks 11

th

Annual Worldwide Infrastructure Security Report

600+

Gbps

DDoS Attack Trends

Slide11

(per month)

DDoS Attack Trends

DDoS Attacks Increasing in Size, Frequency & Complexity

Fact:

Source: Arbor Networks 11

th

Annual Worldwide Infrastructure Security Report

Slide12

DDoS Attack Trends

DDoS Attacks Increasing in Size, Frequency & Complexity

Fact:

Source: Arbor Networks 11

th

Annual Worldwide Infrastructure Security Report

Slide13

Industry Best Practices Exist to Stop All of These Attacks

The Internet

BotNet

Your ISP

Firewall

Your Data Center

Low and Slow, Stealth

attacks

Crashes application servers

Application Layer Attacks

Legitimate Traffic

Volumetric Attacks

Large(up to 500 Gbps)

Saturates

links

TCP State-Exhaustion Attacks

Crashes

stateful

devices (Load balancers, firewalls, IPSs)

Dynamic, Multi-vector Combination

The Modern Day DDoS Attack Is Complex

Slide14

Why the Rise in Size, Frequency & Complexity?

Slide15

$5:$100sK

Cost of DDoS Service

Impact to Victim

DDoS Attacks Are

The Great Equalizer…

Ability

It’s Never Been Easier to Launch a DDoS Attack

Fact:

Slide16

Source: Arbor Networks 11

th

Annual Worldwide Infrastructure Security Report

Motivations

Many Motivations Behind DDoS Attacks

Fact:

Slide17

Every Physical Geo-Political Event…

Has a Cyber Reflection…

DDoS Attacks Are The Great Equalizer…

The Cyber Reflection

Slide18

Attack targets were not necessarily the events themselves,

but organizations tangentially associated with the events.

Examples of Cyber Reflections

Slide19

What is IDC Hearing

from Their Clients?

Slide20

Common Questions About DDoS

Reliability?

Continuity?Digital Transformation?

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

Slide21

The Role of IoT

Protecting Endpoints

Ransom

The Role

IoT

is Playing in DDoS Attacks

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

Slide22

Recent Dyn Attack

& IoT Botnets

Slide23

A floating population of approximately 500,000 compromised IoT devices worldwide (Internet-enabled digital video recorders (DVRs), surveillance cameras).Relatively high concentrations of Mirai nodes have been observed in Asia, Brazil, North America and Europe.

Compromised due to default user name and passwords being enabled on devices and open ports in firewalls (Telnet TCP 23/2323). IoT devices are subsumed into the Mirai botnet by continuous, automated scanning by other compromised Mirai botnet IoT devices.Rebooting the device removes the malware running in memory, but its estimated that it will take less than 10 min to be rescanned and become part of botnet again.

Mirai Botnet

Slide24

Mirai is NOT Just a DNS Attack

Mirai features segmented command-and-control, which allows the botnet to launch simultaneous DDoS attacks against multiple, unrelated targets.To date, no verified spoofed DDoS traffic has been observed being sourced from the Mirai botnet. This could change in future versions/variants of MiraiThe code has been released to wild…we are already seeing signs of alteration and attacks using the botnet.

Mirai is capable of launching multiple types of DDoS attacks, including:SYN-floodingUDP floodingValve Source Engine (VSE)query-floodingGRE-floodingACK-floodingPseudo-random DNS label-prepending attacks (also known as DNS ‘Water Torture’ attacks)HTTP GET, POST and HEAD attacks.

Mirai Botnet is

a Multi-vector DDoS Attack

Slide25

July 2014

June 2016

Aug 2016

LizardStresser IoT Botnet Targets Brazil

IoT Botnets: More than Mirai

Targets were organizations affiliated with major international sporting events (e.g. gov’t, banks, sponsors, etc.).

Pre-event activity

Never heard of these?

That’s because the defenders were

prepared

.

They had the proper people, products and processes in place well before the event occurred.

Slide26

IDC Recommendations for DDoS Attack Protection

Slide27

IDC Recommendations

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

FW/IPS vs. DDoS Defense

HybridSolutions

ManagedServices

People & Process

Slide28

Arbor DDoS Attack Protection Solutions

Slide29

Mirai Botnet is Multi-Vector

The Modern Day DDoS Attack Is Complex

Industry Best Practices Exist to Stop

All of These Attacks

The Internet

BotNet

Your ISP

Firewall

Your Data Center

Volumetric Attacks

Large(up to 500 Gbps)

Saturates

links

TCP State-Exhaustion Attacks

Crashes

stateful

devices (Load balancers, firewalls, IPSs)

Application Layer Attacks

Low and Slow, Stealth

attacks

Crashes application servers

Legitimate Traffic

Dynamic, Multi-vector Combination

Slide30

Layered DDoS Attack Protection

4

Backed by continuous threat intelligence

Backed by Continuous Threat Intelligence

Your Data Centers/

Internal Networks

The Internet

Your (ISP’s) Network

Volumetric Attack

Application Attack

Scrubbing Center

Stop application layer DDoS attacks & other advanced threats; detect abnormal outbound activity

1

Stop volumetric attacks In-Cloud

3

Cloud Signal

Intelligent communication between both environments

2

Stopping Modern Day DDoS Attacks

Slide31

Arbor’s DDoS Protection Solution

Comprehensive DDoS Protection Products & Services

Armed with Global Visibility & Actionable

Threat Intelligence

The Internet

In-Cloud

On-Premise

Arbor deployment in

majority of ISPs

Arbor Cloud

Volumetric Attack

Application Attack/Malware

Target/Compromised Hosts

Cloud Signal

SERT

Security Engineering & Response Team

Slide32

Closing Remarks

Slide33

Without the proper knowledge of…DDoS Attack Trends (i.e. Ease,motivations, attack types, relationshipwith data breach)Best Practices in DDoS Mitigation(i.e. Products, People and Processes)Impact to Your Business (i.e. Downtime,loss revenue, mitigation costs etc.)…You cannot accurately calculatethe risk of a DDoS Attack.

Knowledge & Preparation Are the Keys to Protection

X

Slide34

Q&A

Thank You


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.
Youtube