Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
DDoS Defense: How to Break the Link to Advanced Threats
ISMG SECURITY EXECUTIVE ROUNDTABLEsponsored by NETSCOUT Arbor
Agenda6:00 – 6:30 p.m.
Registration, Networking and Cocktails
6:30 – 6:45 p.m.
Introductions and Opening Remarks
• Nick Holland, Director, Banking and Payments, Information Security Media Group• Tom Bienkowski, Director, Product Marketing, NETSCOUT Arbor
6:45 – 8:30 p.m.
Roundtable Discussion
8:30 p.m.
Program Concludes
Introduction
Over the course of the past two years, enterprises worldwide
have seen a significant increase in the power and scale of DDoS
attacks – some of them, based on the Mirai botnet, leveraging
IoT devices. And many of these attacks have a direct link to
nation-state actors and their advanced threats, which use the
same methodologies commonly found in DDoS toolkits. Against
such threats and threat actors, conventional, perimeter-based
DDoS defenses are insufficient.
What types of DDoS attacks is your organization detecting? What are the most common attack vectors?
How should you refocus your defenses against DDoS and advanced threats?
If you’re looking for new answers to these questions, then welcome to this exclusive executive
roundtable on DDoS Defense: How to Break the Link to Advanced Threats.
Guided by insight from Tom Bienkowski of event sponsor NETSCOUT Arbor, this invitation-only dinner
will draw from the results of NETSCOUT Arbor’s latest Threat Reports, as well as the experiences of
the attendees, offering insights on how they have been able to improve detection and defense against
DDoS and advanced threats. Among the discussion topics:
• What types – and size - of DDoS attacks are most commonly detected?
• What are the most prevalent attack vectors?
• What is the direct link to advanced threats and nation-state attackers?
• How must enterprise defenses evolve beyond the perimeter to detect and prevent these attacks?
You’ll have the opportunity to discuss DDoS and advanced threats with a handful of senior executives in
an informal, closed-door setting, from which you will emerge with new strategies and solutions you can
immediately put to work.
Strategic Threat Intelligence: Lessons from the Pentagon 2
Discussion Points
Among the questions to be presented for open discourse:
• What types of DDoS attacks have you commonly seen in the past year?
• What common vectors do these attacks use?
• How do you rate your current DDoS defenses?
• What are the biggest gaps in your DDoS defenses?
• What threats do you see from nation-state attackers?
• How do you rate your defenses beyond the perimeter to defend against these attacks?
• What are your biggest gaps beyond the perimeter?
• How do you intend to fill these gaps in 2019?
Strategic Threat Intelligence: Lessons from the Pentagon 3
About the ExpertJoining our discussion today to share the latest insights and
case studies is:
Tom Bienkowski
Director, Product Marketing, NETSCOUT Arbor
Bienkowski has been in the network and security field for over 20 years. He has worked for large
enterprises as a network engineer and for network management and security vendors, where he has
had roles in sales engineering/management, technical field marketing and product management. At
NETSCOUT Arbor, he’s a director of product marketing focusing on the industry-leading Edge Defense
and Threat Intelligence solutions. Bienkowsi is a frequent speaker at IT security events around the world,
providing insights into cyberthreats and best defense practices.
About Arbor Networks
Since 1999, NETSCOUT Arbor’s DDoS protection and network visibility solutions have been tested and
proven in the world's largest, most complex networks. The company delivers powerful visibility and
traffic intelligence, at internet scale, to help customers not only understand their own environment, but
threat actors and their tools, behaviors and campaigns on a global basis.
To learn more about NESCOUT Arbor products and services, please visit our website at arbornetworks.
com or follow on Twitter @ArborNetworks.
Strategic Threat Intelligence: Lessons from the Pentagon 4
About the ModeratorLeading our discussion today is:
Nick Holland
Director, Banking and Payments, Information Security Media Group
Holland, an experienced security analyst, has spent the last decade focusing on the intersection of
digital banking, payments and security technologies. He has spoken at a variety of conferences and
events, including Mobile World Congress, Money2020, Next Bank and SXSW, and has been quoted by
The Wall Street Journal, CNN Money, MSNBC, NPR, Forbes, Fortune, BusinessWeek, Time Magazine,
The Economist and the Financial Times. He holds an MSc degree in information systems management
from the University of Stirling, Scotland.
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely
to information security and risk management. Each of our 28 media properties provides education,
research and news that is specifically tailored to key vertical sectors including banking, healthcare
and the public sector; geographies from the North America to Southeast Asia; and topics such as
data breach prevention, cyber risk assessment and fraud. Our annual global summit series connects
senior security professionals with industry thought leaders to find actionable solutions for pressing
cybersecurity challenges.
For more information, visit www.ismg.io.
Strategic Threat Intelligence: Lessons from the Pentagon 5
NOTE: In advance of this event, ISMG’s Nick Holland discussed
DDoS defenses with NETSCOUT Arbor’s Tom Bienkowski. Here is
an excerpt of that conversation.
DDoS Attack Trends
NICK HOLLAND: As you reflect on 2018, what were the most
concerning DDoS attack trends?
TOM BIENKOWSKI: As we look back on 2018 we see a few
concerning trends.
First, the number of attacks is rising. This is mainly due to the ease
of which these attacks can be executed by using readily available
do-it-yourself attack tools or for-hire DDoS attack services.
Second, botnets are no longer used just for DDoS attacks. Gone
are the days where a single bot offered a simplistic DDoS attack
type. In today’s DDoS threat landscape, attackers increasingly add
diversification into their bots, allowing a wide variation of attacks and
protocols to take down networks. Related: IoT based botnets have
and will continue to grow in use and size.
Third, the number of larger attacks is rising. In 2018, the largest
attacks we saw was 1.7Tbps DDoS, but that’s rare. Even though most
attacks are under 2Gbps in size, we are seeing an increase in the
number of attacks over 100Gbps.
Link to Nation-States?
HOLLAND: What’s the link between these trends and nation-state
adversaries, as well as the advanced threats they represent?
BIENKOWSKI: The line between DDoS attacks and other forms of
cyberthreats is starting to blur.
When an adversary targets an organization, they will customize an
attack campaign that will utilize multiple tactics, techniques and
procedures. For example, Hidden Cobra is a North Korean APT
group that actively targets corporations, with a heavy emphasis on
financials. They deploy a variety of TTPs, including DDoS attacks
that are used to take out services and serve as a diversionary tactic.
CONTEXT
DDoS Defense: How to Break the Link to Advanced ThreatsQ&A With NETSCOUT Arbor’s Tom Bienkowski
“The line between DDoS attacks and other forms of cyberthreats is starting to blur. .”
Tom Bienkowski
Strategic Threat Intelligence: Lessons from the Pentagon 6
Flaw in DDoS Defenses
HOLLAND: In light of these findings, what are your concerns about
traditional DDoS defenses?
BIENKOWSKI: The truth is that DDoS attacks have been around for
over 20 years. And most organizations have some form of DDoS
protection in place. What’s concerning is that the protection many
of these organizations have in place were designed to stop DDoS
attacks from years ago.
The modern-day DDoS attack has changed dramatically in size,
frequency and complexity. The question we want organizations to
ask themselves is: “Is the DDoS protection we have in place still
adequate?” In other words, can it stop the modern-day DDoS attack
and other threats to your organization? Can a very traditional cloud-
based DDoS attack protection service (which is required for large
attacks) adequately stop a ‘low and slow’ application-layer attack? In
most cases, the answer is no.
Adversary Tactics
HOLLAND: How are adversaries responding to improvements in
defenses?
BIENKOWSKI: The adversaries are getting stealthier. They recognize
that large volumetric DDoS attacks (e.g. 100 Gbps) can easily be
recognized and thwarted using modern-day DDoS protection
technology and services. So instead, they are focusing on smaller,
application-layer attacks, which are much more difficult to detect yet
just as impactful.
This past year we saw a 20 percent increase in application-layer
DDoS attacks. Unfortunately for the targets who only have a cloud-
based DDoS attack protection service, they realized that it took
too long (if at all) to stop these application-layer attacks before the
impact was done.
The Best Defense
HOLLAND: What best practices do you recommend for DDoS
defense?
BIENKOWSKI: A hybrid defense. For the most comprehensive
protection, organizations should consider the combination of cloud-
based protection to stop large attacks, and on-premises protection
to stop application-layer attacks. DDoS protection should also utilize
stateless packet processing technology allowing it to stop inbound
TCP-state exhaustion attacks, which can bring down stateful
devices, such as NGFWs. And if possible, outsource to the DDoS
attack protection experts who do this daily.
NETSCOUT Arbor’s Approach
HOLLAND: How is NETSCOUT Arbor helping enterprises evaluate
and improve their defenses?
BIENKOWSKI: For almost 20 years, NETSCOUT Arbor has been
researching DDoS attacks and designing products and services
to stop them. We constantly strive to educate the market and
customers on the latest trends in DDoS attacks and recommend
best practices in defense so organizations can adequately protect
themselves.
Our solution consists of an intelligently integrated combination of
fully managed, cloud-based, global scrubbing and on-premises
products that use highly scalable stateless packet processing
technology to not only stop inbound DDoS attacks but also other
cyberthreats coming in and leaving an organization.
Finally, all our products and services are armed with our ATLAS
threat intelligence feed and expertise from our ATLAS Security
Engineering and Research Team, or ASERT.
“For the most comprehensive protection, organizations should consider the combination of cloud-based protection to stop large attacks and on-premises protection to stop application layer attacks.”
Strategic Threat Intelligence: Lessons from the Pentagon 7
Notes
Strategic Threat Intelligence: Lessons from the Pentagon 8
Notes
Strategic Threat Intelligence: Lessons from the Pentagon 9
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to information
security and risk management. Each of our 28 media properties provides education, research and news that is
specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from
North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud.
Our annual global Summit series connects senior security professionals with industry thought leaders to find
actionable solutions for pressing cybersecurity challenges.
Contact
(800) 944-0401 • [email protected]
902 Carnegie Center • Princeton, NJ • 08540 • www.ismg.io
CyberEd