Upload
clara-butler
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Page 2 - Company Confidential
2010 Infrastructure Security Survey
6th Annual Survey Survey conducted in
September – October 2010
Diversity– Service providers– Content/ASPs– Enterprises– Broadband– Mobile– DNS – Educational
Page 3 - Company Confidential
Key Findings of the Survey
Threat severity and complexity continue to increase– Attack size increases dramatically, impacting underlying network
infrastructure– Application layer attacks continue with some new applications
being targeted more frequently. The Threat-to-Defense gap is the widest observed to date– DDoS attack capabilities of miscreants are outpacing the defensive
measures taken by network service providers Firewall and IPS equipment represents critical points of failure
during DDoS attacks Mobile network growth is a game changer – availability of
limitless botnets with greater bandwidth and few network control points
New technologies affect fragility of Internet Infrastructure
Page 4 - Company Confidential
DDoS Attack Sizes Over Time
Over 102% increase YOY in attack size shows resurgence of brute force and volumetric attack techniques
Internet providers have focused on application threats so miscreants turned back towards attacking network capacity
Page 5 - Company Confidential
Application Layer Attacks
Application detection is becoming common place– 77% of respondents have successfully detected application layer
attacks – Lynchpin service infrastructure remain top targets– Application attacks are advancing to more sophisticated services
Page 6 - Company Confidential
Attack Frequency and Targets
Attack frequency is increasing– 69% of respondents see at least 1 DDoS attack per month– 35% of respondents see 10 or more DDoS attacks per month
compared to 18% in 2009 Customers or services comprise 90% of targeted victims– Major collateral events are less common, but drive greater impact
Page 7 - Company Confidential
Failure of Firewall and IPS in the IDC
Nearly half of all respondents have experienced a failure of their firewalls or IPS due to DDoS attack
Page 8 - Company Confidential
Mobile Provider Security Posture
Roughly 50% report security problems with mobile subscribers
Mobile respondents demonstrate poor visibility into compromised hosts– 56% have no visibility into
scale of compromised handsets
– Optimistically, 17% say that there are none in the network
– And 13% operators say at least 5% of customer base is compromised
Majority use NAT, firewalls and ACLS– 47 to 60%
DDoS mitigation and SMS filtering less common
Page 9 - Company Confidential
Mobile Security Incidents
More than half of carriers have had outages in last year due to security incidents!
79% of mobile respondents say they have not had a DDoS attack explicitly targeting their infrastructure – Over 50% admit they have
limited network visibility– How many DDoS events are
they having that they simply don’t know about?
Mobile operators are more concerned about DNS, AAA, Mail attacks than fixed line providers
70% compared to 58% in fixed line
Page 10 - Company Confidential
DNSSEC Threats
24% of respondents have deployed DNSSEC Already 25% have experienced or expect problems and 31%
expect increase in amplification attacks
Page 11 - Company Confidential
The IPv6 Security Arms Race
Vendors and network operators are rushing to introduce IPv6 visibility and security as networks scale up
Page 12 - Company Confidential
As in 2010 most monitored attacks still small in 2011 : 78.5% less than 1Gb/sec (down from 93% in 2009 and 79% in 2010) 63.5% less than 1Mpps (down from 94% in 2009 and 87% in 2010)
Average size of attacks,
Smaller Attacks Still Make up the Majority
Less than 1Gb/sec: 2010 is 197.41Mbps / 307.72Kpps 2011 is 332.1Mbps / 739.2Kpps
Less than 1Mpps: 2010 is 558.96Mbps / 228.139Kpps 2011 is 599.2Mbps / 335.7Kpps
Page 13 - Company Confidential
Average monthly attack size since start of 2009.
Average attack is 1.31Gbps / 1.62Mpps, July 2011
Attack Sizes have Grown Steadily since 2009
Average attacks sizes have grown by 40.6% / 165.7% since start of 2010
Page 14 - Company Confidential
Proportion of monitored attacks over 10Gb/sec has dropped by 48% so far in 2011.
Large packet per second attacks increasing
Proportion of monitored attacks over 10Mpps has increased by 98.4% so far in 2011, compared to 2010.
Page 15 - Company Confidential
In 2009, 19.6% of monitored attacks targeted port 80.
In 2010 this had increased to 31%, and so far in 2011 we are at 37.3%.
Increased Proportion of Attacks Targeting Port 80
Attacks targeting fewer ports 80 and 53 most prevalent.
75% drop in proportion of attacks over 10Gb/sec, from 2010 – still 47% up from 2009.
Page 16 - Company Confidential
Proportion of monitored attacks over 10Gb/sec fell back at the start of the 2011.
Growing again now.
Proportion of Attacks Over 10Gbps and 10Mpps
Spikes in number of attacks over 10Mpps in March and July.
March = Belize Attacks