Embed Size (px)
Citation preview
Corero Network SecurityDDoS – A Modern Day Opportunity for Service Providers
Dave Larson, VP Product and CTO
August 2015
© 2015 Corero www.corero.com
DDoS Attacks 2014-2015
Total Attack Bandwidth GbpsData shown represents the top ~2% of reported attacks
DEC 1 JAN 1 2014
FEB 1 MAR 1 APR 1 MAY 1 JUL 1 AUG 1 OCT 1 NOV 1SEP 1 DEC 1 JAN 1 2015
100
200
300
400
APR 1 2014
JUL 23 2014
JUN 23 2014HONG KONG VOTING SITES
JUN 1
DEC 8 2014DEC 31 2013MAJOR HOSTING
SITES
Source: Network Computing/Ponemon Institute
2
Source: Digital Attack Map - DDoS attacks around the globe
AUG 24 2014
JAN 4 2015FEB 5 20144chan
XBOX
BATTLE.NET
© 2015 Corero www.corero.com
3
Our average customer sees almost 4 attacks per day – and climbing!
Some customers see many more
Problem spans across all verticals
Enterprises are asking their providers for help
The Problem is Real – and Pervasive
© 2015 Corero www.corero.com
4
Increase in Low Bandwidth, Short Duration Attacks96% of Attacks Last Less Than 30 Minutes
© 2015 Corero www.corero.com
Evolution of DDoS Detection and Mitigation
© 2015 Corero www.corero.com6
Unprotected Customer
Attack TrafficNon-Attack Traffic
DDoS Detection(NetFlow Collector/Analyzer)
NetFlow
Null Routeon Destination IP
Native Traffic Path
All traffic discarded
DDoS Defense 1.0 - Null Route
© 2015 Corero www.corero.com7
Partially Protected Customers
Attack TrafficNon-Attack Traffic
DDoS Detection(NetFlow Collector/Analyzer)
Non-Attack Traffic
Diverted Traffic Path
New Route via BGP
GRE Tunnel to Customer
Native Traffic Path
Industry Leader’sScrubbing Approach
NetFlow
DDoS Defense 2.0 - Scrubbing
TMS
© 2015 Corero www.corero.com8
Attack TrafficNon-Attack Traffic
Non-Attack Traffic
DDoS Traffic Blocked Inline
CompletelyProtected Customers
DDoS Defense 3.0 - Inline, Always-On SecureWatch®
Comprehensive DDoS AnalyticsReal-time Alerting and Reporting
The Modern Day DDoS Opportunity
Always-On, Service Provider Managed Threat DefenseAvailable as a Shared or a Dedicated Threat Defense Service
© 2015 Corero www.corero.com
SmartWall® Network Threat
Defense
Protected Resource
Single Customer
10G
10G
DEDICATED 10G THREAT DEFENSE
DEDICATED MULTIPLE 10G THREAT DEFENSE
10G
Protected Resource
Single Customer
10G
10G
SmartWall® Network Threat
Defense10G
10
Protected Resource
Customer 1
40G
10M
SHARED <10G THREAT DEFENSESmartWall®
Network Threat Defense
Protected Resource
Customer 2
1G
Protected Resource
Customer N
100M
10G
10G
Internet
Example Internet Peering Deployment
© 2015 Corero www.corero.com11
SP
Upstream Provider A
SmartWall® Network Threat Defense Appliances Deployed on 10G Peering Connections
Upstream Provider B
Service Provider Network
© 2015 Corero www.corero.com12
Attack TrafficNon-Attack Traffic
SecureWatch® Comprehensive DDoS Analytics
Real-time Alerting and Reporting
Non-Attack Traffic
DDoS Traffic Blocked
at Subscriber Edge
Completely Protected ISP, Hosting, and Enterprise Customers
Example Subscriber Edge Deployment
DDoS Defense 3.0 and a New Economic Modelfor DDoS Services
Corero SmartWall Network Threat Defense
ADVANCED DDOS & CYBER THREAT DEFENSE TECHNOLOGY
BUILT ON NEXT GENERATION ARCHITECTURE
COMPREHENSIVE ATTACK VISIBILITY & NETWORK
FORENSICS
SmartWall® Threat Defense System (TDS)
Service/Hosting Providers On Premises or Cloud deployments Protection in modular increments of 10 Gbps In-line or scrubbing topologies
14 © 2015 Corero www.corero.com
Real-time DDoS Defense
© 2015 Corero www.corero.com37
Example week – Hosting Data Center under constant attack
Attack traffic is well above the normal levels and stays below the link capacity
Attacks are mitigated in real-timeProtected networks see normal traffic levels
Flexible rule changes quickly allow mitigation of newly discovered attacks
Raw Internet Good TrafficGood Traffic
Attack Traffic
Raw Internet Protected Network
Example 10G Deployment with Bypass
© 2015 Corero www.corero.com
Peers(Internet)
SERVICE PROVIDER
Packet Flow (10 Gbps)
Packet Flow (10 Gbps)
10 G
bps
10 G
bps
Internal side packet flow
External side packet flow
Legend
NB = Network BypassNTD = Network Threat Defense
NB NTD
• Central Management
• Splunk Analytics/ Reporting
Server
25
10 Gbps throughput @30 Mpps
Protected Resources
Example 20G Deployment with Bypass
© 2015 Corero www.corero.com
Peers(Internet)
SERVICE PROVIDER
Packet Flow (10 Gbps)
Packet Flow (10 Gbps)
Packet Flow (10 Gbps)
Packet Flow (10 Gbps)
OSPF or 802.1d (layer 2)
10 G
bps
10 G
bps
10 G
bps
10 G
bps
Protected Resources
NB NTD NB NTD
• Central Management
• Splunk Analytics/ Reporting
Server
26
20 Gbps throughput @60 Mpps
Internal side packet flow
External side packet flow
Legend
NB = Network BypassNTD = Network Threat Defense
© 2015 Corero www.corero.com18
Single IP address Off-Ramp 4 x 10G
4 x 10G On-Ramp (supports GRE, MPLS, VxLAN)HOSTING PROVIDERS
DATA CENTERS
Peers(Internet)
SERVICE PROVIDER
40G SmartWall® NTD Scrubbing Center
Cisco/Arista/HPJuniper/Dell ToR
4 x SmartWall
Cisco/Arista/HPJuniper/Dell ToR
© 2015 Corero www.corero.com19
Up to 4 x 40G (160G)Manage from a single pane of glass via Corero CMS
Up to 4 x 40G On-Ramp (supports GRE, MPLS, VxLAN)
HOSTING PROVIDERS DATA CENTERS
Peers(Internet)
SERVICE PROVIDER
160G SmartWall® NTD Scrubbing Center
Cisco/Arista/HPJuniper/Dell ToR
16 x SmartWall
Cisco/Arista/HPJuniper/Dell ToR
Corero Overview
Corero products and services PROTECT AND OPTIMIZE your critical infrastructure and online services
HQHudson, MA, USAPublicly traded CNS:LN
500+active customers across many verticals world-wide
First Line of Defense® against DDoS attacks and cyber threats
ENTERPRISESERVICE PROVIDERSHOSTING PROVIDERS & DATA CENTERS
20 © 2015 Corero www.corero.com
Key Take-Aways
• A new economic model that allows for more coverage, more granular defense at a fraction of the cost
• Profitable DDoS Defense as-a-Service revenue generating opportunities• Deployment options suited your business—no vendor lock in• Unprecedented visibility into network traffic and DDoS attack activity,
powered by Splunk
Legacy DDoS scrubbing solutions are cost prohibitive, difficult to scale, and lack real-time detection and mitigation
Service Providers can now benefit from:
© 2015 Corero www.corero.com21
Thank You!
![Worm DDos Spam - SecurityCN.net · CNCERT/CC CNCERT/CC CNCERTCC_TR_2005-001(Draft) Worm DDos Spam Phishing Spyware Botnet [1] Bot DDos DDos Bot: ±Robo Bot](https://img.pdfslide.net/doc/110x75/5c040e7609d3f203258dac36/worm-ddos-spam-cncertcc-cncertcc-cncertcctr2005-001draft-worm-ddos-spam.jpg)
