How to Fight Massive IoT DDoS Attacks with Multi-layered Defense

June 2017

Recent Distributed Denial of Service Attacks (DDoS)

2

*1 Source: ovh.co.uk*2 Source: thehackernews.com*3 Source: hub.dyn.com

*4 Source: scmagazine.com*5 Source: theregister.co.uk*6 Source: channelnewsasia.com

*7 Source: thehackernews.com*8 Source: http://www.securityweek.com

Multiple DDoS attacks through hacked IoT

devices

Mirai-based botnets

Attacks on Domain Name Services

(DNS)

Massive DDoS attack powered by hacked IoT

145,000 devices

1 Tbps*1

Largest-ever

verified attack

End of Sep, 2016

100,000 malicious endpoints1.2 Tbps (TBV)*3

Bringing down sites like Twitter, Spotify, Netflix, Amazon and Reddit*4

Oct 21, 2016

Krebs site was hit by largest DDoS attack in history peaking 665 Gbps and 143MppsSep 21, 2016*8

Executed through customers'

infected webcams & routers*5

Oct 22 & 24*6, 2016

IoT-Enabled DDoS AttacksThreaten the InfrastructureEven for CSPs

3

New attack vectors New attack tactics

• Many IoT devices

• Many insecure devices

• High spread of infection

• Easy to create massive attack

• Massive

• Short-lived

• Out-going attacks

Who is Allot?

Allot (NASDAQ, TASE: ALLT) delivers network intelligence, policy control, and security solutions to help service providers and enterprise increase productivity, protect and improve user quality of

experience.

4

Allot at a Glance

5

Regional Headquarters

Sales & Support Offices

R&D Centers

Public company (NASDAQ, TASE: ALLT)

20Y deployment experience

24x7 follow-the-sun support

100+ countries

3000+ Enterprise customers

1B+ end users

Powering 5 of top 10 mobile CSPs

#1 provider of SECaaS in Europe

Protecting >15M subscribers

Allot Delivers Solutions Across Six Domains

Network Intelligence

Policy Control Traffic Management

DDoS Protection Web Security VAS Delivery

6

Allot is a well recognized security vendor

7

2016 Next-gen Infrastructure Security ReportDDoS Mitigation Global Market Analysis

Allot DDoS Protection Deployments Worldwide

8

Panama

Portugal

Canada

Canada

Israel

Kenya

Namibia

Australia

India

Belgium

France

Russia

USA

Kazhakstan

South Africa

Spain

Nigeria

Fiji

Thailand

Allot Proprietary & Confidential 2017

9

How can you protect your network against IoT attacks?

3 IoT Challenges

10

Lack of IoTVisibility

Limited IoTControl

Increases the Attack Surface

Allot Proprietary & Confidential 2017

11

Visibility & Control

Identify devices, Protocols and control their behavior

Security

Protect IoTnetwork from inbound and outbound attacks

Differentiation

Implement value based models that work

Allot Core Technologies Meet IoT Challenges

Allot IoT Defense Multi Layer Approach

12

• STOP INCOMING DDOS

• TRAFFIC THROTTLING

• PREVENT INFECTION

Service provider network

Incoming Attack

Infected IoTdevices

• TRAFFIC THROTTLING

• BLOCK OUTBOUND DDOS

Outgoing Attack

Infected bots

Allot Solution

1

2

3

1

Allot Solution

2

• ISOLATES BOTNETS3

Allot IoT Solution In Action

IoTManagement

Cloud

13

Access Network

New Device Connects to the Network

1

• Identify device type• Behavioral analysis• Anomaly detection• Capacity Planning

Device usage is monitored4 Device Usage stats are being reported

5

Infected Device is disabled

7

Device is discovered and classified

2

Device policy is automatically applied

• Accepted behavior • White listing • Filtering• Monitoring• Deactivation

3

Abnormal activity is Alerted

6

• Provisioning info (IMEI, TAC, APN)

• Traffic Patterns

• Usage by APN• Thresholds• SLA / KPI

Allot SG

• Device is quarantined

Acceptable Usage Policies

14

• Group IoT traffic by:• Source/Destination IP addresses / Domains APN

• IMEI

• VLAN

• Type of protocols and applications permitted for communication

• Time of day/ day of week for when the communication is allowed

• Number of new connections /amount of BW permitted

Prevent Infection with Carrier Grade Antimalware Platform

15

Leading Anti-Virus technology from McAfee, Kaspersky Lab, Sophos and Bitdefender

Detects and blocks malware and C&C websites

High scale, multi tenant platform

Every two hours updated to protect against new threats

Multi-Engine solution: Independent detection of each Antivirus Engine

Infrastructure Protection

16

20 Gbps of UDP Fragmented Attack20 Gbps

During Detection & Mitigation

20 Gbps of UDP Fragmented Attack9.99 GbpsMAX

DNS

BGP

9.99 Gbps

During Detection& Mitigation

Allot Service Gateway

FirewallCapacity: 10 Gbps

FirewallCapacity: 10 Gbps

Other Solutions

Security Threats Reporting

17

18

IoT Security as a Service

Allot Security Solutions for CSPs

Differentiated Scalable Fast Delivery

• Per-tenant Acceptable Use Policy• Per-tenant visibility and reporting• Per-tenant application control

• Works with any device• Millions of Tenants• On-premise and cloud

deployment options

• Easy to acquire• Simple to use and personalize• Hassle-free maintenance• Simple self management of user

profiles and user groups

19

Protecting End Customers Globally

Over 15,000,000 protected!

21

Allot IoT SG

MobileCore Network

Managing and Monitoring IoT Customers

Enterprise 2 User

Enterprise 1 User

Multi Tenant Platform

BSS/MSS/DCNnetwork

Bearer network

Internet of things CSP Portal Allot unified management and reporting

22

Case Studies

The Results Speak for ThemselvesExample: Vodafone Spain

“Currently 4.3 million customers of Vodafone Spain have on their mobile devices with the Secure Net service, which blocks the download of viruses and other harmful software and prevents access to unsafe websites.”

“Vodafone Spain, through its service to protect the devices connected to its mobile network Secure Net, managed to avoid more than 196 million threats of malicious virus (malware) in 2016, which means an average of about 46 attacks per client, According to the operator in a statement”

“In this regard, says that customers who have Vodafone Secure Net installed on their computer or Mac with the updated operating system are protected against the ransomware WannaCry, which last Friday attacked many companies around the world”

Vodafone Spain has crossed the 40% uptake of the Secure Net Service

Selling through Allot multiservice platform for increased profitability

CHALLENGE

Increase profitability and acquire high value customers.

SOLUTION

Telcoinabox is Australia’s largest and longest-running telecom wholesaler, with over 200 service providers as part of its group. It provides network services, end-user billing, payment processing and support to carriers, ISPs and virtual operators.

• Allot ServiceProtector delivered an effective real-time DDoS protection and anti-bot containment.

“By keeping DDoS traffic off the network and managing CMTS congestion precisely where it occurs, we have been able to delay infrastructure expansion by 2 years and to save millions.”

BENEFITS

• Customer acquisition

• Increased profitability

• Simple deployment, low opex

• Multiple VAS from a single vendor

Telcoinabox

Australia

TELECOMS WHOLESALER

“By deploying Allot multiservice platform we were able to offer greater value to our customers and attract larger businesses and service providers who cared about SLA and services for their customers.” Ahad Aboss, Telcoinabox Architect

24 Allot Proprietary and Confidential 2017

Managing Mission Critical First - Vending Machines

25

CHALLENGE

Customer wanted to ensure vending machine service during network load times.

SOLUTIONMVNO

JapanAllot traffic management allowed prioritizing the communication from the vending machines to assure commercial transactions complete in a timely manner and operation message reliable arrive to the maintenance servers.

Managing and Monitoring IoT Customers

26

CHALLENGE

Build a portal for managing and controlling the entire lifecycle of its IoT customers running on the same 3G mobile consumers network.

SOLUTION

“By keeping DDoS traffic off the network and managing CMTS congestion precisely where it occurs, we have been able to delay infrastructure expansion by 2 years and to save millions.”

BENEFITS

• Stop revenue leakage

• Visibility to IoTdevice usage

• Network security

MOBILE OPERATOR

China

• Allot Analytics delivered IoT device usage statistics and alerted upon abnormal behavior all of which were fully integrated to the IoT portal and terminal display.

• Allot Service Gateway, allowed validating device traffic and access and prevent potential misuse.

• Network-based, Seamless integration, no client software

• Comprehensive, multi layered IoT security Solution

• Scalable to a large number of IoT devices

• Actionable, alerting anomalous device behavior & misuse

• Deep analytics

• Revenue generating, available AS-A-SERVICE

Allot’s IoT Defense Solution: Unique Value Proposition

27

Allot has the Solutions and Know-how

28

Partner with Allot.Meet IoT Security Challenges.

THANK

Find out how Allot can help YOUR business to become a leading Digital Lifestyle Provider

Email info@allot.com

Uwww.allot.com

29