Preparing for the Imminent Terabit DDoS Attack

  • Published on
    26-Jan-2015

  • View
    103

  • Download
    1

Embed Size (px)

DESCRIPTION

With the rapid growth of volumetric DDoS threats, even the largest networks, equipped with carrier grade hardware and with huge amounts of bandwidth at their disposal, are at risk of being taken down by a large DDoS attack. Volumetric DDoS threats are leading many financial institutions, service providers, and other large organizations on a search for solutions that can scale DDoS protection beyond their existing network capabilities, and into the Terabit level. Learn: - Expected trends in the evolving DDoS landscape over the next 12-36 months - Important considerations when selecting your DDoS protection technology - How to prepare your organization to detect and respond to a DDoS attack

Transcript

<ul><li> 1. 2014 Imperva, Inc. All rights reserved. Preparing for the Imminent Terabit DDoS Attack Confidential1 Orion Cassetto, Sr. Product Marketing Manager, Incapsula </li></ul> <p> 2. 2014 Imperva, Inc. All rights reserved. Agenda Confidential2 Network DDoS trends Is a Terabit DDoS attack imminent? Attributes of a DDoS-resilient network Infrastructure and DNS protection 3. 2014 Imperva, Inc. All rights reserved. Incapsula, An Imperva Company Confidential3 Founded in 2009 by a group of security industry veterans with strong expertise in web application security, online safety, and identity theft Spun out of, and subsequently, acquired by Imperva Cloud-based solution includes Enterprise-grade Website Security PCI-certified Web Application Firewall DDoS Protection Load Balancing &amp; Failover All fully integrated on top of our global CDN 4. 2014 Imperva, Inc. All rights reserved.4 Product Marketing Manager for Incapsula Previously held product marketing positions at Imperva and Armorize Technologies Experienced in Web app security and SaaS security solutions Holds degrees in Asian Studies and Chinese Language from Washington State University Orion Cassetto Sr. Product Marketing Manager, Incapsula Confidential 5. 2014 Imperva, Inc. All rights reserved. DDoS Landscape Attacks Getting Bigger Confidential5 6. 2014 Imperva, Inc. All rights reserved. Average DDoS Attack Sizes Are Growing Not only are big attacks getting bigger, average attack sizes are also growing in 2013 the mean attack size was 10Gbps. Source: 2014 Verizon Data Breach Investigation Report 6 Confidential 7. 2014 Imperva, Inc. All rights reserved. Where Do We Stand Today? 34% 66% =10Gbps Twothirdsofa1acksexceed10Gbps Morethan13%exceed40Gbps 7 Confidential 8. 2014 Imperva, Inc. All rights reserved. Its Not All Bandwidth Morethan25%ofa1acksexceed10Mpps MostIPS/IDSwillcrashat5Mpps 8 Confidential 9. 2014 Imperva, Inc. All rights reserved. Recent Campaigns / SaaS Applications 9 Confidential 10. 2014 Imperva, Inc. All rights reserved. Recent Campaigns / DNS Providers 10 Confidential 11. 2014 Imperva, Inc. All rights reserved. How Are Attackers Reaching These Numbers? Are botnets becoming bigger? No, according to www.shadowserver.org Are there more open DNS resolvers? No, the number is actually declining according to www.openresolverproject.org Are there more open NTP servers? Probably not, www.openntpproject.org So what is it then? 11 Confidential 12. 2014 Imperva, Inc. All rights reserved. They are using bigger guns Exampleofa4Mppsa1ack Lessthan30IPsaregeneraIngmorethan99%ofthetrac 12 Confidential How Are Attackers Reaching These Numbers? 13. 2014 Imperva, Inc. All rights reserved. What Can We Learn From All This? The stronger the Internet becomes, the stronger the attacks The largest attacks use a small set of super resources rather than a large set of weak resources Attacks will far exceed a single networks capacity Can we expect a 1Tbps+ attack within the next 12-36 months? 13 Confidential 14. 2014 Imperva, Inc. All rights reserved. A DDoS Resilient Network Scalablearchitecture Scalablebusinessmodel =Cloud Dierentassetsneed dierentprotecIon (FTP!=HTTP!=DNS) Youcantdefendyourself fromwhatyoudontsee Reactquicklytopreservethe falseposiIvetofalsenegaIve balance In depth protection Visibility Rapid response Capacity scale 14 Confidential 15. 2014 Imperva, Inc. All rights reserved. Threats Facing Various Online Services TCP / UDP SSH FTP DNS Application data HTTP Advancedpersistentthreats(APT) SQLinjecIon DNSquerya1ack POSTood SYNood DNSamplicaIon NTPamplicaIon DirectIPa1acks 15 Confidential 16. 2014 Imperva, Inc. All rights reserved. Incapsula DDoS Protection TCP / UDP SSH FTP DNS Application data HTTP IncapsulaWeb ApplicaIonFirewall IncapsulaApplicaIonprotecIon IncapsulaDNSprotecIon IncapsulaInfrastructure protecIon 16 Confidential 17. 2014 Imperva, Inc. All rights reserved. Incapsula Application Protection Always On / On Demand Protect HTTP/S Applications Layer 3&amp;4 and also Layer 7 17 Confidential 18. 2014 Imperva, Inc. All rights reserved. Incapsula DNS Protection - NEW Always On Service Protect DNS servers Prevent Blacklisting 18 Confidential 19. 2014 Imperva, Inc. All rights reserved. Incapsula Infrastructure Protection - NEW On Demand Service Protect all services and protocols Protect entire IP ranges Layer 3&amp;4 (Network) 19 Confidential 20. 2014 Imperva, Inc. All rights reserved. Scaling BGP IP ranges are announced in Anycast 20 Confidential 21. 2014 Imperva, Inc. All rights reserved. Imperva Positioned as a Magic Quadrant Leader Confidential Gartner Magic Quadrant for Web Application Firewalls by Jeremy D'Hoinne, Adam Hils, Greg Young, Joseph Feiman, 17 June 2014. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 21 22. 2014 Imperva, Inc. All rights reserved. Webinar Materials 22 Join Imperva LinkedIn Group, Imperva Data Security Direct, for Confidential Post-Webinar Discussions Answers to Attendee Questions Webinar Recording Link Join Group 23. 2014 Imperva, Inc. All rights reserved. Confidential23 Questions? www.imperva.com 24. 2014 Imperva, Inc. All rights reserved. Confidential24 Thank You </p>